kallithea Changeset - 9b92cf5a0cca

Changeset - 9b92cf5a0cca

Parent rev.

Child rev.

[Not reviewed]

beta

0 19 2

Marcin Kuzminski - 13 years ago 2012-12-30 23:06:03
marcin@python-works.com

Added UserIpMap interface for allowed IP addresses and IP restriction access
ref #264 IP restriction for users and user groups

21 files changed with 2369 insertions and 40 deletions:

rhodecode/__init__.py

rhodecode/config/routing.py

rhodecode/controllers/admin/permissions.py

rhodecode/controllers/admin/users.py

rhodecode/controllers/api/__init__.py

rhodecode/controllers/api/api.py

rhodecode/lib/auth.py

rhodecode/lib/base.py

rhodecode/lib/db_manage.py

rhodecode/lib/dbmigrate/versions/010_version_1_5_2.py

rhodecode/lib/helpers.py

rhodecode/lib/ipaddr.py

1901

rhodecode/lib/middleware/simplegit.py

rhodecode/lib/middleware/simplehg.py

rhodecode/model/db.py

rhodecode/model/forms.py

rhodecode/model/user.py

rhodecode/model/validators.py

rhodecode/public/css/style.css

rhodecode/templates/admin/permissions/permissions.html

119

rhodecode/templates/admin/users/user_edit.html

0 comments (0 inline, 0 general)

rhodecode/__init__.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.__init__
     ~~~~~~~~~~~~~~~~~~
     RhodeCode, a web based repository management based on pylons
     versioning implementation: http://www.python.org/dev/peps/pep-0386/
     :created_on: Apr 9, 2010
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import sys
 import platform
 VERSION = (1, 5, 2, 'b')
 try:
     from rhodecode.lib import get_current_revision
     _rev = get_current_revision()
     if _rev and len(VERSION) > 3:
         VERSION += ('dev%s' % _rev[0],)
 except ImportError:
     pass
 __version__ = ('.'.join((str(each) for each in VERSION[:3])) +
                '.'.join(VERSION[3:]))
-__dbversion__ = 9  # defines current db version for migrations
+__dbversion__ = 10  # defines current db version for migrations
 __platform__ = platform.system()
 __license__ = 'GPLv3'
 __py_version__ = sys.version_info
 __author__ = 'Marcin Kuzminski'
 __url__ = 'http://rhodecode.org'
 PLATFORM_WIN = ('Windows')
 PLATFORM_OTHERS = ('Linux', 'Darwin', 'FreeBSD', 'OpenBSD', 'SunOS') #depracated
 is_windows = __platform__ in PLATFORM_WIN
 is_unix = not is_windows
 BACKENDS = {
     'hg': 'Mercurial repository',
     'git': 'Git repository',
+}
 CELERY_ON = False
 CELERY_EAGER = False
 # link to config for pylons
 CONFIG = {}
 # Linked module for extensions
 EXTENSIONS = {}

rhodecode/config/routing.py

➞

Show inline comments

 """
 Routes configuration
 The more specific and detailed routes should be defined first so they
 may take precedent over the more generic routes. For more information
 refer to the routes manual at http://routes.groovie.org/docs/
 """
 from __future__ import with_statement
 from routes import Mapper
 # prefix for non repository related links needs to be prefixed with `/`
 ADMIN_PREFIX = '/_admin'
 def make_map(config):
     """Create, configure and return the routes Mapper"""
     rmap = Mapper(directory=config['pylons.paths']['controllers'],
                  always_scan=config['debug'])
     rmap.minimization = False
     rmap.explicit = False
     from rhodecode.lib.utils import is_valid_repo
     from rhodecode.lib.utils import is_valid_repos_group
     def check_repo(environ, match_dict):
         """
         check for valid repository for proper 404 handling
         :param environ:
         :param match_dict:
         """
         from rhodecode.model.db import Repository
         repo_name = match_dict.get('repo_name')
         if match_dict.get('f_path'):
             #fix for multiple initial slashes that causes errors
             match_dict['f_path'] = match_dict['f_path'].lstrip('/')
         try:
             by_id = repo_name.split('_')
             if len(by_id) == 2 and by_id[1].isdigit() and by_id[0] == '':
                 repo_name = Repository.get(by_id[1]).repo_name
                 match_dict['repo_name'] = repo_name
         except:
             pass
         return is_valid_repo(repo_name, config['base_path'])
     def check_group(environ, match_dict):
         """
         check for valid repositories group for proper 404 handling
         :param environ:
         :param match_dict:
         """
         repos_group_name = match_dict.get('group_name')
         return is_valid_repos_group(repos_group_name, config['base_path'])
     def check_int(environ, match_dict):
         return match_dict.get('id').isdigit()
     # The ErrorController route (handles 404/500 error pages); it should
     # likely stay at the top, ensuring it can always be resolved
     rmap.connect('/error/{action}', controller='error')
     rmap.connect('/error/{action}/{id}', controller='error')
     #==========================================================================
     # CUSTOM ROUTES HERE
     #==========================================================================
     #MAIN PAGE
     rmap.connect('home', '/', controller='home', action='index')
     rmap.connect('repo_switcher', '/repos', controller='home',
                  action='repo_switcher')
     rmap.connect('branch_tag_switcher', '/branches-tags/{repo_name:.*?}',
                  controller='home', action='branch_tag_switcher')
     rmap.connect('bugtracker',
                  "http://bitbucket.org/marcinkuzminski/rhodecode/issues",
                  _static=True)
     rmap.connect('rst_help',
                  "http://docutils.sourceforge.net/docs/user/rst/quickref.html",
                  _static=True)
     rmap.connect('rhodecode_official', "http://rhodecode.org", _static=True)
     #ADMIN REPOSITORY REST ROUTES
     with rmap.submapper(path_prefix=ADMIN_PREFIX,
                         controller='admin/repos') as m:
         m.connect("repos", "/repos",
              action="create", conditions=dict(method=["POST"]))
         m.connect("repos", "/repos",
              action="index", conditions=dict(method=["GET"]))
         m.connect("formatted_repos", "/repos.{format}",
              action="index",
             conditions=dict(method=["GET"]))
         m.connect("new_repo", "/repos/new",
              action="new", conditions=dict(method=["GET"]))
         m.connect("formatted_new_repo", "/repos/new.{format}",
              action="new", conditions=dict(method=["GET"]))
         m.connect("/repos/{repo_name:.*?}",
              action="update", conditions=dict(method=["PUT"],
                                               function=check_repo))
         m.connect("/repos/{repo_name:.*?}",
              action="delete", conditions=dict(method=["DELETE"],
                                               function=check_repo))
         m.connect("edit_repo", "/repos/{repo_name:.*?}/edit",
              action="edit", conditions=dict(method=["GET"],
                                             function=check_repo))
         m.connect("formatted_edit_repo", "/repos/{repo_name:.*?}.{format}/edit",
              action="edit", conditions=dict(method=["GET"],
                                             function=check_repo))
         m.connect("repo", "/repos/{repo_name:.*?}",
              action="show", conditions=dict(method=["GET"],
                                             function=check_repo))
         m.connect("formatted_repo", "/repos/{repo_name:.*?}.{format}",
              action="show", conditions=dict(method=["GET"],
                                             function=check_repo))
         #ajax delete repo perm user
         m.connect('delete_repo_user', "/repos_delete_user/{repo_name:.*?}",
              action="delete_perm_user",
              conditions=dict(method=["DELETE"], function=check_repo))
         #ajax delete repo perm users_group
         m.connect('delete_repo_users_group',
                   "/repos_delete_users_group/{repo_name:.*?}",
                   action="delete_perm_users_group",
                   conditions=dict(method=["DELETE"], function=check_repo))
         #settings actions
         m.connect('repo_stats', "/repos_stats/{repo_name:.*?}",
                   action="repo_stats", conditions=dict(method=["DELETE"],
                                                        function=check_repo))
         m.connect('repo_cache', "/repos_cache/{repo_name:.*?}",
                   action="repo_cache", conditions=dict(method=["DELETE"],
                                                        function=check_repo))
         m.connect('repo_public_journal', "/repos_public_journal/{repo_name:.*?}",
                   action="repo_public_journal", conditions=dict(method=["PUT"],
                                                         function=check_repo))
         m.connect('repo_pull', "/repo_pull/{repo_name:.*?}",
                   action="repo_pull", conditions=dict(method=["PUT"],
                                                       function=check_repo))
         m.connect('repo_as_fork', "/repo_as_fork/{repo_name:.*?}",
                   action="repo_as_fork", conditions=dict(method=["PUT"],
                                                       function=check_repo))
         m.connect('repo_locking', "/repo_locking/{repo_name:.*?}",
                   action="repo_locking", conditions=dict(method=["PUT"],
                                                       function=check_repo))
     with rmap.submapper(path_prefix=ADMIN_PREFIX,
                         controller='admin/repos_groups') as m:
         m.connect("repos_groups", "/repos_groups",
                   action="create", conditions=dict(method=["POST"]))
         m.connect("repos_groups", "/repos_groups",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("formatted_repos_groups", "/repos_groups.{format}",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("new_repos_group", "/repos_groups/new",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("formatted_new_repos_group", "/repos_groups/new.{format}",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("update_repos_group", "/repos_groups/{id}",
                   action="update", conditions=dict(method=["PUT"],
                                                    function=check_int))
         m.connect("delete_repos_group", "/repos_groups/{id}",
                   action="delete", conditions=dict(method=["DELETE"],
                                                    function=check_int))
         m.connect("edit_repos_group", "/repos_groups/{id:.*?}/edit",
                   action="edit", conditions=dict(method=["GET"],))
         m.connect("formatted_edit_repos_group",
                   "/repos_groups/{id}.{format}/edit",
                   action="edit", conditions=dict(method=["GET"],
                                                  function=check_int))
         m.connect("repos_group", "/repos_groups/{id}",
                   action="show", conditions=dict(method=["GET"],
                                                  function=check_int))
         m.connect("formatted_repos_group", "/repos_groups/{id}.{format}",
                   action="show", conditions=dict(method=["GET"],
                                                  function=check_int))
         # ajax delete repos group perm user
         m.connect('delete_repos_group_user_perm',
                   "/delete_repos_group_user_perm/{group_name:.*}",
              action="delete_repos_group_user_perm",
              conditions=dict(method=["DELETE"], function=check_group))
         # ajax delete repos group perm users_group
         m.connect('delete_repos_group_users_group_perm',
                   "/delete_repos_group_users_group_perm/{group_name:.*}",
                   action="delete_repos_group_users_group_perm",
                   conditions=dict(method=["DELETE"], function=check_group))
     #ADMIN USER REST ROUTES
     with rmap.submapper(path_prefix=ADMIN_PREFIX,
                         controller='admin/users') as m:
         m.connect("users", "/users",
                   action="create", conditions=dict(method=["POST"]))
         m.connect("users", "/users",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("formatted_users", "/users.{format}",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("new_user", "/users/new",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("formatted_new_user", "/users/new.{format}",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("update_user", "/users/{id}",
                   action="update", conditions=dict(method=["PUT"]))
         m.connect("delete_user", "/users/{id}",
                   action="delete", conditions=dict(method=["DELETE"]))
         m.connect("edit_user", "/users/{id}/edit",
                   action="edit", conditions=dict(method=["GET"]))
         m.connect("formatted_edit_user",
                   "/users/{id}.{format}/edit",
                   action="edit", conditions=dict(method=["GET"]))
         m.connect("user", "/users/{id}",
                   action="show", conditions=dict(method=["GET"]))
         m.connect("formatted_user", "/users/{id}.{format}",
                   action="show", conditions=dict(method=["GET"]))
         #EXTRAS USER ROUTES
         m.connect("user_perm", "/users_perm/{id}",
                   action="update_perm", conditions=dict(method=["PUT"]))
         m.connect("user_emails", "/users_emails/{id}",
                   action="add_email", conditions=dict(method=["PUT"]))
         m.connect("user_emails_delete", "/users_emails/{id}",
                   action="delete_email", conditions=dict(method=["DELETE"]))
         m.connect("user_ips", "/users_ips/{id}",
                   action="add_ip", conditions=dict(method=["PUT"]))
         m.connect("user_ips_delete", "/users_ips/{id}",
                   action="delete_ip", conditions=dict(method=["DELETE"]))
     #ADMIN USERS GROUPS REST ROUTES
     with rmap.submapper(path_prefix=ADMIN_PREFIX,
                         controller='admin/users_groups') as m:
         m.connect("users_groups", "/users_groups",
                   action="create", conditions=dict(method=["POST"]))
         m.connect("users_groups", "/users_groups",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("formatted_users_groups", "/users_groups.{format}",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("new_users_group", "/users_groups/new",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("formatted_new_users_group", "/users_groups/new.{format}",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("update_users_group", "/users_groups/{id}",
                   action="update", conditions=dict(method=["PUT"]))
         m.connect("delete_users_group", "/users_groups/{id}",
                   action="delete", conditions=dict(method=["DELETE"]))
         m.connect("edit_users_group", "/users_groups/{id}/edit",
                   action="edit", conditions=dict(method=["GET"]))
         m.connect("formatted_edit_users_group",
                   "/users_groups/{id}.{format}/edit",
                   action="edit", conditions=dict(method=["GET"]))
         m.connect("users_group", "/users_groups/{id}",
                   action="show", conditions=dict(method=["GET"]))
         m.connect("formatted_users_group", "/users_groups/{id}.{format}",
                   action="show", conditions=dict(method=["GET"]))
         #EXTRAS USER ROUTES
         m.connect("users_group_perm", "/users_groups_perm/{id}",
                   action="update_perm", conditions=dict(method=["PUT"]))
     #ADMIN GROUP REST ROUTES
     rmap.resource('group', 'groups',
                   controller='admin/groups', path_prefix=ADMIN_PREFIX)
     #ADMIN PERMISSIONS REST ROUTES
     rmap.resource('permission', 'permissions',
                   controller='admin/permissions', path_prefix=ADMIN_PREFIX)
     #ADMIN DEFAULTS REST ROUTES
     rmap.resource('default', 'defaults',
                   controller='admin/defaults', path_prefix=ADMIN_PREFIX)
     ##ADMIN LDAP SETTINGS
     rmap.connect('ldap_settings', '%s/ldap' % ADMIN_PREFIX,
                  controller='admin/ldap_settings', action='ldap_settings',
                  conditions=dict(method=["POST"]))
     rmap.connect('ldap_home', '%s/ldap' % ADMIN_PREFIX,
                  controller='admin/ldap_settings')
     #ADMIN SETTINGS REST ROUTES
     with rmap.submapper(path_prefix=ADMIN_PREFIX,
                         controller='admin/settings') as m:
         m.connect("admin_settings", "/settings",
                   action="create", conditions=dict(method=["POST"]))
         m.connect("admin_settings", "/settings",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("formatted_admin_settings", "/settings.{format}",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("admin_new_setting", "/settings/new",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("formatted_admin_new_setting", "/settings/new.{format}",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("/settings/{setting_id}",
                   action="update", conditions=dict(method=["PUT"]))
         m.connect("/settings/{setting_id}",
                   action="delete", conditions=dict(method=["DELETE"]))
         m.connect("admin_edit_setting", "/settings/{setting_id}/edit",
                   action="edit", conditions=dict(method=["GET"]))
         m.connect("formatted_admin_edit_setting",
                   "/settings/{setting_id}.{format}/edit",
                   action="edit", conditions=dict(method=["GET"]))
         m.connect("admin_setting", "/settings/{setting_id}",
                   action="show", conditions=dict(method=["GET"]))
         m.connect("formatted_admin_setting", "/settings/{setting_id}.{format}",
                   action="show", conditions=dict(method=["GET"]))
         m.connect("admin_settings_my_account", "/my_account",
                   action="my_account", conditions=dict(method=["GET"]))
         m.connect("admin_settings_my_account_update", "/my_account_update",
                   action="my_account_update", conditions=dict(method=["PUT"]))
         m.connect("admin_settings_create_repository", "/create_repository",
                   action="create_repository", conditions=dict(method=["GET"]))
         m.connect("admin_settings_my_repos", "/my_account/repos",
                   action="my_account_my_repos", conditions=dict(method=["GET"]))
         m.connect("admin_settings_my_pullrequests", "/my_account/pull_requests",
                   action="my_account_my_pullrequests", conditions=dict(method=["GET"]))
     #NOTIFICATION REST ROUTES
     with rmap.submapper(path_prefix=ADMIN_PREFIX,
                         controller='admin/notifications') as m:
         m.connect("notifications", "/notifications",
                   action="create", conditions=dict(method=["POST"]))
         m.connect("notifications", "/notifications",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("notifications_mark_all_read", "/notifications/mark_all_read",
                   action="mark_all_read", conditions=dict(method=["GET"]))
         m.connect("formatted_notifications", "/notifications.{format}",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("new_notification", "/notifications/new",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("formatted_new_notification", "/notifications/new.{format}",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("/notification/{notification_id}",
                   action="update", conditions=dict(method=["PUT"]))
         m.connect("/notification/{notification_id}",
                   action="delete", conditions=dict(method=["DELETE"]))
         m.connect("edit_notification", "/notification/{notification_id}/edit",
                   action="edit", conditions=dict(method=["GET"]))
         m.connect("formatted_edit_notification",
                   "/notification/{notification_id}.{format}/edit",
                   action="edit", conditions=dict(method=["GET"]))
         m.connect("notification", "/notification/{notification_id}",
                   action="show", conditions=dict(method=["GET"]))
         m.connect("formatted_notification", "/notifications/{notification_id}.{format}",
                   action="show", conditions=dict(method=["GET"]))
     #ADMIN MAIN PAGES
     with rmap.submapper(path_prefix=ADMIN_PREFIX,
                         controller='admin/admin') as m:
         m.connect('admin_home', '', action='index')
         m.connect('admin_add_repo', '/add_repo/{new_repo:[a-z0-9\. _-]*}',
                   action='add_repo')
     #==========================================================================
     # API V2
     #==========================================================================
     with rmap.submapper(path_prefix=ADMIN_PREFIX,
                         controller='api/api') as m:
         m.connect('api', '/api')
     #USER JOURNAL
     rmap.connect('journal_my_repos', '%s/journal_my_repos' % ADMIN_PREFIX,
                  controller='journal', action='index_my_repos')
     rmap.connect('journal', '%s/journal' % ADMIN_PREFIX,
                  controller='journal', action='index')
     rmap.connect('journal_rss', '%s/journal/rss' % ADMIN_PREFIX,
                  controller='journal', action='journal_rss')
     rmap.connect('journal_atom', '%s/journal/atom' % ADMIN_PREFIX,
                  controller='journal', action='journal_atom')
     rmap.connect('public_journal', '%s/public_journal' % ADMIN_PREFIX,
                  controller='journal', action="public_journal")
     rmap.connect('public_journal_rss', '%s/public_journal/rss' % ADMIN_PREFIX,
                  controller='journal', action="public_journal_rss")
     rmap.connect('public_journal_rss_old', '%s/public_journal_rss' % ADMIN_PREFIX,
                  controller='journal', action="public_journal_rss")
     rmap.connect('public_journal_atom',
                  '%s/public_journal/atom' % ADMIN_PREFIX, controller='journal',
                  action="public_journal_atom")
     rmap.connect('public_journal_atom_old',
                  '%s/public_journal_atom' % ADMIN_PREFIX, controller='journal',
                  action="public_journal_atom")
     rmap.connect('toggle_following', '%s/toggle_following' % ADMIN_PREFIX,
                  controller='journal', action='toggle_following',
                  conditions=dict(method=["POST"]))
     #SEARCH
     rmap.connect('search', '%s/search' % ADMIN_PREFIX, controller='search',)
     rmap.connect('search_repo', '%s/search/{search_repo:.*}' % ADMIN_PREFIX,
                   controller='search')
     #LOGIN/LOGOUT/REGISTER/SIGN IN
     rmap.connect('login_home', '%s/login' % ADMIN_PREFIX, controller='login')
     rmap.connect('logout_home', '%s/logout' % ADMIN_PREFIX, controller='login',
                  action='logout')
     rmap.connect('register', '%s/register' % ADMIN_PREFIX, controller='login',
                  action='register')
     rmap.connect('reset_password', '%s/password_reset' % ADMIN_PREFIX,
                  controller='login', action='password_reset')
     rmap.connect('reset_password_confirmation',
                  '%s/password_reset_confirmation' % ADMIN_PREFIX,
                  controller='login', action='password_reset_confirmation')
     #FEEDS
     rmap.connect('rss_feed_home', '/{repo_name:.*?}/feed/rss',
                 controller='feed', action='rss',
                 conditions=dict(function=check_repo))
     rmap.connect('atom_feed_home', '/{repo_name:.*?}/feed/atom',
                 controller='feed', action='atom',
                 conditions=dict(function=check_repo))
     #==========================================================================
     # REPOSITORY ROUTES
     #==========================================================================
     rmap.connect('summary_home', '/{repo_name:.*?}',
                 controller='summary',
                 conditions=dict(function=check_repo))
     rmap.connect('repos_group_home', '/{group_name:.*}',
                 controller='admin/repos_groups', action="show_by_name",
                 conditions=dict(function=check_group))
     rmap.connect('changeset_home', '/{repo_name:.*?}/changeset/{revision}',
                 controller='changeset', revision='tip',
                 conditions=dict(function=check_repo))
     #still working url for backward compat.
     rmap.connect('raw_changeset_home_depraced',
                  '/{repo_name:.*?}/raw-changeset/{revision}',
                  controller='changeset', action='changeset_raw',
                  revision='tip', conditions=dict(function=check_repo))
     ## new URLs
     rmap.connect('changeset_raw_home',
                  '/{repo_name:.*?}/changeset-diff/{revision}',
                  controller='changeset', action='changeset_raw',
                  revision='tip', conditions=dict(function=check_repo))
     rmap.connect('changeset_patch_home',
                  '/{repo_name:.*?}/changeset-patch/{revision}',
                  controller='changeset', action='changeset_patch',
                  revision='tip', conditions=dict(function=check_repo))
     rmap.connect('changeset_download_home',
                  '/{repo_name:.*?}/changeset-download/{revision}',
                  controller='changeset', action='changeset_download',
                  revision='tip', conditions=dict(function=check_repo))
     rmap.connect('changeset_comment',
                  '/{repo_name:.*?}/changeset/{revision}/comment',
                 controller='changeset', revision='tip', action='comment',
                 conditions=dict(function=check_repo))
     rmap.connect('changeset_comment_delete',
                  '/{repo_name:.*?}/changeset/comment/{comment_id}/delete',
                 controller='changeset', action='delete_comment',
                 conditions=dict(function=check_repo, method=["DELETE"]))
     rmap.connect('changeset_info', '/changeset_info/{repo_name:.*?}/{revision}',
                  controller='changeset', action='changeset_info')
     rmap.connect('compare_url',
                  '/{repo_name:.*?}/compare/{org_ref_type}@{org_ref:.*?}...{other_ref_type}@{other_ref:.*?}',
                  controller='compare', action='index',
                  conditions=dict(function=check_repo),
                  requirements=dict(
                             org_ref_type='(branch|book|tag|rev|org_ref_type)',
                             other_ref_type='(branch|book|tag|rev|other_ref_type)')
+                 )
     rmap.connect('pullrequest_home',
                  '/{repo_name:.*?}/pull-request/new', controller='pullrequests',
                  action='index', conditions=dict(function=check_repo,
                                                  method=["GET"]))
     rmap.connect('pullrequest',
                  '/{repo_name:.*?}/pull-request/new', controller='pullrequests',
                  action='create', conditions=dict(function=check_repo,
                                                   method=["POST"]))
     rmap.connect('pullrequest_show',
                  '/{repo_name:.*?}/pull-request/{pull_request_id}',
                  controller='pullrequests',
                  action='show', conditions=dict(function=check_repo,
                                                 method=["GET"]))
     rmap.connect('pullrequest_update',
                  '/{repo_name:.*?}/pull-request/{pull_request_id}',
                  controller='pullrequests',
                  action='update', conditions=dict(function=check_repo,
                                                 method=["PUT"]))
     rmap.connect('pullrequest_delete',
                  '/{repo_name:.*?}/pull-request/{pull_request_id}',
                  controller='pullrequests',
                  action='delete', conditions=dict(function=check_repo,
                                                 method=["DELETE"]))
     rmap.connect('pullrequest_show_all',
                  '/{repo_name:.*?}/pull-request',
                  controller='pullrequests',
                  action='show_all', conditions=dict(function=check_repo,
                                                 method=["GET"]))
     rmap.connect('pullrequest_comment',
                  '/{repo_name:.*?}/pull-request-comment/{pull_request_id}',
                  controller='pullrequests',
                  action='comment', conditions=dict(function=check_repo,
                                                 method=["POST"]))
     rmap.connect('pullrequest_comment_delete',
                  '/{repo_name:.*?}/pull-request-comment/{comment_id}/delete',
                 controller='pullrequests', action='delete_comment',
                 conditions=dict(function=check_repo, method=["DELETE"]))
     rmap.connect('summary_home', '/{repo_name:.*?}/summary',
                 controller='summary', conditions=dict(function=check_repo))
     rmap.connect('shortlog_home', '/{repo_name:.*?}/shortlog',
                 controller='shortlog', conditions=dict(function=check_repo))
     rmap.connect('shortlog_file_home', '/{repo_name:.*?}/shortlog/{revision}/{f_path:.*}',
                 controller='shortlog', f_path=None,
                 conditions=dict(function=check_repo))
     rmap.connect('branches_home', '/{repo_name:.*?}/branches',
                 controller='branches', conditions=dict(function=check_repo))
     rmap.connect('tags_home', '/{repo_name:.*?}/tags',
                 controller='tags', conditions=dict(function=check_repo))
     rmap.connect('bookmarks_home', '/{repo_name:.*?}/bookmarks',
                 controller='bookmarks', conditions=dict(function=check_repo))
     rmap.connect('changelog_home', '/{repo_name:.*?}/changelog',
                 controller='changelog', conditions=dict(function=check_repo))
     rmap.connect('changelog_details', '/{repo_name:.*?}/changelog_details/{cs}',
                 controller='changelog', action='changelog_details',
                 conditions=dict(function=check_repo))
     rmap.connect('files_home', '/{repo_name:.*?}/files/{revision}/{f_path:.*}',
                 controller='files', revision='tip', f_path='',
                 conditions=dict(function=check_repo))
     rmap.connect('files_history_home',
                  '/{repo_name:.*?}/history/{revision}/{f_path:.*}',
                  controller='files', action='history', revision='tip', f_path='',
                  conditions=dict(function=check_repo))
     rmap.connect('files_diff_home', '/{repo_name:.*?}/diff/{f_path:.*}',
                 controller='files', action='diff', revision='tip', f_path='',
                 conditions=dict(function=check_repo))
     rmap.connect('files_rawfile_home',
                  '/{repo_name:.*?}/rawfile/{revision}/{f_path:.*}',
                  controller='files', action='rawfile', revision='tip',
                  f_path='', conditions=dict(function=check_repo))
     rmap.connect('files_raw_home',
                  '/{repo_name:.*?}/raw/{revision}/{f_path:.*}',
                  controller='files', action='raw', revision='tip', f_path='',
                  conditions=dict(function=check_repo))
     rmap.connect('files_annotate_home',
                  '/{repo_name:.*?}/annotate/{revision}/{f_path:.*}',
                  controller='files', action='index', revision='tip',
                  f_path='', annotate=True, conditions=dict(function=check_repo))
     rmap.connect('files_edit_home',
                  '/{repo_name:.*?}/edit/{revision}/{f_path:.*}',
                  controller='files', action='edit', revision='tip',
                  f_path='', conditions=dict(function=check_repo))
     rmap.connect('files_add_home',
                  '/{repo_name:.*?}/add/{revision}/{f_path:.*}',
                  controller='files', action='add', revision='tip',
                  f_path='', conditions=dict(function=check_repo))
     rmap.connect('files_archive_home', '/{repo_name:.*?}/archive/{fname}',
                 controller='files', action='archivefile',
                 conditions=dict(function=check_repo))
     rmap.connect('files_nodelist_home',
                  '/{repo_name:.*?}/nodelist/{revision}/{f_path:.*}',
                 controller='files', action='nodelist',
                 conditions=dict(function=check_repo))
     rmap.connect('repo_settings_delete', '/{repo_name:.*?}/settings',
                 controller='settings', action="delete",
                 conditions=dict(method=["DELETE"], function=check_repo))
     rmap.connect('repo_settings_update', '/{repo_name:.*?}/settings',
                 controller='settings', action="update",
                 conditions=dict(method=["PUT"], function=check_repo))
     rmap.connect('repo_settings_home', '/{repo_name:.*?}/settings',
                 controller='settings', action='index',
                 conditions=dict(function=check_repo))
     rmap.connect('toggle_locking', "/{repo_name:.*?}/locking_toggle",
                  controller='settings', action="toggle_locking",
                  conditions=dict(method=["GET"], function=check_repo))
     rmap.connect('repo_fork_create_home', '/{repo_name:.*?}/fork',
                 controller='forks', action='fork_create',
                 conditions=dict(function=check_repo, method=["POST"]))
     rmap.connect('repo_fork_home', '/{repo_name:.*?}/fork',
                 controller='forks', action='fork',
                 conditions=dict(function=check_repo))
     rmap.connect('repo_forks_home', '/{repo_name:.*?}/forks',
                  controller='forks', action='forks',
                  conditions=dict(function=check_repo))
     rmap.connect('repo_followers_home', '/{repo_name:.*?}/followers',
                  controller='followers', action='followers',
                  conditions=dict(function=check_repo))
     return rmap

rhodecode/controllers/admin/permissions.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.controllers.admin.permissions
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     permissions controller for Rhodecode
     :created_on: Apr 27, 2010
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import traceback
 import formencode
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator,\
     AuthUser
 from rhodecode.lib.base import BaseController, render
 from rhodecode.model.forms import DefaultPermissionsForm
 from rhodecode.model.permission import PermissionModel
 from rhodecode.model.db import User
+from rhodecode.model.db import User, UserIpMap
 from rhodecode.model.meta import Session
 log = logging.getLogger(__name__)
 class PermissionsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('permission', 'permissions')
     @LoginRequired()
     @HasPermissionAllDecorator('hg.admin')
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(PermissionsController, self).__before__()
         self.repo_perms_choices = [('repository.none', _('None'),),
                                    ('repository.read', _('Read'),),
                                    ('repository.write', _('Write'),),
                                    ('repository.admin', _('Admin'),)]
         self.group_perms_choices = [('group.none', _('None'),),
                                     ('group.read', _('Read'),),
                                     ('group.write', _('Write'),),
                                     ('group.admin', _('Admin'),)]
         self.register_choices = [
             ('hg.register.none',
                 _('disabled')),
             ('hg.register.manual_activate',
                 _('allowed with manual account activation')),
             ('hg.register.auto_activate',
                 _('allowed with automatic account activation')), ]
         self.create_choices = [('hg.create.none', _('Disabled')),
                                ('hg.create.repository', _('Enabled'))]
         self.fork_choices = [('hg.fork.none', _('Disabled')),
                              ('hg.fork.repository', _('Enabled'))]
         # set the global template variables
         c.repo_perms_choices = self.repo_perms_choices
         c.group_perms_choices = self.group_perms_choices
         c.register_choices = self.register_choices
         c.create_choices = self.create_choices
         c.fork_choices = self.fork_choices
     def index(self, format='html'):
         """GET /permissions: All items in the collection"""
         # url('permissions')
     def create(self):
         """POST /permissions: Create a new item"""
         # url('permissions')
     def new(self, format='html'):
         """GET /permissions/new: Form to create a new item"""
         # url('new_permission')
     def update(self, id):
         """PUT /permissions/id: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('permission', id=ID),
         #           method='put')
         # url('permission', id=ID)
         if id == 'default':
             c.user = default_user = User.get_by_username('default')
             c.perm_user = AuthUser(user_id=default_user.user_id)
             c.user_ip_map = UserIpMap.query()\
                             .filter(UserIpMap.user == default_user).all()
         permission_model = PermissionModel()
         _form = DefaultPermissionsForm([x[0] for x in self.repo_perms_choices],
             _form = DefaultPermissionsForm(
                     [x[0] for x in self.repo_perms_choices],
                                        [x[0] for x in self.group_perms_choices],
                                        [x[0] for x in self.register_choices],
                                        [x[0] for x in self.create_choices],
                                        [x[0] for x in self.fork_choices])()
         try:
             form_result = _form.to_python(dict(request.POST))
             form_result.update({'perm_user_name': id})
             permission_model.update(form_result)
             Session().commit()
             h.flash(_('Default permissions updated successfully'),
                     category='success')
         except formencode.Invalid, errors:
             defaults = errors.value
             return htmlfill.render(
                 render('admin/permissions/permissions.html'),
                 defaults=defaults,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occurred during update of permissions'),
                     category='error')
         return redirect(url('edit_permission', id=id))
     def delete(self, id):
         """DELETE /permissions/id: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('permission', id=ID),
         #           method='delete')
         # url('permission', id=ID)
     def show(self, id, format='html'):
         """GET /permissions/id: Show a specific item"""
         # url('permission', id=ID)
     def edit(self, id, format='html'):
         """GET /permissions/id/edit: Form to edit an existing item"""
         #url('edit_permission', id=ID)
         #this form can only edit default user permissions
         if id == 'default':
             default_user = User.get_by_username('default')
             defaults = {'_method': 'put',
                         'anonymous': default_user.active}
             c.user = default_user = User.get_by_username('default')
             defaults = {'anonymous': default_user.active}
             c.perm_user = AuthUser(user_id=default_user.user_id)
             c.user_ip_map = UserIpMap.query()\
                             .filter(UserIpMap.user == default_user).all()
             for p in default_user.user_perms:
                 if p.permission.permission_name.startswith('repository.'):
                     defaults['default_repo_perm'] = p.permission.permission_name
                 if p.permission.permission_name.startswith('group.'):
                     defaults['default_group_perm'] = p.permission.permission_name
                 if p.permission.permission_name.startswith('hg.register.'):
                     defaults['default_register'] = p.permission.permission_name
                 if p.permission.permission_name.startswith('hg.create.'):
                     defaults['default_create'] = p.permission.permission_name
                 if p.permission.permission_name.startswith('hg.fork.'):
                     defaults['default_fork'] = p.permission.permission_name
             return htmlfill.render(
                 render('admin/permissions/permissions.html'),
                 defaults=defaults,
                 encoding="UTF-8",
-                force_defaults=True,
+                force_defaults=False
+            )
         else:
             return redirect(url('admin_home'))

rhodecode/controllers/admin/users.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.controllers.admin.users
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Users crud controller for pylons
     :created_on: Apr 4, 2010
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import traceback
 import formencode
 from pylons import response
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url, config
 from pylons.controllers.util import redirect
 from pylons.i18n.translation import _
 import rhodecode
 from rhodecode.lib.exceptions import DefaultUserException, \
     UserOwnsReposException
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     AuthUser
 from rhodecode.lib.base import BaseController, render
 from rhodecode.model.db import User, UserEmailMap
+from rhodecode.model.db import User, UserEmailMap, UserIpMap
 from rhodecode.model.forms import UserForm
 from rhodecode.model.user import UserModel
 from rhodecode.model.meta import Session
 from rhodecode.lib.utils import action_logger
 from rhodecode.lib.compat import json
 from rhodecode.lib.utils2 import datetime_to_time, str2bool
 log = logging.getLogger(__name__)
 class UsersController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('user', 'users')
     @LoginRequired()
     @HasPermissionAllDecorator('hg.admin')
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(UsersController, self).__before__()
         c.available_permissions = config['available_permissions']
     def index(self, format='html'):
         """GET /users: All items in the collection"""
         # url('users')
         c.users_list = User.query().order_by(User.username).all()
         users_data = []
         total_records = len(c.users_list)
         _tmpl_lookup = rhodecode.CONFIG['pylons.app_globals'].mako_lookup
         template = _tmpl_lookup.get_template('data_table/_dt_elements.html')
         grav_tmpl = lambda user_email, size: (
                 template.get_def("user_gravatar")
                 .render(user_email, size, _=_, h=h, c=c))
         user_lnk = lambda user_id, username: (
                 template.get_def("user_name")
                 .render(user_id, username, _=_, h=h, c=c))
         user_actions = lambda user_id, username: (
                 template.get_def("user_actions")
                 .render(user_id, username, _=_, h=h, c=c))
         for user in c.users_list:
             users_data.append({
                 "gravatar": grav_tmpl(user. email, 24),
                 "raw_username": user.username,
                 "username": user_lnk(user.user_id, user.username),
                 "firstname": user.name,
                 "lastname": user.lastname,
                 "last_login": h.fmt_date(user.last_login),
                 "last_login_raw": datetime_to_time(user.last_login),
                 "active": h.bool2icon(user.active),
                 "admin": h.bool2icon(user.admin),
                 "ldap": h.bool2icon(bool(user.ldap_dn)),
                 "action": user_actions(user.user_id, user.username),
             })
         c.data = json.dumps({
             "totalRecords": total_records,
             "startIndex": 0,
             "sort": None,
             "dir": "asc",
             "records": users_data
         })
         return render('admin/users/users.html')
     def create(self):
         """POST /users: Create a new item"""
         # url('users')
         user_model = UserModel()
         user_form = UserForm()()
         try:
             form_result = user_form.to_python(dict(request.POST))
             user_model.create(form_result)
             usr = form_result['username']
             action_logger(self.rhodecode_user, 'admin_created_user:%s' % usr,
                           None, self.ip_addr, self.sa)
             h.flash(_('created user %s') % usr,
                     category='success')
             Session().commit()
         except formencode.Invalid, errors:
             return htmlfill.render(
                 render('admin/users/user_add.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occurred during creation of user %s') \
                     % request.POST.get('username'), category='error')
         return redirect(url('users'))
     def new(self, format='html'):
         """GET /users/new: Form to create a new item"""
         # url('new_user')
         return render('admin/users/user_add.html')
     def update(self, id):
         """PUT /users/id: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('update_user', id=ID),
         #           method='put')
         # url('user', id=ID)
         user_model = UserModel()
         c.user = user_model.get(id)
         c.ldap_dn = c.user.ldap_dn
         c.perm_user = AuthUser(user_id=id)
+        c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)
         _form = UserForm(edit=True, old_data={'user_id': id,
                                               'email': c.user.email})()
         form_result = {}
         try:
             form_result = _form.to_python(dict(request.POST))
             skip_attrs = []
             if c.ldap_dn:
                 #forbid updating username for ldap accounts
                 skip_attrs = ['username']
             user_model.update(id, form_result, skip_attrs=skip_attrs)
             usr = form_result['username']
             action_logger(self.rhodecode_user, 'admin_updated_user:%s' % usr,
                           None, self.ip_addr, self.sa)
             h.flash(_('User updated successfully'), category='success')
             Session().commit()
         except formencode.Invalid, errors:
             c.user_email_map = UserEmailMap.query()\
                             .filter(UserEmailMap.user == c.user).all()
             c.user_ip_map = UserIpMap.query()\
                             .filter(UserIpMap.user == c.user).all()
             defaults = errors.value
             e = errors.error_dict or {}
             defaults.update({
                 'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'),
                 'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),
                 '_method': 'put'
             })
             return htmlfill.render(
                 render('admin/users/user_edit.html'),
                 defaults=defaults,
                 errors=e,
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occurred during update of user %s') \
                     % form_result.get('username'), category='error')
         return redirect(url('edit_user', id=id))
     def delete(self, id):
         """DELETE /users/id: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('delete_user', id=ID),
         #           method='delete')
         # url('user', id=ID)
         usr = User.get_or_404(id)
         try:
             UserModel().delete(usr)
             Session().commit()
             h.flash(_('successfully deleted user'), category='success')
         except (UserOwnsReposException, DefaultUserException), e:
             h.flash(e, category='warning')
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of user'),
                     category='error')
         return redirect(url('users'))
     def show(self, id, format='html'):
         """GET /users/id: Show a specific item"""
         # url('user', id=ID)
     def edit(self, id, format='html'):
         """GET /users/id/edit: Form to edit an existing item"""
         # url('edit_user', id=ID)
         c.user = User.get_or_404(id)
         if c.user.username == 'default':
             h.flash(_("You can't edit this user"), category='warning')
             return redirect(url('users'))
         c.perm_user = AuthUser(user_id=id)
+        c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr)
         c.user.permissions = {}
         c.granted_permissions = UserModel().fill_perms(c.user)\
             .permissions['global']
         c.user_email_map = UserEmailMap.query()\
                         .filter(UserEmailMap.user == c.user).all()
         c.user_ip_map = UserIpMap.query()\
                         .filter(UserIpMap.user == c.user).all()
         user_model = UserModel()
         c.ldap_dn = c.user.ldap_dn
         defaults = c.user.get_dict()
         defaults.update({
             'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'),
             'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),
         })
         return htmlfill.render(
             render('admin/users/user_edit.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )
     def update_perm(self, id):
         """PUT /users_perm/id: Update an existing item"""
         # url('user_perm', id=ID, method='put')
         usr = User.get_or_404(id)
         grant_create_perm = str2bool(request.POST.get('create_repo_perm'))
         grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))
         inherit_perms = str2bool(request.POST.get('inherit_default_permissions'))
         user_model = UserModel()
         try:
             usr.inherit_default_permissions = inherit_perms
             Session().add(usr)
             if grant_create_perm:
                 user_model.revoke_perm(usr, 'hg.create.none')
                 user_model.grant_perm(usr, 'hg.create.repository')
                 h.flash(_("Granted 'repository create' permission to user"),
                         category='success')
             else:
                 user_model.revoke_perm(usr, 'hg.create.repository')
                 user_model.grant_perm(usr, 'hg.create.none')
                 h.flash(_("Revoked 'repository create' permission to user"),
                         category='success')
             if grant_fork_perm:
                 user_model.revoke_perm(usr, 'hg.fork.none')
                 user_model.grant_perm(usr, 'hg.fork.repository')
                 h.flash(_("Granted 'repository fork' permission to user"),
                         category='success')
             else:
                 user_model.revoke_perm(usr, 'hg.fork.repository')
                 user_model.grant_perm(usr, 'hg.fork.none')
                 h.flash(_("Revoked 'repository fork' permission to user"),
                         category='success')
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during permissions saving'),
                     category='error')
         return redirect(url('edit_user', id=id))
     def add_email(self, id):
         """POST /user_emails:Add an existing item"""
         # url('user_emails', id=ID, method='put')
         #TODO: validation and form !!!
         email = request.POST.get('new_email')
         user_model = UserModel()
         try:
             user_model.add_extra_email(id, email)
             Session().commit()
             h.flash(_("Added email %s to user") % email, category='success')
         except formencode.Invalid, error:
             msg = error.error_dict['email']
             h.flash(msg, category='error')
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during email saving'),
                     category='error')
         return redirect(url('edit_user', id=id))
     def delete_email(self, id):
         """DELETE /user_emails_delete/id: Delete an existing item"""
         # url('user_emails_delete', id=ID, method='delete')
         user_model = UserModel()
         user_model.delete_extra_email(id, request.POST.get('del_email'))
         Session().commit()
         h.flash(_("Removed email from user"), category='success')
         return redirect(url('edit_user', id=id))
     def add_ip(self, id):
         """POST /user_ips:Add an existing item"""
         # url('user_ips', id=ID, method='put')
         ip = request.POST.get('new_ip')
         user_model = UserModel()
         try:
             user_model.add_extra_ip(id, ip)
             Session().commit()
             h.flash(_("Added ip %s to user") % ip, category='success')
         except formencode.Invalid, error:
             msg = error.error_dict['ip']
             h.flash(msg, category='error')
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during ip saving'),
                     category='error')
         if 'default_user' in request.POST:
             return redirect(url('edit_permission', id='default'))
         return redirect(url('edit_user', id=id))
     def delete_ip(self, id):
         """DELETE /user_ips_delete/id: Delete an existing item"""
         # url('user_ips_delete', id=ID, method='delete')
         user_model = UserModel()
         user_model.delete_extra_ip(id, request.POST.get('del_ip'))
         Session().commit()
         h.flash(_("Removed ip from user"), category='success')
         if 'default_user' in request.POST:
             return redirect(url('edit_permission', id='default'))
         return redirect(url('edit_user', id=id))

rhodecode/controllers/api/__init__.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.controllers.api
     ~~~~~~~~~~~~~~~~~~~~~~~~~
     JSON RPC controller
     :created_on: Aug 20, 2011
     :author: marcink
     :copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 import inspect
 import logging
 import types
 import urllib
 import traceback
 import time
 from rhodecode.lib.compat import izip_longest, json
 from paste.response import replace_header
 from pylons.controllers import WSGIController
 from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \
 HTTPBadRequest, HTTPError
 from rhodecode.model.db import User
 from rhodecode.lib.auth import AuthUser
+from rhodecode.lib.auth import AuthUser, check_ip_access
 from rhodecode.lib.base import _get_ip_addr, _get_access_path
 from rhodecode.lib.utils2 import safe_unicode
 log = logging.getLogger('JSONRPC')
 class JSONRPCError(BaseException):
     def __init__(self, message):
         self.message = message
         super(JSONRPCError, self).__init__()
     def __str__(self):
         return str(self.message)
 def jsonrpc_error(message, retid=None, code=None):
     """
     Generate a Response object with a JSON-RPC error body
     """
     from pylons.controllers.util import Response
     return Response(
             body=json.dumps(dict(id=retid, result=None, error=message)),
             status=code,
             content_type='application/json'
+    )
 class JSONRPCController(WSGIController):
     """
      A WSGI-speaking JSON-RPC controller class
      See the specification:
      <http://json-rpc.org/wiki/specification>`.
      Valid controller return values should be json-serializable objects.
      Sub-classes should catch their exceptions and raise JSONRPCError
      if they want to pass meaningful errors to the client.
      """
     def _get_method_args(self):
         """
         Return `self._rpc_args` to dispatched controller method
         chosen by __call__
         """
         return self._rpc_args
     def __call__(self, environ, start_response):
         """
         Parse the request body as JSON, look up the method on the
         controller and if it exists, dispatch to it.
         """
         start = time.time()
         ip_addr = self._get_ip_addr(environ)
         self._req_id = None
         if 'CONTENT_LENGTH' not in environ:
             log.debug("No Content-Length")
             return jsonrpc_error(retid=self._req_id,
                                  message="No Content-Length in request")
         else:
             length = environ['CONTENT_LENGTH'] or 0
             length = int(environ['CONTENT_LENGTH'])
             log.debug('Content-Length: %s' % length)
         if length == 0:
             log.debug("Content-Length is 0")
             return jsonrpc_error(retid=self._req_id,
                                  message="Content-Length is 0")
         raw_body = environ['wsgi.input'].read(length)
         try:
             json_body = json.loads(urllib.unquote_plus(raw_body))
         except ValueError, e:
             # catch JSON errors Here
             return jsonrpc_error(retid=self._req_id,
                                  message="JSON parse error ERR:%s RAW:%r" \
                                  % (e, urllib.unquote_plus(raw_body)))
         # check AUTH based on API KEY
         try:
             self._req_api_key = json_body['api_key']
             self._req_id = json_body['id']
             self._req_method = json_body['method']
             self._request_params = json_body['args']
             log.debug(
                 'method: %s, params: %s' % (self._req_method,
                                             self._request_params)
+            )
         except KeyError, e:
             return jsonrpc_error(retid=self._req_id,
                                  message='Incorrect JSON query missing %s' % e)
         # check if we can find this session using api_key
         try:
             u = User.get_by_api_key(self._req_api_key)
             if u is None:
                 return jsonrpc_error(retid=self._req_id,
                                      message='Invalid API KEY')
             auth_u = AuthUser(u.user_id, self._req_api_key)
             #check if we are allowed to use this IP
             allowed_ips = AuthUser.get_allowed_ips(u.user_id)
             if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips) is False:
                 log.info('Access for IP:%s forbidden, '
                          'not in %s' % (ip_addr, allowed_ips))
                 return jsonrpc_error(retid=self._req_id,
                         message='request from IP:%s not allowed' % (ip_addr))
             else:
                 log.info('Access for IP:%s allowed' % (ip_addr))
             auth_u = AuthUser(u.user_id, self._req_api_key, ip_addr=ip_addr)
         except Exception, e:
             return jsonrpc_error(retid=self._req_id,
                                  message='Invalid API KEY')
         self._error = None
         try:
             self._func = self._find_method()
         except AttributeError, e:
             return jsonrpc_error(retid=self._req_id,
                                  message=str(e))
         # now that we have a method, add self._req_params to
         # self.kargs and dispatch control to WGIController
         argspec = inspect.getargspec(self._func)
         arglist = argspec[0][1:]
         defaults = map(type, argspec[3] or [])
         default_empty = types.NotImplementedType
         # kw arguments required by this method
         func_kwargs = dict(izip_longest(reversed(arglist), reversed(defaults),
                                         fillvalue=default_empty))
         # this is little trick to inject logged in user for
         # perms decorators to work they expect the controller class to have
         # rhodecode_user attribute set
         self.rhodecode_user = auth_u
         # This attribute will need to be first param of a method that uses
         # api_key, which is translated to instance of user at that name
         USER_SESSION_ATTR = 'apiuser'
         if USER_SESSION_ATTR not in arglist:
             return jsonrpc_error(
                 retid=self._req_id,
                 message='This method [%s] does not support '
                          'authentication (missing %s param)' % (
                                     self._func.__name__, USER_SESSION_ATTR)
+            )
         # get our arglist and check if we provided them as args
         for arg, default in func_kwargs.iteritems():
             if arg == USER_SESSION_ATTR:
                 # USER_SESSION_ATTR is something translated from api key and
                 # this is checked before so we don't need validate it
                 continue
             # skip the required param check if it's default value is
             # NotImplementedType (default_empty)
             if (default == default_empty and arg not in self._request_params):
                 return jsonrpc_error(
                     retid=self._req_id,
                     message=(
                         'Missing non optional `%s` arg in JSON DATA' % arg
+                    )
+                )
         self._rpc_args = {USER_SESSION_ATTR: u}
         self._rpc_args.update(self._request_params)
         self._rpc_args['action'] = self._req_method
         self._rpc_args['environ'] = environ
         self._rpc_args['start_response'] = start_response
         status = []
         headers = []
         exc_info = []
         def change_content(new_status, new_headers, new_exc_info=None):
             status.append(new_status)
             headers.extend(new_headers)
             exc_info.append(new_exc_info)
         output = WSGIController.__call__(self, environ, change_content)
         output = list(output)
         headers.append(('Content-Length', str(len(output[0]))))
         replace_header(headers, 'Content-Type', 'application/json')
         start_response(status[0], headers, exc_info[0])
         log.info('IP: %s Request to %s time: %.3fs' % (
             _get_ip_addr(environ),
             safe_unicode(_get_access_path(environ)), time.time() - start)
+        )
         return output
     def _dispatch_call(self):
         """
         Implement dispatch interface specified by WSGIController
         """
         try:
             raw_response = self._inspect_call(self._func)
             if isinstance(raw_response, HTTPError):
                 self._error = str(raw_response)
         except JSONRPCError, e:
             self._error = str(e)
         except Exception, e:
             log.error('Encountered unhandled exception: %s' \
                       % traceback.format_exc())
             json_exc = JSONRPCError('Internal server error')
             self._error = str(json_exc)
         if self._error is not None:
             raw_response = None
         response = dict(id=self._req_id, result=raw_response,
                         error=self._error)
         try:
             return json.dumps(response)
         except TypeError, e:
             log.error('API FAILED. Error encoding response: %s' % e)
             return json.dumps(
                 dict(
                     id=self._req_id,
                     result=None,
                     error="Error encoding response"
+                )
+            )
     def _find_method(self):
         """
         Return method named by `self._req_method` in controller if able
         """
         log.debug('Trying to find JSON-RPC method: %s' % self._req_method)
         if self._req_method.startswith('_'):
             raise AttributeError("Method not allowed")
         try:
             func = getattr(self, self._req_method, None)
         except UnicodeEncodeError:
             raise AttributeError("Problem decoding unicode in requested "
                                  "method name.")
         if isinstance(func, types.MethodType):
             return func
         else:
             raise AttributeError("No such method: %s" % self._req_method)

rhodecode/controllers/api/api.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.controllers.api
     ~~~~~~~~~~~~~~~~~~~~~~~~~
     API controller for RhodeCode
     :created_on: Aug 20, 2011
     :author: marcink
     :copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 import traceback
 import logging
 from rhodecode.controllers.api import JSONRPCController, JSONRPCError
 from rhodecode.lib.auth import HasPermissionAllDecorator, \
     HasPermissionAnyDecorator, PasswordGenerator, AuthUser
 from rhodecode.lib.utils import map_groups, repo2db_mapper
 from rhodecode.model.meta import Session
 from rhodecode.model.scm import ScmModel
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.user import UserModel
 from rhodecode.model.users_group import UsersGroupModel
 from rhodecode.model.permission import PermissionModel
 from rhodecode.model.db import Repository, RhodeCodeSetting
 log = logging.getLogger(__name__)
 class Optional(object):
     """
     Defines an optional parameter::
         param = param.getval() if isinstance(param, Optional) else param
         param = param() if isinstance(param, Optional) else param
     is equivalent of::
         param = Optional.extract(param)
     """
     def __init__(self, type_):
         self.type_ = type_
     def __repr__(self):
         return '<Optional:%s>' % self.type_.__repr__()
     def __call__(self):
         return self.getval()
     def getval(self):
         """
         returns value from this Optional instance
         """
         return self.type_
     @classmethod
     def extract(cls, val):
         if isinstance(val, cls):
             return val.getval()
         return val
 def get_user_or_error(userid):
     """
     Get user by id or name or return JsonRPCError if not found
     :param userid:
     """
     user = UserModel().get_user(userid)
     if user is None:
         raise JSONRPCError("user `%s` does not exist" % userid)
     return user
 def get_repo_or_error(repoid):
     """
     Get repo by id or name or return JsonRPCError if not found
     :param userid:
     """
     repo = RepoModel().get_repo(repoid)
     if repo is None:
         raise JSONRPCError('repository `%s` does not exist' % (repoid))
     return repo
 def get_users_group_or_error(usersgroupid):
     """
     Get users group by id or name or return JsonRPCError if not found
     :param userid:
     """
     users_group = UsersGroupModel().get_group(usersgroupid)
     if users_group is None:
         raise JSONRPCError('users group `%s` does not exist' % usersgroupid)
     return users_group
 def get_perm_or_error(permid):
     """
     Get permission by id or name or return JsonRPCError if not found
     :param userid:
     """
     perm = PermissionModel().get_permission_by_name(permid)
     if perm is None:
         raise JSONRPCError('permission `%s` does not exist' % (permid))
     return perm
 class ApiController(JSONRPCController):
     """
     API Controller
     Each method needs to have USER as argument this is then based on given
     API_KEY propagated as instance of user object
     Preferably this should be first argument also
     Each function should also **raise** JSONRPCError for any
     errors that happens
     """
     def _get_ip_addr(self, environ):
         from rhodecode.lib.base import _get_ip_addr
         return _get_ip_addr(environ)
     @HasPermissionAllDecorator('hg.admin')
     def pull(self, apiuser, repoid):
         """
         Dispatch pull action on given repo
         :param apiuser:
         :param repoid:
         """
         repo = get_repo_or_error(repoid)
         try:
             ScmModel().pull_changes(repo.repo_name,
                                     self.rhodecode_user.username)
             return 'Pulled from `%s`' % repo.repo_name
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'Unable to pull changes from `%s`' % repo.repo_name
+            )
     @HasPermissionAllDecorator('hg.admin')
     def rescan_repos(self, apiuser, remove_obsolete=Optional(False)):
         """
         Dispatch rescan repositories action. If remove_obsolete is set
         than also delete repos that are in database but not in the filesystem.
         aka "clean zombies"
         :param apiuser:
         :param remove_obsolete:
         """
         try:
             rm_obsolete = Optional.extract(remove_obsolete)
             added, removed = repo2db_mapper(ScmModel().repo_scan(),
                                             remove_obsolete=rm_obsolete)
             return {'added': added, 'removed': removed}
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'Error occurred during rescan repositories action'
+            )
     @HasPermissionAllDecorator('hg.admin')
     def lock(self, apiuser, repoid, userid, locked):
         """
         Set locking state on particular repository by given user
         :param apiuser:
         :param repoid:
         :param userid:
         :param locked:
         """
         repo = get_repo_or_error(repoid)
         user = get_user_or_error(userid)
         locked = bool(locked)
         try:
             if locked:
                 Repository.lock(repo, user.user_id)
             else:
                 Repository.unlock(repo)
             return ('User `%s` set lock state for repo `%s` to `%s`'
                     % (user.username, repo.repo_name, locked))
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'Error occurred locking repository `%s`' % repo.repo_name
+            )
     @HasPermissionAllDecorator('hg.admin')
     def get_user(self, apiuser, userid):
         """"
         Get a user by username
         :param apiuser:
         :param userid:
         """
         user = get_user_or_error(userid)
         data = user.get_api_data()
         data['permissions'] = AuthUser(user_id=user.user_id).permissions
         return data
     @HasPermissionAllDecorator('hg.admin')
     def get_users(self, apiuser):
         """"
         Get all users
         :param apiuser:
         """
         result = []
         for user in UserModel().get_all():
             result.append(user.get_api_data())
         return result
     @HasPermissionAllDecorator('hg.admin')
     def create_user(self, apiuser, username, email, password,
                     firstname=Optional(None), lastname=Optional(None),
                     active=Optional(True), admin=Optional(False),
                     ldap_dn=Optional(None)):
         """
         Create new user
         :param apiuser:
         :param username:
         :param email:
         :param password:
         :param firstname:
         :param lastname:
         :param active:
         :param admin:
         :param ldap_dn:
         """
         if UserModel().get_by_username(username):
             raise JSONRPCError("user `%s` already exist" % username)
         if UserModel().get_by_email(email, case_insensitive=True):
             raise JSONRPCError("email `%s` already exist" % email)
         if Optional.extract(ldap_dn):
             # generate temporary password if ldap_dn
             password = PasswordGenerator().gen_password(length=8)
         try:
             user = UserModel().create_or_update(
                 username=Optional.extract(username),
                 password=Optional.extract(password),
                 email=Optional.extract(email),
                 firstname=Optional.extract(firstname),
                 lastname=Optional.extract(lastname),
                 active=Optional.extract(active),
                 admin=Optional.extract(admin),
                 ldap_dn=Optional.extract(ldap_dn)
+            )
             Session().commit()
             return dict(
                 msg='created new user `%s`' % username,
                 user=user.get_api_data()
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to create user `%s`' % username)
     @HasPermissionAllDecorator('hg.admin')
     def update_user(self, apiuser, userid, username=Optional(None),
                     email=Optional(None), firstname=Optional(None),
                     lastname=Optional(None), active=Optional(None),
                     admin=Optional(None), ldap_dn=Optional(None),
                     password=Optional(None)):
         """
         Updates given user
         :param apiuser:
         :param userid:
         :param username:
         :param email:
         :param firstname:
         :param lastname:
         :param active:
         :param admin:
         :param ldap_dn:
         :param password:
         """
         user = get_user_or_error(userid)
         # call function and store only updated arguments
         updates = {}
         def store_update(attr, name):
             if not isinstance(attr, Optional):
                 updates[name] = attr
         try:
             store_update(username, 'username')
             store_update(password, 'password')
             store_update(email, 'email')
             store_update(firstname, 'name')
             store_update(lastname, 'lastname')
             store_update(active, 'active')
             store_update(admin, 'admin')
             store_update(ldap_dn, 'ldap_dn')
             user = UserModel().update_user(user, **updates)
             Session().commit()
             return dict(
                 msg='updated user ID:%s %s' % (user.user_id, user.username),
                 user=user.get_api_data()
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to update user `%s`' % userid)
     @HasPermissionAllDecorator('hg.admin')
     def delete_user(self, apiuser, userid):
         """"
         Deletes an user
         :param apiuser:
         :param userid:
         """
         user = get_user_or_error(userid)
         try:
             UserModel().delete(userid)
             Session().commit()
             return dict(
                 msg='deleted user ID:%s %s' % (user.user_id, user.username),
                 user=None
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to delete ID:%s %s' % (user.user_id,
                                                               user.username))
     @HasPermissionAllDecorator('hg.admin')
     def get_users_group(self, apiuser, usersgroupid):
         """"
         Get users group by name or id
         :param apiuser:
         :param usersgroupid:
         """
         users_group = get_users_group_or_error(usersgroupid)
         data = users_group.get_api_data()
         members = []
         for user in users_group.members:
             user = user.user
             members.append(user.get_api_data())
         data['members'] = members
         return data
     @HasPermissionAllDecorator('hg.admin')
     def get_users_groups(self, apiuser):
         """"
         Get all users groups
         :param apiuser:
         """
         result = []
         for users_group in UsersGroupModel().get_all():
             result.append(users_group.get_api_data())
         return result
     @HasPermissionAllDecorator('hg.admin')
     def create_users_group(self, apiuser, group_name, active=Optional(True)):
         """
         Creates an new usergroup
         :param apiuser:
         :param group_name:
         :param active:
         """
         if UsersGroupModel().get_by_name(group_name):
             raise JSONRPCError("users group `%s` already exist" % group_name)
         try:
             active = Optional.extract(active)
             ug = UsersGroupModel().create(name=group_name, active=active)
             Session().commit()
             return dict(
                 msg='created new users group `%s`' % group_name,
                 users_group=ug.get_api_data()
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to create group `%s`' % group_name)
     @HasPermissionAllDecorator('hg.admin')
     def add_user_to_users_group(self, apiuser, usersgroupid, userid):
         """"
         Add a user to a users group
         :param apiuser:
         :param usersgroupid:
         :param userid:
         """
         user = get_user_or_error(userid)
         users_group = get_users_group_or_error(usersgroupid)
         try:
             ugm = UsersGroupModel().add_user_to_group(users_group, user)
             success = True if ugm != True else False
             msg = 'added member `%s` to users group `%s`' % (
                         user.username, users_group.users_group_name
+                    )
             msg = msg if success else 'User is already in that group'
             Session().commit()
             return dict(
                 success=success,
                 msg=msg
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'failed to add member to users group `%s`' % (
                     users_group.users_group_name
+                )
+            )
     @HasPermissionAllDecorator('hg.admin')
     def remove_user_from_users_group(self, apiuser, usersgroupid, userid):
         """
         Remove user from a group
         :param apiuser:
         :param usersgroupid:
         :param userid:
         """
         user = get_user_or_error(userid)
         users_group = get_users_group_or_error(usersgroupid)
         try:
             success = UsersGroupModel().remove_user_from_group(users_group,
                                                                user)
             msg = 'removed member `%s` from users group `%s`' % (
                         user.username, users_group.users_group_name
+                    )
             msg = msg if success else "User wasn't in group"
             Session().commit()
             return dict(success=success, msg=msg)
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'failed to remove member from users group `%s`' % (
                         users_group.users_group_name
+                    )
+            )
     @HasPermissionAnyDecorator('hg.admin')
     def get_repo(self, apiuser, repoid):
         """"
         Get repository by name
         :param apiuser:
         :param repoid:
         """
         repo = get_repo_or_error(repoid)
         members = []
         for user in repo.repo_to_perm:
             perm = user.permission.permission_name
             user = user.user
             user_data = user.get_api_data()
             user_data['type'] = "user"
             user_data['permission'] = perm
             members.append(user_data)
         for users_group in repo.users_group_to_perm:
             perm = users_group.permission.permission_name
             users_group = users_group.users_group
             users_group_data = users_group.get_api_data()
             users_group_data['type'] = "users_group"
             users_group_data['permission'] = perm
             members.append(users_group_data)
         data = repo.get_api_data()
         data['members'] = members
         return data
     @HasPermissionAnyDecorator('hg.admin')
     def get_repos(self, apiuser):
         """"
         Get all repositories
         :param apiuser:
         """
         result = []
         for repo in RepoModel().get_all():
             result.append(repo.get_api_data())
         return result
     @HasPermissionAnyDecorator('hg.admin')
     def get_repo_nodes(self, apiuser, repoid, revision, root_path,
                        ret_type='all'):
         """
         returns a list of nodes and it's children
         for a given path at given revision. It's possible to specify ret_type
         to show only files or dirs
         :param apiuser:
         :param repoid: name or id of repository
         :param revision: revision for which listing should be done
         :param root_path: path from which start displaying
         :param ret_type: return type 'all|files|dirs' nodes
         """
         repo = get_repo_or_error(repoid)
         try:
             _d, _f = ScmModel().get_nodes(repo, revision, root_path,
                                           flat=False)
             _map = {
                 'all': _d + _f,
                 'files': _f,
                 'dirs': _d,
+            }
             return _map[ret_type]
         except KeyError:
             raise JSONRPCError('ret_type must be one of %s' % _map.keys())
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'failed to get repo: `%s` nodes' % repo.repo_name
+            )
     @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
     def create_repo(self, apiuser, repo_name, owner, repo_type=Optional('hg'),
                     description=Optional(''), private=Optional(False),
                     clone_uri=Optional(None), landing_rev=Optional('tip'),
                     enable_statistics=Optional(False),
                     enable_locking=Optional(False),
                     enable_downloads=Optional(False)):
         """
         Create repository, if clone_url is given it makes a remote clone
         if repo_name is withina  group name the groups will be created
         automatically if they aren't present
         :param apiuser:
         :param repo_name:
         :param onwer:
         :param repo_type:
         :param description:
         :param private:
         :param clone_uri:
         :param landing_rev:
         """
         owner = get_user_or_error(owner)
         if RepoModel().get_by_repo_name(repo_name):
             raise JSONRPCError("repo `%s` already exist" % repo_name)
         defs = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True)
         if isinstance(private, Optional):
             private = defs.get('repo_private') or Optional.extract(private)
         if isinstance(repo_type, Optional):
             repo_type = defs.get('repo_type')
         if isinstance(enable_statistics, Optional):
             enable_statistics = defs.get('repo_enable_statistics')
         if isinstance(enable_locking, Optional):
             enable_locking = defs.get('repo_enable_locking')
         if isinstance(enable_downloads, Optional):
             enable_downloads = defs.get('repo_enable_downloads')
         clone_uri = Optional.extract(clone_uri)
         description = Optional.extract(description)
         landing_rev = Optional.extract(landing_rev)
         try:
             # create structure of groups and return the last group
             group = map_groups(repo_name)
             repo = RepoModel().create_repo(
                 repo_name=repo_name,
                 repo_type=repo_type,
                 description=description,
                 owner=owner,
                 private=private,
                 clone_uri=clone_uri,
                 repos_group=group,
                 landing_rev=landing_rev,
                 enable_statistics=enable_statistics,
                 enable_downloads=enable_downloads,
                 enable_locking=enable_locking
+            )
             Session().commit()
             return dict(
                 msg="Created new repository `%s`" % (repo.repo_name),
                 repo=repo.get_api_data()
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to create repository `%s`' % repo_name)
     @HasPermissionAnyDecorator('hg.admin')
     def fork_repo(self, apiuser, repoid, fork_name, owner,
                   description=Optional(''), copy_permissions=Optional(False),
                   private=Optional(False), landing_rev=Optional('tip')):
         repo = get_repo_or_error(repoid)
         repo_name = repo.repo_name
         owner = get_user_or_error(owner)
         _repo = RepoModel().get_by_repo_name(fork_name)
         if _repo:
             type_ = 'fork' if _repo.fork else 'repo'
             raise JSONRPCError("%s `%s` already exist" % (type_, fork_name))
         try:
             # create structure of groups and return the last group
             group = map_groups(fork_name)
             form_data = dict(
                 repo_name=fork_name,
                 repo_name_full=fork_name,
                 repo_group=group,
                 repo_type=repo.repo_type,
                 description=Optional.extract(description),
                 private=Optional.extract(private),
                 copy_permissions=Optional.extract(copy_permissions),
                 landing_rev=Optional.extract(landing_rev),
                 update_after_clone=False,
                 fork_parent_id=repo.repo_id,
+            )
             RepoModel().create_fork(form_data, cur_user=owner)
             return dict(
                 msg='Created fork of `%s` as `%s`' % (repo.repo_name,
                                                       fork_name),
                 success=True  # cannot return the repo data here since fork
                               # cann be done async
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'failed to fork repository `%s` as `%s`' % (repo_name,
                                                             fork_name)
+            )
     @HasPermissionAnyDecorator('hg.admin')
     def delete_repo(self, apiuser, repoid):
         """
         Deletes a given repository
         :param apiuser:
         :param repoid:
         """
         repo = get_repo_or_error(repoid)
         try:
             RepoModel().delete(repo)
             Session().commit()
             return dict(
                 msg='Deleted repository `%s`' % repo.repo_name,
                 success=True
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'failed to delete repository `%s`' % repo.repo_name
+            )
     @HasPermissionAnyDecorator('hg.admin')
     def grant_user_permission(self, apiuser, repoid, userid, perm):
         """
         Grant permission for user on given repository, or update existing one
         if found
         :param repoid:
         :param userid:
         :param perm:
         """
         repo = get_repo_or_error(repoid)
         user = get_user_or_error(userid)
         perm = get_perm_or_error(perm)
         try:
             RepoModel().grant_user_permission(repo=repo, user=user, perm=perm)
             Session().commit()
             return dict(
                 msg='Granted perm: `%s` for user: `%s` in repo: `%s`' % (
                     perm.permission_name, user.username, repo.repo_name
                 ),
                 success=True
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'failed to edit permission for user: `%s` in repo: `%s`' % (
                     userid, repoid
+                )
+            )
     @HasPermissionAnyDecorator('hg.admin')
     def revoke_user_permission(self, apiuser, repoid, userid):
         """
         Revoke permission for user on given repository
         :param apiuser:
         :param repoid:
         :param userid:
         """
         repo = get_repo_or_error(repoid)
         user = get_user_or_error(userid)
         try:
             RepoModel().revoke_user_permission(repo=repo, user=user)
             Session().commit()
             return dict(
                 msg='Revoked perm for user: `%s` in repo: `%s`' % (
                     user.username, repo.repo_name
                 ),
                 success=True
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'failed to edit permission for user: `%s` in repo: `%s`' % (
                     userid, repoid
+                )
+            )
     @HasPermissionAnyDecorator('hg.admin')
     def grant_users_group_permission(self, apiuser, repoid, usersgroupid,
                                      perm):
         """
         Grant permission for users group on given repository, or update
         existing one if found
         :param apiuser:
         :param repoid:
         :param usersgroupid:
         :param perm:
         """
         repo = get_repo_or_error(repoid)
         perm = get_perm_or_error(perm)
         users_group = get_users_group_or_error(usersgroupid)
         try:
             RepoModel().grant_users_group_permission(repo=repo,
                                                      group_name=users_group,
                                                      perm=perm)
             Session().commit()
             return dict(
                 msg='Granted perm: `%s` for users group: `%s` in '
                     'repo: `%s`' % (
                     perm.permission_name, users_group.users_group_name,
                     repo.repo_name
                 ),
                 success=True
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'failed to edit permission for users group: `%s` in '
                 'repo: `%s`' % (
                     usersgroupid, repo.repo_name
+                )
+            )
     @HasPermissionAnyDecorator('hg.admin')
     def revoke_users_group_permission(self, apiuser, repoid, usersgroupid):
         """
         Revoke permission for users group on given repository
         :param apiuser:
         :param repoid:
         :param usersgroupid:
         """
         repo = get_repo_or_error(repoid)
         users_group = get_users_group_or_error(usersgroupid)
         try:
             RepoModel().revoke_users_group_permission(repo=repo,
                                                       group_name=users_group)
             Session().commit()
             return dict(
                 msg='Revoked perm for users group: `%s` in repo: `%s`' % (
                     users_group.users_group_name, repo.repo_name
                 ),
                 success=True
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'failed to edit permission for users group: `%s` in '
                 'repo: `%s`' % (
                     users_group.users_group_name, repo.repo_name
+                )
+            )

rhodecode/lib/auth.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.lib.auth
     ~~~~~~~~~~~~~~~~~~
     authentication and permission libraries
     :created_on: Apr 4, 2010
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import random
 import logging
 import traceback
 import hashlib
 from tempfile import _RandomNameSequence
 from decorator import decorator
 from pylons import config, url, request
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from rhodecode import __platform__, is_windows, is_unix
 from rhodecode.model.meta import Session
 from rhodecode.lib.utils2 import str2bool, safe_unicode
 from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError
 from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug
 from rhodecode.lib.auth_ldap import AuthLdap
 from rhodecode.model import meta
 from rhodecode.model.user import UserModel
 from rhodecode.model.db import Permission, RhodeCodeSetting, User
+from rhodecode.model.db import Permission, RhodeCodeSetting, User, UserIpMap
 log = logging.getLogger(__name__)
 class PasswordGenerator(object):
     """
     This is a simple class for generating password from different sets of
     characters
     usage::
         passwd_gen = PasswordGenerator()
         #print 8-letter password containing only big and small letters
             of alphabet
         passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
     """
     ALPHABETS_NUM = r'''1234567890'''
     ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
     ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
     ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''
     ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \
         + ALPHABETS_NUM + ALPHABETS_SPECIAL
     ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM
     ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
     ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
     ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
     def __init__(self, passwd=''):
         self.passwd = passwd
     def gen_password(self, length, type_=None):
         if type_ is None:
             type_ = self.ALPHABETS_FULL
         self.passwd = ''.join([random.choice(type_) for _ in xrange(length)])
         return self.passwd
 class RhodeCodeCrypto(object):
     @classmethod
     def hash_string(cls, str_):
         """
         Cryptographic function used for password hashing based on pybcrypt
         or pycrypto in windows
         :param password: password to hash
         """
         if is_windows:
             from hashlib import sha256
             return sha256(str_).hexdigest()
         elif is_unix:
             import bcrypt
             return bcrypt.hashpw(str_, bcrypt.gensalt(10))
         else:
             raise Exception('Unknown or unsupported platform %s' \
                             % __platform__)
     @classmethod
     def hash_check(cls, password, hashed):
         """
         Checks matching password with it's hashed value, runs different
         implementation based on platform it runs on
         :param password: password
         :param hashed: password in hashed form
         """
         if is_windows:
             from hashlib import sha256
             return sha256(password).hexdigest() == hashed
         elif is_unix:
             import bcrypt
             return bcrypt.hashpw(password, hashed) == hashed
         else:
             raise Exception('Unknown or unsupported platform %s' \
                             % __platform__)
 def get_crypt_password(password):
     return RhodeCodeCrypto.hash_string(password)
 def check_password(password, hashed):
     return RhodeCodeCrypto.hash_check(password, hashed)
 def generate_api_key(str_, salt=None):
     """
     Generates API KEY from given string
     :param str_:
     :param salt:
     """
     if salt is None:
         salt = _RandomNameSequence().next()
     return hashlib.sha1(str_ + salt).hexdigest()
 def authfunc(environ, username, password):
     """
     Dummy authentication wrapper function used in Mercurial and Git for
     access control.
     :param environ: needed only for using in Basic auth
     """
     return authenticate(username, password)
 def authenticate(username, password):
     """
     Authentication function used for access control,
     firstly checks for db authentication then if ldap is enabled for ldap
     authentication, also creates ldap user if not in database
     :param username: username
     :param password: password
     """
     user_model = UserModel()
     user = User.get_by_username(username)
     log.debug('Authenticating user using RhodeCode account')
     if user is not None and not user.ldap_dn:
         if user.active:
             if user.username == 'default' and user.active:
                 log.info('user %s authenticated correctly as anonymous user' %
                          username)
                 return True
             elif user.username == username and check_password(password,
                                                               user.password):
                 log.info('user %s authenticated correctly' % username)
                 return True
         else:
             log.warning('user %s tried auth but is disabled' % username)
     else:
         log.debug('Regular authentication failed')
         user_obj = User.get_by_username(username, case_insensitive=True)
         if user_obj is not None and not user_obj.ldap_dn:
             log.debug('this user already exists as non ldap')
             return False
         ldap_settings = RhodeCodeSetting.get_ldap_settings()
         #======================================================================
         # FALLBACK TO LDAP AUTH IF ENABLE
         #======================================================================
         if str2bool(ldap_settings.get('ldap_active')):
             log.debug("Authenticating user using ldap")
             kwargs = {
                   'server': ldap_settings.get('ldap_host', ''),
                   'base_dn': ldap_settings.get('ldap_base_dn', ''),
                   'port': ldap_settings.get('ldap_port'),
                   'bind_dn': ldap_settings.get('ldap_dn_user'),
                   'bind_pass': ldap_settings.get('ldap_dn_pass'),
                   'tls_kind': ldap_settings.get('ldap_tls_kind'),
                   'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
                   'ldap_filter': ldap_settings.get('ldap_filter'),
                   'search_scope': ldap_settings.get('ldap_search_scope'),
                   'attr_login': ldap_settings.get('ldap_attr_login'),
                   'ldap_version': 3,
+                  }
             log.debug('Checking for ldap authentication')
             try:
                 aldap = AuthLdap(**kwargs)
                 (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
                                                                 password)
                 log.debug('Got ldap DN response %s' % user_dn)
                 get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\
                                                            .get(k), [''])[0]
                 user_attrs = {
                  'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),
                  'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
                  'email': get_ldap_attr('ldap_attr_email'),
+                }
                 # don't store LDAP password since we don't need it. Override
                 # with some random generated password
                 _password = PasswordGenerator().gen_password(length=8)
                 # create this user on the fly if it doesn't exist in rhodecode
                 # database
                 if user_model.create_ldap(username, _password, user_dn,
                                           user_attrs):
                     log.info('created new ldap user %s' % username)
                 Session().commit()
                 return True
             except (LdapUsernameError, LdapPasswordError,):
                 pass
             except (Exception,):
                 log.error(traceback.format_exc())
                 pass
     return False
 def login_container_auth(username):
     user = User.get_by_username(username)
     if user is None:
         user_attrs = {
             'name': username,
             'lastname': None,
             'email': None,
+        }
         user = UserModel().create_for_container_auth(username, user_attrs)
         if not user:
             return None
         log.info('User %s was created by container authentication' % username)
     if not user.active:
         return None
     user.update_lastlogin()
     Session().commit()
     log.debug('User %s is now logged in by container authentication',
               user.username)
     return user
 def get_container_username(environ, config):
     username = None
     if str2bool(config.get('container_auth_enabled', False)):
         from paste.httpheaders import REMOTE_USER
         username = REMOTE_USER(environ)
     if not username and str2bool(config.get('proxypass_auth_enabled', False)):
         username = environ.get('HTTP_X_FORWARDED_USER')
     if username:
         # Removing realm and domain from username
         username = username.partition('@')[0]
         username = username.rpartition('\\')[2]
         log.debug('Received username %s from container' % username)
     return username
 class CookieStoreWrapper(object):
     def __init__(self, cookie_store):
         self.cookie_store = cookie_store
     def __repr__(self):
         return 'CookieStore<%s>' % (self.cookie_store)
     def get(self, key, other=None):
         if isinstance(self.cookie_store, dict):
             return self.cookie_store.get(key, other)
         elif isinstance(self.cookie_store, AuthUser):
             return self.cookie_store.__dict__.get(key, other)
 class  AuthUser(object):
     """
     A simple object that handles all attributes of user in RhodeCode
     It does lookup based on API key,given user, or user present in session
     Then it fills all required information for such user. It also checks if
     anonymous access is enabled and if so, it returns default user as logged
     in
     """
     def __init__(self, user_id=None, api_key=None, username=None):
+    def __init__(self, user_id=None, api_key=None, username=None, ip_addr=None):
         self.user_id = user_id
         self.api_key = None
         self.username = username
         self.ip_addr = ip_addr
         self.name = ''
         self.lastname = ''
         self.email = ''
         self.is_authenticated = False
         self.admin = False
         self.inherit_default_permissions = False
         self.permissions = {}
         self.allowed_ips = set()
         self._api_key = api_key
         self.propagate_data()
         self._instance = None
     def propagate_data(self):
         user_model = UserModel()
         self.anonymous_user = User.get_by_username('default', cache=True)
         is_user_loaded = False
         # try go get user by api key
         if self._api_key and self._api_key != self.anonymous_user.api_key:
             log.debug('Auth User lookup by API KEY %s' % self._api_key)
             is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
         # lookup by userid
         elif (self.user_id is not None and
               self.user_id != self.anonymous_user.user_id):
             log.debug('Auth User lookup by USER ID %s' % self.user_id)
             is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
         # lookup by username
         elif self.username and \
             str2bool(config.get('container_auth_enabled', False)):
             log.debug('Auth User lookup by USER NAME %s' % self.username)
             dbuser = login_container_auth(self.username)
             if dbuser is not None:
                 log.debug('filling all attributes to object')
                 for k, v in dbuser.get_dict().items():
                     setattr(self, k, v)
                 self.set_authenticated()
                 is_user_loaded = True
         else:
             log.debug('No data in %s that could been used to log in' % self)
         if not is_user_loaded:
             # if we cannot authenticate user try anonymous
             if self.anonymous_user.active is True:
                 user_model.fill_data(self, user_id=self.anonymous_user.user_id)
                 # then we set this user is logged in
                 self.is_authenticated = True
             else:
                 self.user_id = None
                 self.username = None
                 self.is_authenticated = False
         if not self.username:
             self.username = 'None'
         log.debug('Auth User is now %s' % self)
         user_model.fill_perms(self)
         log.debug('Filling Allowed IPs')
         self.allowed_ips = AuthUser.get_allowed_ips(self.user_id)
     @property
     def is_admin(self):
         return self.admin
     def __repr__(self):
         return "<AuthUser('id:%s:%s|%s')>" % (self.user_id, self.username,
                                               self.is_authenticated)
     def set_authenticated(self, authenticated=True):
         if self.user_id != self.anonymous_user.user_id:
             self.is_authenticated = authenticated
     def get_cookie_store(self):
         return {'username': self.username,
                 'user_id': self.user_id,
                 'is_authenticated': self.is_authenticated}
     @classmethod
     def from_cookie_store(cls, cookie_store):
         """
         Creates AuthUser from a cookie store
         :param cls:
         :param cookie_store:
         """
         user_id = cookie_store.get('user_id')
         username = cookie_store.get('username')
         api_key = cookie_store.get('api_key')
         return AuthUser(user_id, api_key, username)
     @classmethod
     def get_allowed_ips(cls, user_id):
         _set = set()
         user_ips = UserIpMap.query().filter(UserIpMap.user_id == user_id).all()
         for ip in user_ips:
             _set.add(ip.ip_addr)
         return _set or set(['0.0.0.0/0'])
 def set_available_permissions(config):
     """
     This function will propagate pylons globals with all available defined
     permission given in db. We don't want to check each time from db for new
     permissions since adding a new permission also requires application restart
     ie. to decorate new views with the newly created permission
     :param config: current pylons config instance
     """
     log.info('getting information about all available permissions')
     try:
         sa = meta.Session
         all_perms = sa.query(Permission).all()
     except Exception:
         pass
     finally:
         meta.Session.remove()
     config['available_permissions'] = [x.permission_name for x in all_perms]
 #==============================================================================
 # CHECK DECORATORS
 #==============================================================================
 class LoginRequired(object):
     """
     Must be logged in to execute this function else
     redirect to login page
     :param api_access: if enabled this checks only for valid auth token
         and grants access based on valid token
     """
     def __init__(self, api_access=False):
         self.api_access = api_access
     def __call__(self, func):
         return decorator(self.__wrapper, func)
     def __wrapper(self, func, *fargs, **fkwargs):
         cls = fargs[0]
         user = cls.rhodecode_user
         api_access_ok = False
         if self.api_access:
             log.debug('Checking API KEY access for %s' % cls)
             if user.api_key == request.GET.get('api_key'):
                 api_access_ok = True
             else:
                 log.debug("API KEY token not valid")
         loc = "%s:%s" % (cls.__class__.__name__, func.__name__)
         log.debug('Checking if %s is authenticated @ %s' % (user.username, loc))
         if user.is_authenticated or api_access_ok:
             reason = 'RegularAuth' if user.is_authenticated else 'APIAuth'
             log.info('user %s is authenticated and granted access to %s '
                      'using %s' % (user.username, loc, reason)
+            )
             return func(*fargs, **fkwargs)
         else:
             log.warn('user %s NOT authenticated on func: %s' % (
                 user, loc)
+            )
             p = url.current()
             log.debug('redirecting to login page with %s' % p)
             return redirect(url('login_home', came_from=p))
 class NotAnonymous(object):
     """
     Must be logged in to execute this function else
     redirect to login page"""
     def __call__(self, func):
         return decorator(self.__wrapper, func)
     def __wrapper(self, func, *fargs, **fkwargs):
         cls = fargs[0]
         self.user = cls.rhodecode_user
         log.debug('Checking if user is not anonymous @%s' % cls)
         anonymous = self.user.username == 'default'
         if anonymous:
             p = url.current()
             import rhodecode.lib.helpers as h
             h.flash(_('You need to be a registered user to '
                       'perform this action'),
                     category='warning')
             return redirect(url('login_home', came_from=p))
         else:
             return func(*fargs, **fkwargs)
 class PermsDecorator(object):
     """Base class for controller decorators"""
     def __init__(self, *required_perms):
         available_perms = config['available_permissions']
         for perm in required_perms:
             if perm not in available_perms:
                 raise Exception("'%s' permission is not defined" % perm)
         self.required_perms = set(required_perms)
         self.user_perms = None
     def __call__(self, func):
         return decorator(self.__wrapper, func)
     def __wrapper(self, func, *fargs, **fkwargs):
         cls = fargs[0]
         self.user = cls.rhodecode_user
         self.user_perms = self.user.permissions
         log.debug('checking %s permissions %s for %s %s',
            self.__class__.__name__, self.required_perms, cls, self.user)
         if self.check_permissions():
             log.debug('Permission granted for %s %s' % (cls, self.user))
             return func(*fargs, **fkwargs)
         else:
             log.debug('Permission denied for %s %s' % (cls, self.user))
             anonymous = self.user.username == 'default'
             if anonymous:
                 p = url.current()
                 import rhodecode.lib.helpers as h
                 h.flash(_('You need to be a signed in to '
                           'view this page'),
                         category='warning')
                 return redirect(url('login_home', came_from=p))
             else:
                 # redirect with forbidden ret code
                 return abort(403)
     def check_permissions(self):
         """Dummy function for overriding"""
         raise Exception('You have to write this function in child class')
 class HasPermissionAllDecorator(PermsDecorator):
     """
     Checks for access permission for all given predicates. All of them
     have to be meet in order to fulfill the request
     """
     def check_permissions(self):
         if self.required_perms.issubset(self.user_perms.get('global')):
             return True
         return False
 class HasPermissionAnyDecorator(PermsDecorator):
     """
     Checks for access permission for any of given predicates. In order to
     fulfill the request any of predicates must be meet
     """
     def check_permissions(self):
         if self.required_perms.intersection(self.user_perms.get('global')):
             return True
         return False
 class HasRepoPermissionAllDecorator(PermsDecorator):
     """
     Checks for access permission for all given predicates for specific
     repository. All of them have to be meet in order to fulfill the request
     """
     def check_permissions(self):
         repo_name = get_repo_slug(request)
         try:
             user_perms = set([self.user_perms['repositories'][repo_name]])
         except KeyError:
             return False
         if self.required_perms.issubset(user_perms):
             return True
         return False
 class HasRepoPermissionAnyDecorator(PermsDecorator):
     """
     Checks for access permission for any of given predicates for specific
     repository. In order to fulfill the request any of predicates must be meet
     """
     def check_permissions(self):
         repo_name = get_repo_slug(request)
         try:
             user_perms = set([self.user_perms['repositories'][repo_name]])
         except KeyError:
             return False
         if self.required_perms.intersection(user_perms):
             return True
         return False
 class HasReposGroupPermissionAllDecorator(PermsDecorator):
     """
     Checks for access permission for all given predicates for specific
     repository. All of them have to be meet in order to fulfill the request
     """
     def check_permissions(self):
         group_name = get_repos_group_slug(request)
         try:
             user_perms = set([self.user_perms['repositories_groups'][group_name]])
         except KeyError:
             return False
         if self.required_perms.issubset(user_perms):
             return True
         return False
 class HasReposGroupPermissionAnyDecorator(PermsDecorator):
     """
     Checks for access permission for any of given predicates for specific
     repository. In order to fulfill the request any of predicates must be meet
     """
     def check_permissions(self):
         group_name = get_repos_group_slug(request)
         try:
             user_perms = set([self.user_perms['repositories_groups'][group_name]])
         except KeyError:
             return False
         if self.required_perms.intersection(user_perms):
             return True
         return False
 #==============================================================================
 # CHECK FUNCTIONS
 #==============================================================================
 class PermsFunction(object):
     """Base function for other check functions"""
     def __init__(self, *perms):
         available_perms = config['available_permissions']
         for perm in perms:
             if perm not in available_perms:
                 raise Exception("'%s' permission is not defined" % perm)
         self.required_perms = set(perms)
         self.user_perms = None
         self.repo_name = None
         self.group_name = None
     def __call__(self, check_Location=''):
         user = request.user
         cls_name = self.__class__.__name__
         check_scope = {
             'HasPermissionAll': '',
             'HasPermissionAny': '',
             'HasRepoPermissionAll': 'repo:%s' % self.repo_name,
             'HasRepoPermissionAny': 'repo:%s' % self.repo_name,
             'HasReposGroupPermissionAll': 'group:%s' % self.group_name,
             'HasReposGroupPermissionAny': 'group:%s' % self.group_name,
         }.get(cls_name, '?')
         log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
                   self.required_perms, user, check_scope,
                   check_Location or 'unspecified location')
         if not user:
             log.debug('Empty request user')
             return False
         self.user_perms = user.permissions
         if self.check_permissions():
             log.debug('Permission granted for user: %s @ %s', user,
                       check_Location or 'unspecified location')
             return True
         else:
             log.debug('Permission denied for user: %s @ %s', user,
                         check_Location or 'unspecified location')
             return False
     def check_permissions(self):
         """Dummy function for overriding"""
         raise Exception('You have to write this function in child class')
 class HasPermissionAll(PermsFunction):
     def check_permissions(self):
         if self.required_perms.issubset(self.user_perms.get('global')):
             return True
         return False
 class HasPermissionAny(PermsFunction):
     def check_permissions(self):
         if self.required_perms.intersection(self.user_perms.get('global')):
             return True
         return False
 class HasRepoPermissionAll(PermsFunction):
     def __call__(self, repo_name=None, check_Location=''):
         self.repo_name = repo_name
         return super(HasRepoPermissionAll, self).__call__(check_Location)
     def check_permissions(self):
         if not self.repo_name:
             self.repo_name = get_repo_slug(request)
         try:
             self._user_perms = set(
                 [self.user_perms['repositories'][self.repo_name]]
+            )
         except KeyError:
             return False
         if self.required_perms.issubset(self._user_perms):
             return True
         return False
 class HasRepoPermissionAny(PermsFunction):
     def __call__(self, repo_name=None, check_Location=''):
         self.repo_name = repo_name
         return super(HasRepoPermissionAny, self).__call__(check_Location)
     def check_permissions(self):
         if not self.repo_name:
             self.repo_name = get_repo_slug(request)
         try:
             self._user_perms = set(
                 [self.user_perms['repositories'][self.repo_name]]
+            )
         except KeyError:
             return False
         if self.required_perms.intersection(self._user_perms):
             return True
         return False
 class HasReposGroupPermissionAny(PermsFunction):
     def __call__(self, group_name=None, check_Location=''):
         self.group_name = group_name
         return super(HasReposGroupPermissionAny, self).__call__(check_Location)
     def check_permissions(self):
         try:
             self._user_perms = set(
                 [self.user_perms['repositories_groups'][self.group_name]]
+            )
         except KeyError:
             return False
         if self.required_perms.intersection(self._user_perms):
             return True
         return False
 class HasReposGroupPermissionAll(PermsFunction):
     def __call__(self, group_name=None, check_Location=''):
         self.group_name = group_name
         return super(HasReposGroupPermissionAll, self).__call__(check_Location)
     def check_permissions(self):
         try:
             self._user_perms = set(
                 [self.user_perms['repositories_groups'][self.group_name]]
+            )
         except KeyError:
             return False
         if self.required_perms.issubset(self._user_perms):
             return True
         return False
 #==============================================================================
 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
 #==============================================================================
 class HasPermissionAnyMiddleware(object):
     def __init__(self, *perms):
         self.required_perms = set(perms)
     def __call__(self, user, repo_name):
         # repo_name MUST be unicode, since we handle keys in permission
         # dict by unicode
         repo_name = safe_unicode(repo_name)
         usr = AuthUser(user.user_id)
         try:
             self.user_perms = set([usr.permissions['repositories'][repo_name]])
         except Exception:
             log.error('Exception while accessing permissions %s' %
                       traceback.format_exc())
             self.user_perms = set()
         self.username = user.username
         self.repo_name = repo_name
         return self.check_permissions()
     def check_permissions(self):
         log.debug('checking VCS protocol '
                   'permissions %s for user:%s repository:%s', self.user_perms,
                                                 self.username, self.repo_name)
         if self.required_perms.intersection(self.user_perms):
             log.debug('permission granted for user:%s on repo:%s' % (
                           self.username, self.repo_name
+                     )
+            )
             return True
         log.debug('permission denied for user:%s on repo:%s' % (
                       self.username, self.repo_name
+                 )
+        )
         return False
 def check_ip_access(source_ip, allowed_ips=None):
     """
     Checks if source_ip is a subnet of any of allowed_ips.
     :param source_ip:
     :param allowed_ips: list of allowed ips together with mask
     """
     from rhodecode.lib import ipaddr
     log.debug('checking if ip:%s is subnet of %s' % (source_ip, allowed_ips))
     if isinstance(allowed_ips, (tuple, list, set)):
         for ip in allowed_ips:
             if ipaddr.IPAddress(source_ip) in ipaddr.IPNetwork(ip):
                 return True
     return False

rhodecode/lib/base.py

➞

Show inline comments

 """The base Controller API
 Provides the BaseController class for subclassing.
 """
 import logging
 import time
 import traceback
 from paste.auth.basic import AuthBasicAuthenticator
 from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden
 from paste.httpheaders import WWW_AUTHENTICATE, AUTHORIZATION
 from pylons import config, tmpl_context as c, request, session, url
 from pylons.controllers import WSGIController
 from pylons.controllers.util import redirect
 from pylons.templating import render_mako as render
 from rhodecode import __version__, BACKENDS
 from rhodecode.lib.utils2 import str2bool, safe_unicode, AttributeDict,\
     safe_str, safe_int
 from rhodecode.lib.auth import AuthUser, get_container_username, authfunc,\
     HasPermissionAnyMiddleware, CookieStoreWrapper
+    HasPermissionAnyMiddleware, CookieStoreWrapper, check_ip_access
 from rhodecode.lib.utils import get_repo_slug, invalidate_cache
 from rhodecode.model import meta
 from rhodecode.model.db import Repository, RhodeCodeUi, User, RhodeCodeSetting
 from rhodecode.model.notification import NotificationModel
 from rhodecode.model.scm import ScmModel
 from rhodecode.model.meta import Session
 log = logging.getLogger(__name__)
 def _get_ip_addr(environ):
     proxy_key = 'HTTP_X_REAL_IP'
     proxy_key2 = 'HTTP_X_FORWARDED_FOR'
     def_key = 'REMOTE_ADDR'
     ip = environ.get(proxy_key2)
     if ip:
         return ip
     ip = environ.get(proxy_key)
     if ip:
         return ip
     ip = environ.get(def_key, '0.0.0.0')
     return ip
 def _get_access_path(environ):
     path = environ.get('PATH_INFO')
     org_req = environ.get('pylons.original_request')
     if org_req:
         path = org_req.environ.get('PATH_INFO')
     return path
 class BasicAuth(AuthBasicAuthenticator):
     def __init__(self, realm, authfunc, auth_http_code=None):
         self.realm = realm
         self.authfunc = authfunc
         self._rc_auth_http_code = auth_http_code
     def build_authentication(self):
         head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
         if self._rc_auth_http_code and self._rc_auth_http_code == '403':
             # return 403 if alternative http return code is specified in
             # RhodeCode config
             return HTTPForbidden(headers=head)
         return HTTPUnauthorized(headers=head)
     def authenticate(self, environ):
         authorization = AUTHORIZATION(environ)
         if not authorization:
             return self.build_authentication()
         (authmeth, auth) = authorization.split(' ', 1)
         if 'basic' != authmeth.lower():
             return self.build_authentication()
         auth = auth.strip().decode('base64')
         _parts = auth.split(':', 1)
         if len(_parts) == 2:
             username, password = _parts
             if self.authfunc(environ, username, password):
                 return username
         return self.build_authentication()
     __call__ = authenticate
 class BaseVCSController(object):
     def __init__(self, application, config):
         self.application = application
         self.config = config
         # base path of repo locations
         self.basepath = self.config['base_path']
         #authenticate this mercurial request using authfunc
         self.authenticate = BasicAuth('', authfunc,
                                       config.get('auth_ret_code'))
-        self.ipaddr = '0.0.0.0'
+        self.ip_addr = '0.0.0.0'
     def _handle_request(self, environ, start_response):
         raise NotImplementedError()
     def _get_by_id(self, repo_name):
         """
         Get's a special pattern _<ID> from clone url and tries to replace it
         with a repository_name for support of _<ID> non changable urls
         :param repo_name:
         """
         try:
             data = repo_name.split('/')
             if len(data) >= 2:
                 by_id = data[1].split('_')
                 if len(by_id) == 2 and by_id[1].isdigit():
                     _repo_name = Repository.get(by_id[1]).repo_name
                     data[1] = _repo_name
         except:
             log.debug('Failed to extract repo_name from id %s' % (
                       traceback.format_exc()
+                      )
+            )
         return '/'.join(data)
     def _invalidate_cache(self, repo_name):
         """
         Set's cache for this repository for invalidation on next access
         :param repo_name: full repo name, also a cache key
         """
         invalidate_cache('get_repo_cached_%s' % repo_name)
     def _check_permission(self, action, user, repo_name):
+    def _check_permission(self, action, user, repo_name, ip_addr=None):
         """
         Checks permissions using action (push/pull) user and repository
         name
         :param action: push or pull action
         :param user: user instance
         :param repo_name: repository name
         """
         #check IP
         allowed_ips = AuthUser.get_allowed_ips(user.user_id)
         if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips) is False:
             log.info('Access for IP:%s forbidden, '
                      'not in %s' % (ip_addr, allowed_ips))
             return False
         else:
             log.info('Access for IP:%s allowed' % (ip_addr))
         if action == 'push':
             if not HasPermissionAnyMiddleware('repository.write',
                                               'repository.admin')(user,
                                                                   repo_name):
                 return False
         else:
             #any other action need at least read permission
             if not HasPermissionAnyMiddleware('repository.read',
                                               'repository.write',
                                               'repository.admin')(user,
                                                                   repo_name):
                 return False
         return True
     def _get_ip_addr(self, environ):
         return _get_ip_addr(environ)
     def _check_ssl(self, environ, start_response):
         """
         Checks the SSL check flag and returns False if SSL is not present
         and required True otherwise
         """
         org_proto = environ['wsgi._org_proto']
         #check if we have SSL required  ! if not it's a bad request !
         require_ssl = str2bool(RhodeCodeUi.get_by_key('push_ssl').ui_value)
         if require_ssl and org_proto == 'http':
             log.debug('proto is %s and SSL is required BAD REQUEST !'
                       % org_proto)
             return False
         return True
     def _check_locking_state(self, environ, action, repo, user_id):
         """
         Checks locking on this repository, if locking is enabled and lock is
         present returns a tuple of make_lock, locked, locked_by.
         make_lock can have 3 states None (do nothing) True, make lock
         False release lock, This value is later propagated to hooks, which
         do the locking. Think about this as signals passed to hooks what to do.
         """
         locked = False  # defines that locked error should be thrown to user
         make_lock = None
         repo = Repository.get_by_repo_name(repo)
         user = User.get(user_id)
         # this is kind of hacky, but due to how mercurial handles client-server
         # server see all operation on changeset; bookmarks, phases and
         # obsolescence marker in different transaction, we don't want to check
         # locking on those
         obsolete_call = environ['QUERY_STRING'] in ['cmd=listkeys',]
         locked_by = repo.locked
         if repo and repo.enable_locking and not obsolete_call:
             if action == 'push':
                 #check if it's already locked !, if it is compare users
                 user_id, _date = repo.locked
                 if user.user_id == user_id:
                     log.debug('Got push from user %s, now unlocking' % (user))
                     # unlock if we have push from user who locked
                     make_lock = False
                 else:
                     # we're not the same user who locked, ban with 423 !
                     locked = True
             if action == 'pull':
                 if repo.locked[0] and repo.locked[1]:
                     locked = True
                 else:
                     log.debug('Setting lock on repo %s by %s' % (repo, user))
                     make_lock = True
         else:
             log.debug('Repository %s do not have locking enabled' % (repo))
         log.debug('FINAL locking values make_lock:%s,locked:%s,locked_by:%s'
                   % (make_lock, locked, locked_by))
         return make_lock, locked, locked_by
     def __call__(self, environ, start_response):
         start = time.time()
         try:
             return self._handle_request(environ, start_response)
         finally:
             log = logging.getLogger('rhodecode.' + self.__class__.__name__)
             log.debug('Request time: %.3fs' % (time.time() - start))
             meta.Session.remove()
 class BaseController(WSGIController):
     def __before__(self):
         """
         __before__ is called before controller methods and after __call__
         """
         c.rhodecode_version = __version__
         c.rhodecode_instanceid = config.get('instance_id')
         c.rhodecode_name = config.get('rhodecode_title')
         c.use_gravatar = str2bool(config.get('use_gravatar'))
         c.ga_code = config.get('rhodecode_ga_code')
         # Visual options
         c.visual = AttributeDict({})
         rc_config = RhodeCodeSetting.get_app_settings()
         c.visual.show_public_icon = str2bool(rc_config.get('rhodecode_show_public_icon'))
         c.visual.show_private_icon = str2bool(rc_config.get('rhodecode_show_private_icon'))
         c.visual.stylify_metatags = str2bool(rc_config.get('rhodecode_stylify_metatags'))
         c.visual.lightweight_dashboard = str2bool(rc_config.get('rhodecode_lightweight_dashboard'))
         c.visual.lightweight_dashboard_items = safe_int(config.get('dashboard_items', 100))
         c.repo_name = get_repo_slug(request)
         c.backends = BACKENDS.keys()
         c.unread_notifications = NotificationModel()\
                         .get_unread_cnt_for_user(c.rhodecode_user.user_id)
         self.cut_off_limit = int(config.get('cut_off_limit'))
         self.sa = meta.Session
         self.scm_model = ScmModel(self.sa)
         self.ip_addr = ''
     def __call__(self, environ, start_response):
         """Invoke the Controller"""
         # WSGIController.__call__ dispatches to the Controller method
         # the request is routed to. This routing information is
         # available in environ['pylons.routes_dict']
         start = time.time()
         try:
             self.ip_addr = _get_ip_addr(environ)
             # make sure that we update permissions each time we call controller
             api_key = request.GET.get('api_key')
             cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
             user_id = cookie_store.get('user_id', None)
             username = get_container_username(environ, config)
             auth_user = AuthUser(user_id, api_key, username)
+            auth_user = AuthUser(user_id, api_key, username, self.ip_addr)
             request.user = auth_user
             self.rhodecode_user = c.rhodecode_user = auth_user
             if not self.rhodecode_user.is_authenticated and \
                        self.rhodecode_user.user_id is not None:
                 self.rhodecode_user.set_authenticated(
                     cookie_store.get('is_authenticated')
+                )
             log.info('IP: %s User: %s accessed %s' % (
                self.ip_addr, auth_user, safe_unicode(_get_access_path(environ)))
+            )
             return WSGIController.__call__(self, environ, start_response)
         finally:
             log.info('IP: %s Request to %s time: %.3fs' % (
                 _get_ip_addr(environ),
                 safe_unicode(_get_access_path(environ)), time.time() - start)
+            )
             meta.Session.remove()
 class BaseRepoController(BaseController):
     """
     Base class for controllers responsible for loading all needed data for
     repository loaded items are
     c.rhodecode_repo: instance of scm repository
     c.rhodecode_db_repo: instance of db
     c.repository_followers: number of followers
     c.repository_forks: number of forks
     """
     def __before__(self):
         super(BaseRepoController, self).__before__()
         if c.repo_name:
             dbr = c.rhodecode_db_repo = Repository.get_by_repo_name(c.repo_name)
             c.rhodecode_repo = c.rhodecode_db_repo.scm_instance
             # update last change according to VCS data
             dbr.update_last_change(c.rhodecode_repo.last_change)
             if c.rhodecode_repo is None:
                 log.error('%s this repository is present in database but it '
                           'cannot be created as an scm instance', c.repo_name)
                 redirect(url('home'))
             # some globals counter for menu
             c.repository_followers = self.scm_model.get_followers(dbr)
             c.repository_forks = self.scm_model.get_forks(dbr)
             c.repository_pull_requests = self.scm_model.get_pull_requests(dbr)

rhodecode/lib/db_manage.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.lib.db_manage
     ~~~~~~~~~~~~~~~~~~~~~~~
     Database creation, and setup module for RhodeCode. Used for creation
     of database as well as for migration operations
     :created_on: Apr 10, 2010
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import os
 import sys
 import uuid
 import logging
 from os.path import dirname as dn, join as jn
 from rhodecode import __dbversion__, __py_version__
 from rhodecode.model.user import UserModel
 from rhodecode.lib.utils import ask_ok
 from rhodecode.model import init_model
 from rhodecode.model.db import User, Permission, RhodeCodeUi, \
     RhodeCodeSetting, UserToPerm, DbMigrateVersion, RepoGroup, \
     UserRepoGroupToPerm
 from sqlalchemy.engine import create_engine
 from rhodecode.model.repos_group import ReposGroupModel
 #from rhodecode.model import meta
 from rhodecode.model.meta import Session, Base
 log = logging.getLogger(__name__)
 def notify(msg):
     """
     Notification for migrations messages
     """
     ml = len(msg) + (4 * 2)
     print >> sys.stdout, ('*** %s ***\n%s' % (msg, '*' * ml)).upper()
 class DbManage(object):
     def __init__(self, log_sql, dbconf, root, tests=False, cli_args={}):
         self.dbname = dbconf.split('/')[-1]
         self.tests = tests
         self.root = root
         self.dburi = dbconf
         self.log_sql = log_sql
         self.db_exists = False
         self.cli_args = cli_args
         self.init_db()
         global ask_ok
         if self.cli_args.get('force_ask') is True:
             ask_ok = lambda *args, **kwargs: True
         elif self.cli_args.get('force_ask') is False:
             ask_ok = lambda *args, **kwargs: False
     def init_db(self):
         engine = create_engine(self.dburi, echo=self.log_sql)
         init_model(engine)
         self.sa = Session()
     def create_tables(self, override=False):
         """
         Create a auth database
         """
         log.info("Any existing database is going to be destroyed")
         if self.tests:
             destroy = True
         else:
             destroy = ask_ok('Are you sure to destroy old database ? [y/n]')
         if not destroy:
             sys.exit('Nothing done')
         if destroy:
             Base.metadata.drop_all()
         checkfirst = not override
         Base.metadata.create_all(checkfirst=checkfirst)
         log.info('Created tables for %s' % self.dbname)
     def set_db_version(self):
         ver = DbMigrateVersion()
         ver.version = __dbversion__
         ver.repository_id = 'rhodecode_db_migrations'
         ver.repository_path = 'versions'
         self.sa.add(ver)
         log.info('db version set to: %s' % __dbversion__)
     def upgrade(self):
         """
         Upgrades given database schema to given revision following
         all needed steps, to perform the upgrade
         """
         from rhodecode.lib.dbmigrate.migrate.versioning import api
         from rhodecode.lib.dbmigrate.migrate.exceptions import \
             DatabaseNotControlledError
         if 'sqlite' in self.dburi:
             print (
                '********************** WARNING **********************\n'
                'Make sure your version of sqlite is at least 3.7.X.  \n'
                'Earlier versions are known to fail on some migrations\n'
                '*****************************************************\n'
+            )
         upgrade = ask_ok('You are about to perform database upgrade, make '
                          'sure You backed up your database before. '
                          'Continue ? [y/n]')
         if not upgrade:
             sys.exit('Nothing done')
         repository_path = jn(dn(dn(dn(os.path.realpath(__file__)))),
                              'rhodecode/lib/dbmigrate')
         db_uri = self.dburi
         try:
             curr_version = api.db_version(db_uri, repository_path)
             msg = ('Found current database under version'
                  ' control with version %s' % curr_version)
         except (RuntimeError, DatabaseNotControlledError):
             curr_version = 1
             msg = ('Current database is not under version control. Setting'
                    ' as version %s' % curr_version)
             api.version_control(db_uri, repository_path, curr_version)
         notify(msg)
         if curr_version == __dbversion__:
             sys.exit('This database is already at the newest version')
         #======================================================================
         # UPGRADE STEPS
         #======================================================================
         class UpgradeSteps(object):
             """
             Those steps follow schema versions so for example schema
             for example schema with seq 002 == step_2 and so on.
             """
             def __init__(self, klass):
                 self.klass = klass
             def step_0(self):
                 # step 0 is the schema upgrade, and than follow proper upgrades
                 notify('attempting to do database upgrade to version %s' \
                                 % __dbversion__)
                 api.upgrade(db_uri, repository_path, __dbversion__)
                 notify('Schema upgrade completed')
             def step_1(self):
                 pass
             def step_2(self):
                 notify('Patching repo paths for newer version of RhodeCode')
                 self.klass.fix_repo_paths()
                 notify('Patching default user of RhodeCode')
                 self.klass.fix_default_user()
                 log.info('Changing ui settings')
                 self.klass.create_ui_settings()
             def step_3(self):
                 notify('Adding additional settings into RhodeCode db')
                 self.klass.fix_settings()
                 notify('Adding ldap defaults')
                 self.klass.create_ldap_options(skip_existing=True)
             def step_4(self):
                 notify('create permissions and fix groups')
                 self.klass.create_permissions()
                 self.klass.fixup_groups()
             def step_5(self):
                 pass
             def step_6(self):
                 notify('re-checking permissions')
                 self.klass.create_permissions()
                 notify('installing new UI options')
                 sett4 = RhodeCodeSetting('show_public_icon', True)
                 Session().add(sett4)
                 sett5 = RhodeCodeSetting('show_private_icon', True)
                 Session().add(sett5)
                 sett6 = RhodeCodeSetting('stylify_metatags', False)
                 Session().add(sett6)
                 notify('fixing old PULL hook')
                 _pull = RhodeCodeUi.get_by_key('preoutgoing.pull_logger')
                 if _pull:
                     _pull.ui_key = RhodeCodeUi.HOOK_PULL
                     Session().add(_pull)
                 notify('fixing old PUSH hook')
                 _push = RhodeCodeUi.get_by_key('pretxnchangegroup.push_logger')
                 if _push:
                     _push.ui_key = RhodeCodeUi.HOOK_PUSH
                     Session().add(_push)
                 notify('installing new pre-push hook')
                 hooks4 = RhodeCodeUi()
                 hooks4.ui_section = 'hooks'
                 hooks4.ui_key = RhodeCodeUi.HOOK_PRE_PUSH
                 hooks4.ui_value = 'python:rhodecode.lib.hooks.pre_push'
                 Session().add(hooks4)
                 notify('installing new pre-pull hook')
                 hooks6 = RhodeCodeUi()
                 hooks6.ui_section = 'hooks'
                 hooks6.ui_key = RhodeCodeUi.HOOK_PRE_PULL
                 hooks6.ui_value = 'python:rhodecode.lib.hooks.pre_pull'
                 Session().add(hooks6)
                 notify('installing hgsubversion option')
                 # enable hgsubversion disabled by default
                 hgsubversion = RhodeCodeUi()
                 hgsubversion.ui_section = 'extensions'
                 hgsubversion.ui_key = 'hgsubversion'
                 hgsubversion.ui_value = ''
                 hgsubversion.ui_active = False
                 Session().add(hgsubversion)
                 notify('installing hg git option')
                 # enable hggit disabled by default
                 hggit = RhodeCodeUi()
                 hggit.ui_section = 'extensions'
                 hggit.ui_key = 'hggit'
                 hggit.ui_value = ''
                 hggit.ui_active = False
                 Session().add(hggit)
                 notify('re-check default permissions')
                 default_user = User.get_by_username(User.DEFAULT_USER)
                 perm = Permission.get_by_key('hg.fork.repository')
                 reg_perm = UserToPerm()
                 reg_perm.user = default_user
                 reg_perm.permission = perm
                 Session().add(reg_perm)
             def step_7(self):
                 perm_fixes = self.klass.reset_permissions(User.DEFAULT_USER)
                 Session().commit()
                 if perm_fixes:
                     notify('There was an inconsistent state of permissions '
                            'detected for default user. Permissions are now '
                            'reset to the default value for default user. '
                            'Please validate and check default permissions '
                            'in admin panel')
             def step_8(self):
                 self.klass.populate_default_permissions()
                 self.klass.create_default_options(skip_existing=True)
                 Session().commit()
             def step_9(self):
                 perm_fixes = self.klass.reset_permissions(User.DEFAULT_USER)
                 Session().commit()
                 if perm_fixes:
                     notify('There was an inconsistent state of permissions '
                            'detected for default user. Permissions are now '
                            'reset to the default value for default user. '
                            'Please validate and check default permissions '
                            'in admin panel')
             def step_10(self):
                 pass
         upgrade_steps = [0] + range(curr_version + 1, __dbversion__ + 1)
         # CALL THE PROPER ORDER OF STEPS TO PERFORM FULL UPGRADE
         _step = None
         for step in upgrade_steps:
             notify('performing upgrade step %s' % step)
             getattr(UpgradeSteps(self), 'step_%s' % step)()
             self.sa.commit()
             _step = step
         notify('upgrade to version %s successful' % _step)
     def fix_repo_paths(self):
         """
         Fixes a old rhodecode version path into new one without a '*'
         """
         paths = self.sa.query(RhodeCodeUi)\
                 .filter(RhodeCodeUi.ui_key == '/')\
                 .scalar()
         paths.ui_value = paths.ui_value.replace('*', '')
         try:
             self.sa.add(paths)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise
     def fix_default_user(self):
         """
         Fixes a old default user with some 'nicer' default values,
         used mostly for anonymous access
         """
         def_user = self.sa.query(User)\
                 .filter(User.username == 'default')\
                 .one()
         def_user.name = 'Anonymous'
         def_user.lastname = 'User'
         def_user.email = 'anonymous@rhodecode.org'
         try:
             self.sa.add(def_user)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise
     def fix_settings(self):
         """
         Fixes rhodecode settings adds ga_code key for google analytics
         """
         hgsettings3 = RhodeCodeSetting('ga_code', '')
         try:
             self.sa.add(hgsettings3)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise
     def admin_prompt(self, second=False):
         if not self.tests:
             import getpass
             # defaults
             defaults = self.cli_args
             username = defaults.get('username')
             password = defaults.get('password')
             email = defaults.get('email')
             def get_password():
                 password = getpass.getpass('Specify admin password '
                                            '(min 6 chars):')
                 confirm = getpass.getpass('Confirm password:')
                 if password != confirm:
                     log.error('passwords mismatch')
                     return False
                 if len(password) < 6:
                     log.error('password is to short use at least 6 characters')
                     return False
                 return password
             if username is None:
                 username = raw_input('Specify admin username:')
             if password is None:
                 password = get_password()
                 if not password:
                     #second try
                     password = get_password()
                     if not password:
                         sys.exit()
             if email is None:
                 email = raw_input('Specify admin email:')
             self.create_user(username, password, email, True)
         else:
             log.info('creating admin and regular test users')
             from rhodecode.tests import TEST_USER_ADMIN_LOGIN, \
             TEST_USER_ADMIN_PASS, TEST_USER_ADMIN_EMAIL, \
             TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS, \
             TEST_USER_REGULAR_EMAIL, TEST_USER_REGULAR2_LOGIN, \
             TEST_USER_REGULAR2_PASS, TEST_USER_REGULAR2_EMAIL
             self.create_user(TEST_USER_ADMIN_LOGIN, TEST_USER_ADMIN_PASS,
                              TEST_USER_ADMIN_EMAIL, True)
             self.create_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS,
                              TEST_USER_REGULAR_EMAIL, False)
             self.create_user(TEST_USER_REGULAR2_LOGIN, TEST_USER_REGULAR2_PASS,
                              TEST_USER_REGULAR2_EMAIL, False)
     def create_ui_settings(self):
         """
         Creates ui settings, fills out hooks
         and disables dotencode
         """
         #HOOKS
         hooks1_key = RhodeCodeUi.HOOK_UPDATE
         hooks1_ = self.sa.query(RhodeCodeUi)\
             .filter(RhodeCodeUi.ui_key == hooks1_key).scalar()
         hooks1 = RhodeCodeUi() if hooks1_ is None else hooks1_
         hooks1.ui_section = 'hooks'
         hooks1.ui_key = hooks1_key
         hooks1.ui_value = 'hg update >&2'
         hooks1.ui_active = False
         self.sa.add(hooks1)
         hooks2_key = RhodeCodeUi.HOOK_REPO_SIZE
         hooks2_ = self.sa.query(RhodeCodeUi)\
             .filter(RhodeCodeUi.ui_key == hooks2_key).scalar()
         hooks2 = RhodeCodeUi() if hooks2_ is None else hooks2_
         hooks2.ui_section = 'hooks'
         hooks2.ui_key = hooks2_key
         hooks2.ui_value = 'python:rhodecode.lib.hooks.repo_size'
         self.sa.add(hooks2)
         hooks3 = RhodeCodeUi()
         hooks3.ui_section = 'hooks'
         hooks3.ui_key = RhodeCodeUi.HOOK_PUSH
         hooks3.ui_value = 'python:rhodecode.lib.hooks.log_push_action'
         self.sa.add(hooks3)
         hooks4 = RhodeCodeUi()
         hooks4.ui_section = 'hooks'
         hooks4.ui_key = RhodeCodeUi.HOOK_PRE_PUSH
         hooks4.ui_value = 'python:rhodecode.lib.hooks.pre_push'
         self.sa.add(hooks4)
         hooks5 = RhodeCodeUi()
         hooks5.ui_section = 'hooks'
         hooks5.ui_key = RhodeCodeUi.HOOK_PULL
         hooks5.ui_value = 'python:rhodecode.lib.hooks.log_pull_action'
         self.sa.add(hooks5)
         hooks6 = RhodeCodeUi()
         hooks6.ui_section = 'hooks'
         hooks6.ui_key = RhodeCodeUi.HOOK_PRE_PULL
         hooks6.ui_value = 'python:rhodecode.lib.hooks.pre_pull'
         self.sa.add(hooks6)
         # enable largefiles
         largefiles = RhodeCodeUi()
         largefiles.ui_section = 'extensions'
         largefiles.ui_key = 'largefiles'
         largefiles.ui_value = ''
         self.sa.add(largefiles)
         # enable hgsubversion disabled by default
         hgsubversion = RhodeCodeUi()
         hgsubversion.ui_section = 'extensions'
         hgsubversion.ui_key = 'hgsubversion'
         hgsubversion.ui_value = ''
         hgsubversion.ui_active = False
         self.sa.add(hgsubversion)
         # enable hggit disabled by default
         hggit = RhodeCodeUi()
         hggit.ui_section = 'extensions'
         hggit.ui_key = 'hggit'
         hggit.ui_value = ''
         hggit.ui_active = False
         self.sa.add(hggit)
     def create_ldap_options(self, skip_existing=False):
         """Creates ldap settings"""
         for k, v in [('ldap_active', 'false'), ('ldap_host', ''),
                     ('ldap_port', '389'), ('ldap_tls_kind', 'PLAIN'),
                     ('ldap_tls_reqcert', ''), ('ldap_dn_user', ''),
                     ('ldap_dn_pass', ''), ('ldap_base_dn', ''),
                     ('ldap_filter', ''), ('ldap_search_scope', ''),
                     ('ldap_attr_login', ''), ('ldap_attr_firstname', ''),
                     ('ldap_attr_lastname', ''), ('ldap_attr_email', '')]:
             if skip_existing and RhodeCodeSetting.get_by_name(k) != None:
                 log.debug('Skipping option %s' % k)
                 continue
             setting = RhodeCodeSetting(k, v)
             self.sa.add(setting)
     def create_default_options(self, skip_existing=False):
         """Creates default settings"""
         for k, v in [
             ('default_repo_enable_locking',  False),
             ('default_repo_enable_downloads', False),
             ('default_repo_enable_statistics', False),
             ('default_repo_private', False),
             ('default_repo_type', 'hg')]:
             if skip_existing and RhodeCodeSetting.get_by_name(k) != None:
                 log.debug('Skipping option %s' % k)
                 continue
             setting = RhodeCodeSetting(k, v)
             self.sa.add(setting)
     def fixup_groups(self):
         def_usr = User.get_by_username('default')
         for g in RepoGroup.query().all():
             g.group_name = g.get_new_name(g.name)
             self.sa.add(g)
             # get default perm
             default = UserRepoGroupToPerm.query()\
                 .filter(UserRepoGroupToPerm.group == g)\
                 .filter(UserRepoGroupToPerm.user == def_usr)\
                 .scalar()
             if default is None:
                 log.debug('missing default permission for group %s adding' % g)
                 ReposGroupModel()._create_default_perms(g)
     def reset_permissions(self, username):
         """
         Resets permissions to default state, usefull when old systems had
         bad permissions, we must clean them up
         :param username:
         :type username:
         """
         default_user = User.get_by_username(username)
         if not default_user:
             return
         u2p = UserToPerm.query()\
             .filter(UserToPerm.user == default_user).all()
         fixed = False
         if len(u2p) != len(User.DEFAULT_PERMISSIONS):
             for p in u2p:
                 Session().delete(p)
             fixed = True
             self.populate_default_permissions()
         return fixed
     def config_prompt(self, test_repo_path='', retries=3):
         defaults = self.cli_args
         _path = defaults.get('repos_location')
         if retries == 3:
             log.info('Setting up repositories config')
         if _path is not None:
             path = _path
         elif not self.tests and not test_repo_path:
             path = raw_input(
                  'Enter a valid absolute path to store repositories. '
                  'All repositories in that path will be added automatically:'
+            )
         else:
             path = test_repo_path
         path_ok = True
         # check proper dir
         if not os.path.isdir(path):
             path_ok = False
             log.error('Given path %s is not a valid directory' % path)
         elif not os.path.isabs(path):
             path_ok = False
             log.error('Given path %s is not an absolute path' % path)
         # check write access
         elif not os.access(path, os.W_OK) and path_ok:
             path_ok = False
             log.error('No write permission to given path %s' % path)
         if retries == 0:
             sys.exit('max retries reached')
         if path_ok is False:
             retries -= 1
             return self.config_prompt(test_repo_path, retries)
         real_path = os.path.normpath(os.path.realpath(path))
         if real_path != os.path.normpath(path):
             if not ask_ok(('Path looks like a symlink, Rhodecode will store '
                            'given path as %s ? [y/n]') % (real_path)):
                 log.error('Canceled by user')
                 sys.exit(-1)
         return real_path
     def create_settings(self, path):
         self.create_ui_settings()
         #HG UI OPTIONS
         web1 = RhodeCodeUi()
         web1.ui_section = 'web'
         web1.ui_key = 'push_ssl'
         web1.ui_value = 'false'
         web2 = RhodeCodeUi()
         web2.ui_section = 'web'
         web2.ui_key = 'allow_archive'
         web2.ui_value = 'gz zip bz2'
         web3 = RhodeCodeUi()
         web3.ui_section = 'web'
         web3.ui_key = 'allow_push'
         web3.ui_value = '*'
         web4 = RhodeCodeUi()
         web4.ui_section = 'web'
         web4.ui_key = 'baseurl'
         web4.ui_value = '/'
         paths = RhodeCodeUi()
         paths.ui_section = 'paths'
         paths.ui_key = '/'
         paths.ui_value = path
         phases = RhodeCodeUi()
         phases.ui_section = 'phases'
         phases.ui_key = 'publish'
         phases.ui_value = False
         sett1 = RhodeCodeSetting('realm', 'RhodeCode authentication')
         sett2 = RhodeCodeSetting('title', 'RhodeCode')
         sett3 = RhodeCodeSetting('ga_code', '')
         sett4 = RhodeCodeSetting('show_public_icon', True)
         sett5 = RhodeCodeSetting('show_private_icon', True)
         sett6 = RhodeCodeSetting('stylify_metatags', False)
         self.sa.add(web1)
         self.sa.add(web2)
         self.sa.add(web3)
         self.sa.add(web4)
         self.sa.add(paths)
         self.sa.add(sett1)
         self.sa.add(sett2)
         self.sa.add(sett3)
         self.sa.add(sett4)
         self.sa.add(sett5)
         self.sa.add(sett6)
         self.create_ldap_options()
         self.create_default_options()
         log.info('created ui config')
     def create_user(self, username, password, email='', admin=False):
         log.info('creating user %s' % username)
         UserModel().create_or_update(username, password, email,
                                      firstname='RhodeCode', lastname='Admin',
                                      active=True, admin=admin)
     def create_default_user(self):
         log.info('creating default user')
         # create default user for handling default permissions.
         UserModel().create_or_update(username='default',
                               password=str(uuid.uuid1())[:8],
                               email='anonymous@rhodecode.org',
                               firstname='Anonymous', lastname='User')
     def create_permissions(self):
         # module.(access|create|change|delete)_[name]
         # module.(none|read|write|admin)
         for p in Permission.PERMS:
             if not Permission.get_by_key(p[0]):
                 new_perm = Permission()
                 new_perm.permission_name = p[0]
                 new_perm.permission_longname = p[0]
                 self.sa.add(new_perm)
     def populate_default_permissions(self):
         log.info('creating default user permissions')
         default_user = User.get_by_username('default')
         for def_perm in User.DEFAULT_PERMISSIONS:
             perm = self.sa.query(Permission)\
              .filter(Permission.permission_name == def_perm)\
              .scalar()
             if not perm:
                 raise Exception(
                   'CRITICAL: permission %s not found inside database !!'
                   % def_perm
+                )
             if not UserToPerm.query()\
                 .filter(UserToPerm.permission == perm)\
                 .filter(UserToPerm.user == default_user).scalar():
                 reg_perm = UserToPerm()
                 reg_perm.user = default_user
                 reg_perm.permission = perm
                 self.sa.add(reg_perm)
     def finish(self):
         """
         Function executed at the end of setup
         """
         if not __py_version__ >= (2, 6):
             notify('Python2.5 detected, please switch '
                    'egg:waitress#main -> egg:Paste#http '
                    'in your .ini file')

rhodecode/lib/dbmigrate/versions/010_version_1_5_2.py

➞

Show inline comments

@@ new file 100644 @@
 import logging
 import datetime
 from sqlalchemy import *
 from sqlalchemy.exc import DatabaseError
 from sqlalchemy.orm import relation, backref, class_mapper, joinedload
 from sqlalchemy.orm.session import Session
 from sqlalchemy.ext.declarative import declarative_base
 from rhodecode.lib.dbmigrate.migrate import *
 from rhodecode.lib.dbmigrate.migrate.changeset import *
 from rhodecode.model.meta import Base
 from rhodecode.model import meta
 log = logging.getLogger(__name__)
 def upgrade(migrate_engine):
     """
     Upgrade operations go here.
     Don't create your own engine; bind migrate_engine to your metadata
     """
     #==========================================================================
     # USER LOGS
     #==========================================================================
     from rhodecode.lib.dbmigrate.schema.db_1_5_0 import UserIpMap
     tbl = UserIpMap.__table__
     tbl.create()
 def downgrade(migrate_engine):
     meta = MetaData()
     meta.bind = migrate_engine

rhodecode/lib/helpers.py

➞

Show inline comments

 """Helper functions
 Consists of functions to typically be used within templates, but also
 available to Controllers. This module is available to both as 'h'.
 """
 import random
 import hashlib
 import StringIO
 import urllib
 import math
 import logging
 import re
 import urlparse
 import textwrap
 from datetime import datetime
 from pygments.formatters.html import HtmlFormatter
 from pygments import highlight as code_highlight
 from pylons import url, request, config
 from pylons.i18n.translation import _, ungettext
 from hashlib import md5
 from webhelpers.html import literal, HTML, escape
 from webhelpers.html.tools import *
 from webhelpers.html.builder import make_tag
 from webhelpers.html.tags import auto_discovery_link, checkbox, css_classes, \
     end_form, file, form, hidden, image, javascript_link, link_to, \
     link_to_if, link_to_unless, ol, required_legend, select, stylesheet_link, \
     submit, text, password, textarea, title, ul, xml_declaration, radio
 from webhelpers.html.tools import auto_link, button_to, highlight, \
     js_obfuscate, mail_to, strip_links, strip_tags, tag_re
 from webhelpers.number import format_byte_size, format_bit_size
 from webhelpers.pylonslib import Flash as _Flash
 from webhelpers.pylonslib.secure_form import secure_form
 from webhelpers.text import chop_at, collapse, convert_accented_entities, \
     convert_misc_entities, lchop, plural, rchop, remove_formatting, \
     replace_whitespace, urlify, truncate, wrap_paragraphs
 from webhelpers.date import time_ago_in_words
 from webhelpers.paginate import Page
 from webhelpers.html.tags import _set_input_attrs, _set_id_attr, \
     convert_boolean_attrs, NotGiven, _make_safe_id_component
 from rhodecode.lib.annotate import annotate_highlight
 from rhodecode.lib.utils import repo_name_slug
 from rhodecode.lib.utils2 import str2bool, safe_unicode, safe_str, \
     get_changeset_safe, datetime_to_time, time_to_datetime, AttributeDict
 from rhodecode.lib.markup_renderer import MarkupRenderer
 from rhodecode.lib.vcs.exceptions import ChangesetDoesNotExistError
 from rhodecode.lib.vcs.backends.base import BaseChangeset, EmptyChangeset
 from rhodecode.config.conf import DATE_FORMAT, DATETIME_FORMAT
 from rhodecode.model.changeset_status import ChangesetStatusModel
 from rhodecode.model.db import URL_SEP, Permission
 log = logging.getLogger(__name__)
 html_escape_table = {
     "&": "&amp;",
     '"': "&quot;",
     "'": "&apos;",
     ">": "&gt;",
     "<": "&lt;",
+}
 def html_escape(text):
     """Produce entities within text."""
     return "".join(html_escape_table.get(c, c) for c in text)
 def shorter(text, size=20):
     postfix = '...'
     if len(text) > size:
         return text[:size - len(postfix)] + postfix
     return text
 def _reset(name, value=None, id=NotGiven, type="reset", **attrs):
     """
     Reset button
     """
     _set_input_attrs(attrs, type, name, value)
     _set_id_attr(attrs, id, name)
     convert_boolean_attrs(attrs, ["disabled"])
     return HTML.input(**attrs)
 reset = _reset
 safeid = _make_safe_id_component
 def FID(raw_id, path):
     """
     Creates a uniqe ID for filenode based on it's hash of path and revision
     it's safe to use in urls
     :param raw_id:
     :param path:
     """
     return 'C-%s-%s' % (short_id(raw_id), md5(safe_str(path)).hexdigest()[:12])
 def get_token():
     """Return the current authentication token, creating one if one doesn't
     already exist.
     """
     token_key = "_authentication_token"
     from pylons import session
     if not token_key in session:
         try:
             token = hashlib.sha1(str(random.getrandbits(128))).hexdigest()
         except AttributeError:  # Python < 2.4
             token = hashlib.sha1(str(random.randrange(2 ** 128))).hexdigest()
         session[token_key] = token
         if hasattr(session, 'save'):
             session.save()
     return session[token_key]
 class _GetError(object):
     """Get error from form_errors, and represent it as span wrapped error
     message
     :param field_name: field to fetch errors for
     :param form_errors: form errors dict
     """
     def __call__(self, field_name, form_errors):
         tmpl = """<span class="error_msg">%s</span>"""
         if form_errors and field_name in form_errors:
             return literal(tmpl % form_errors.get(field_name))
 get_error = _GetError()
 class _ToolTip(object):
     def __call__(self, tooltip_title, trim_at=50):
         """
         Special function just to wrap our text into nice formatted
         autowrapped text
         :param tooltip_title:
         """
         tooltip_title = escape(tooltip_title)
         tooltip_title = tooltip_title.replace('<', '&lt;').replace('>', '&gt;')
         return tooltip_title
 tooltip = _ToolTip()
 class _FilesBreadCrumbs(object):
     def __call__(self, repo_name, rev, paths):
         if isinstance(paths, str):
             paths = safe_unicode(paths)
         url_l = [link_to(repo_name, url('files_home',
                                         repo_name=repo_name,
                                         revision=rev, f_path=''),
                          class_='ypjax-link')]
         paths_l = paths.split('/')
         for cnt, p in enumerate(paths_l):
             if p != '':
                 url_l.append(link_to(p,
                                      url('files_home',
                                          repo_name=repo_name,
                                          revision=rev,
                                          f_path='/'.join(paths_l[:cnt + 1])
                                          ),
                                      class_='ypjax-link'
+                                     )
+                             )
         return literal('/'.join(url_l))
 files_breadcrumbs = _FilesBreadCrumbs()
 class CodeHtmlFormatter(HtmlFormatter):
     """
     My code Html Formatter for source codes
     """
     def wrap(self, source, outfile):
         return self._wrap_div(self._wrap_pre(self._wrap_code(source)))
     def _wrap_code(self, source):
         for cnt, it in enumerate(source):
             i, t = it
             t = '<div id="L%s">%s</div>' % (cnt + 1, t)
             yield i, t
     def _wrap_tablelinenos(self, inner):
         dummyoutfile = StringIO.StringIO()
         lncount = 0
         for t, line in inner:
             if t:
                 lncount += 1
             dummyoutfile.write(line)
         fl = self.linenostart
         mw = len(str(lncount + fl - 1))
         sp = self.linenospecial
         st = self.linenostep
         la = self.lineanchors
         aln = self.anchorlinenos
         nocls = self.noclasses
         if sp:
             lines = []
             for i in range(fl, fl + lncount):
                 if i % st == 0:
                     if i % sp == 0:
                         if aln:
                             lines.append('<a href="#%s%d" class="special">%*d</a>' %
                                          (la, i, mw, i))
                         else:
                             lines.append('<span class="special">%*d</span>' % (mw, i))
                     else:
                         if aln:
                             lines.append('<a href="#%s%d">%*d</a>' % (la, i, mw, i))
                         else:
                             lines.append('%*d' % (mw, i))
                 else:
                     lines.append('')
             ls = '\n'.join(lines)
         else:
             lines = []
             for i in range(fl, fl + lncount):
                 if i % st == 0:
                     if aln:
                         lines.append('<a href="#%s%d">%*d</a>' % (la, i, mw, i))
                     else:
                         lines.append('%*d' % (mw, i))
                 else:
                     lines.append('')
             ls = '\n'.join(lines)
         # in case you wonder about the seemingly redundant <div> here: since the
         # content in the other cell also is wrapped in a div, some browsers in
         # some configurations seem to mess up the formatting...
         if nocls:
             yield 0, ('<table class="%stable">' % self.cssclass +
                       '<tr><td><div class="linenodiv" '
                       'style="background-color: #f0f0f0; padding-right: 10px">'
                       '<pre style="line-height: 125%">' +
                       ls + '</pre></div></td><td id="hlcode" class="code">')
         else:
             yield 0, ('<table class="%stable">' % self.cssclass +
                       '<tr><td class="linenos"><div class="linenodiv"><pre>' +
                       ls + '</pre></div></td><td id="hlcode" class="code">')
         yield 0, dummyoutfile.getvalue()
         yield 0, '</td></tr></table>'
 def pygmentize(filenode, **kwargs):
     """pygmentize function using pygments
     :param filenode:
     """
     return literal(code_highlight(filenode.content,
                                   filenode.lexer, CodeHtmlFormatter(**kwargs)))
 def pygmentize_annotation(repo_name, filenode, **kwargs):
     """
     pygmentize function for annotation
     :param filenode:
     """
     color_dict = {}
     def gen_color(n=10000):
         """generator for getting n of evenly distributed colors using
         hsv color and golden ratio. It always return same order of colors
         :returns: RGB tuple
         """
         def hsv_to_rgb(h, s, v):
             if s == 0.0:
                 return v, v, v
             i = int(h * 6.0)  # XXX assume int() truncates!
             f = (h * 6.0) - i
             p = v * (1.0 - s)
             q = v * (1.0 - s * f)
             t = v * (1.0 - s * (1.0 - f))
             i = i % 6
             if i == 0:
                 return v, t, p
             if i == 1:
                 return q, v, p
             if i == 2:
                 return p, v, t
             if i == 3:
                 return p, q, v
             if i == 4:
                 return t, p, v
             if i == 5:
                 return v, p, q
         golden_ratio = 0.618033988749895
         h = 0.22717784590367374
         for _ in xrange(n):
             h += golden_ratio
             h %= 1
             HSV_tuple = [h, 0.95, 0.95]
             RGB_tuple = hsv_to_rgb(*HSV_tuple)
             yield map(lambda x: str(int(x * 256)), RGB_tuple)
     cgenerator = gen_color()
     def get_color_string(cs):
         if cs in color_dict:
             col = color_dict[cs]
         else:
             col = color_dict[cs] = cgenerator.next()
         return "color: rgb(%s)! important;" % (', '.join(col))
     def url_func(repo_name):
         def _url_func(changeset):
             author = changeset.author
             date = changeset.date
             message = tooltip(changeset.message)
             tooltip_html = ("<div style='font-size:0.8em'><b>Author:</b>"
                             " %s<br/><b>Date:</b> %s</b><br/><b>Message:"
                             "</b> %s<br/></div>")
             tooltip_html = tooltip_html % (author, date, message)
             lnk_format = '%5s:%s' % ('r%s' % changeset.revision,
                                      short_id(changeset.raw_id))
             uri = link_to(
                     lnk_format,
                     url('changeset_home', repo_name=repo_name,
                         revision=changeset.raw_id),
                     style=get_color_string(changeset.raw_id),
                     class_='tooltip',
                     title=tooltip_html
+                  )
             uri += '\n'
             return uri
         return _url_func
     return literal(annotate_highlight(filenode, url_func(repo_name), **kwargs))
 def is_following_repo(repo_name, user_id):
     from rhodecode.model.scm import ScmModel
     return ScmModel().is_following_repo(repo_name, user_id)
 flash = _Flash()
 #==============================================================================
 # SCM FILTERS available via h.
 #==============================================================================
 from rhodecode.lib.vcs.utils import author_name, author_email
 from rhodecode.lib.utils2 import credentials_filter, age as _age
 from rhodecode.model.db import User, ChangesetStatus
 age = lambda  x: _age(x)
 capitalize = lambda x: x.capitalize()
 email = author_email
 short_id = lambda x: x[:12]
 hide_credentials = lambda x: ''.join(credentials_filter(x))
 def fmt_date(date):
     if date:
         _fmt = _(u"%a, %d %b %Y %H:%M:%S").encode('utf8')
         return date.strftime(_fmt).decode('utf8')
     return ""
 def is_git(repository):
     if hasattr(repository, 'alias'):
         _type = repository.alias
     elif hasattr(repository, 'repo_type'):
         _type = repository.repo_type
     else:
         _type = repository
     return _type == 'git'
 def is_hg(repository):
     if hasattr(repository, 'alias'):
         _type = repository.alias
     elif hasattr(repository, 'repo_type'):
         _type = repository.repo_type
     else:
         _type = repository
     return _type == 'hg'
 def email_or_none(author):
     # extract email from the commit string
     _email = email(author)
     if _email != '':
         # check it against RhodeCode database, and use the MAIN email for this
         # user
         user = User.get_by_email(_email, case_insensitive=True, cache=True)
         if user is not None:
             return user.email
         return _email
     # See if it contains a username we can get an email from
     user = User.get_by_username(author_name(author), case_insensitive=True,
                                 cache=True)
     if user is not None:
         return user.email
     # No valid email, not a valid user in the system, none!
     return None
 def person(author, show_attr="username_and_name"):
     # attr to return from fetched user
     person_getter = lambda usr: getattr(usr, show_attr)
     # Valid email in the attribute passed, see if they're in the system
     _email = email(author)
     if _email != '':
         user = User.get_by_email(_email, case_insensitive=True, cache=True)
         if user is not None:
             return person_getter(user)
         return _email
     # Maybe it's a username?
     _author = author_name(author)
     user = User.get_by_username(_author, case_insensitive=True,
                                 cache=True)
     if user is not None:
         return person_getter(user)
     # Still nothing?  Just pass back the author name then
     return _author
 def person_by_id(id_, show_attr="username_and_name"):
     # attr to return from fetched user
     person_getter = lambda usr: getattr(usr, show_attr)
     #maybe it's an ID ?
     if str(id_).isdigit() or isinstance(id_, int):
         id_ = int(id_)
         user = User.get(id_)
         if user is not None:
             return person_getter(user)
     return id_
 def desc_stylize(value):
     """
     converts tags from value into html equivalent
     :param value:
     """
     value = re.sub(r'\[see\ \=\>\ *([a-zA-Z0-9\/\=\?\&\ \:\/\.\-]*)\]',
                    '<div class="metatag" tag="see">see =&gt; \\1 </div>', value)
     value = re.sub(r'\[license\ \=\>\ *([a-zA-Z0-9\/\=\?\&\ \:\/\.\-]*)\]',
                    '<div class="metatag" tag="license"><a href="http:\/\/www.opensource.org/licenses/\\1">\\1</a></div>', value)
     value = re.sub(r'\[(requires|recommends|conflicts|base)\ \=\>\ *([a-zA-Z\-\/]*)\]',
                    '<div class="metatag" tag="\\1">\\1 =&gt; <a href="/\\2">\\2</a></div>', value)
     value = re.sub(r'\[(lang|language)\ \=\>\ *([a-zA-Z\-\/\#\+]*)\]',
                    '<div class="metatag" tag="lang">\\2</div>', value)
     value = re.sub(r'\[([a-z]+)\]',
                   '<div class="metatag" tag="\\1">\\1</div>', value)
     return value
 def bool2icon(value):
     """Returns True/False values represented as small html image of true/false
     icons
     :param value: bool value
     """
     if value is True:
         return HTML.tag('img', src=url("/images/icons/accept.png"),
                         alt=_('True'))
     if value is False:
         return HTML.tag('img', src=url("/images/icons/cancel.png"),
                         alt=_('False'))
     return value
 def action_parser(user_log, feed=False, parse_cs=False):
     """
     This helper will action_map the specified string action into translated
     fancy names with icons and links
     :param user_log: user log instance
     :param feed: use output for feeds (no html and fancy icons)
     :param parse_cs: parse Changesets into VCS instances
     """
     action = user_log.action
     action_params = ' '
     x = action.split(':')
     if len(x) > 1:
         action, action_params = x
     def get_cs_links():
         revs_limit = 3  # display this amount always
         revs_top_limit = 50  # show upto this amount of changesets hidden
         revs_ids = action_params.split(',')
         deleted = user_log.repository is None
         if deleted:
             return ','.join(revs_ids)
         repo_name = user_log.repository.repo_name
         def lnk(rev, repo_name):
             if isinstance(rev, BaseChangeset) or isinstance(rev, AttributeDict):
                 lazy_cs = True
                 if getattr(rev, 'op', None) and getattr(rev, 'ref_name', None):
                     lazy_cs = False
                     lbl = '?'
                     if rev.op == 'delete_branch':
                         lbl = '%s' % _('Deleted branch: %s') % rev.ref_name
                         title = ''
                     elif rev.op == 'tag':
                         lbl = '%s' % _('Created tag: %s') % rev.ref_name
                         title = ''
                     _url = '#'
                 else:
                     lbl = '%s' % (rev.short_id[:8])
                     _url = url('changeset_home', repo_name=repo_name,
                                revision=rev.raw_id)
                     title = tooltip(rev.message)
             else:
                 ## changeset cannot be found/striped/removed etc.
                 lbl = ('%s' % rev)[:12]
                 _url = '#'
                 title = _('Changeset not found')
             if parse_cs:
                 return link_to(lbl, _url, title=title, class_='tooltip')
             return link_to(lbl, _url, raw_id=rev.raw_id, repo_name=repo_name,
                            class_='lazy-cs' if lazy_cs else '')
         revs = []
         if len(filter(lambda v: v != '', revs_ids)) > 0:
             repo = None
             for rev in revs_ids[:revs_top_limit]:
                 _op = _name = None
                 if len(rev.split('=>')) == 2:
                     _op, _name = rev.split('=>')
                 # we want parsed changesets, or new log store format is bad
                 if parse_cs:
                     try:
                         if repo is None:
                             repo = user_log.repository.scm_instance
                         _rev = repo.get_changeset(rev)
                         revs.append(_rev)
                     except ChangesetDoesNotExistError:
                         log.error('cannot find revision %s in this repo' % rev)
                         revs.append(rev)
                         continue
                 else:
                     _rev = AttributeDict({
                         'short_id': rev[:12],
                         'raw_id': rev,
                         'message': '',
                         'op': _op,
                         'ref_name': _name
                     })
                     revs.append(_rev)
         cs_links = []
         cs_links.append(" " + ', '.join(
             [lnk(rev, repo_name) for rev in revs[:revs_limit]]
+            )
+        )
         compare_view = (
             ' <div class="compare_view tooltip" title="%s">'
             '<a href="%s">%s</a> </div>' % (
                 _('Show all combined changesets %s->%s') % (
                     revs_ids[0][:12], revs_ids[-1][:12]
                 ),
                 url('changeset_home', repo_name=repo_name,
                     revision='%s...%s' % (revs_ids[0], revs_ids[-1])
                 ),
                 _('compare view')
+            )
+        )
         # if we have exactly one more than normally displayed
         # just display it, takes less space than displaying
         # "and 1 more revisions"
         if len(revs_ids) == revs_limit + 1:
             rev = revs[revs_limit]
             cs_links.append(", " + lnk(rev, repo_name))
         # hidden-by-default ones
         if len(revs_ids) > revs_limit + 1:
             uniq_id = revs_ids[0]
             html_tmpl = (
                 '<span> %s <a class="show_more" id="_%s" '
                 'href="#more">%s</a> %s</span>'
+            )
             if not feed:
                 cs_links.append(html_tmpl % (
                       _('and'),
                       uniq_id, _('%s more') % (len(revs_ids) - revs_limit),
                       _('revisions')
+                    )
+                )
             if not feed:
                 html_tmpl = '<span id="%s" style="display:none">, %s </span>'
             else:
                 html_tmpl = '<span id="%s"> %s </span>'
             morelinks = ', '.join(
               [lnk(rev, repo_name) for rev in revs[revs_limit:]]
+            )
             if len(revs_ids) > revs_top_limit:
                 morelinks += ', ...'
             cs_links.append(html_tmpl % (uniq_id, morelinks))
         if len(revs) > 1:
             cs_links.append(compare_view)
         return ''.join(cs_links)
     def get_fork_name():
         repo_name = action_params
         _url = url('summary_home', repo_name=repo_name)
         return _('fork name %s') % link_to(action_params, _url)
     def get_user_name():
         user_name = action_params
         return user_name
     def get_users_group():
         group_name = action_params
         return group_name
     def get_pull_request():
         pull_request_id = action_params
         deleted = user_log.repository is None
         if deleted:
             repo_name = user_log.repository_name
         else:
             repo_name = user_log.repository.repo_name
         return link_to(_('Pull request #%s') % pull_request_id,
                     url('pullrequest_show', repo_name=repo_name,
                     pull_request_id=pull_request_id))
     # action : translated str, callback(extractor), icon
     action_map = {
     'user_deleted_repo':           (_('[deleted] repository'),
                                     None, 'database_delete.png'),
     'user_created_repo':           (_('[created] repository'),
                                     None, 'database_add.png'),
     'user_created_fork':           (_('[created] repository as fork'),
                                     None, 'arrow_divide.png'),
     'user_forked_repo':            (_('[forked] repository'),
                                     get_fork_name, 'arrow_divide.png'),
     'user_updated_repo':           (_('[updated] repository'),
                                     None, 'database_edit.png'),
     'admin_deleted_repo':          (_('[delete] repository'),
                                     None, 'database_delete.png'),
     'admin_created_repo':          (_('[created] repository'),
                                     None, 'database_add.png'),
     'admin_forked_repo':           (_('[forked] repository'),
                                     None, 'arrow_divide.png'),
     'admin_updated_repo':          (_('[updated] repository'),
                                     None, 'database_edit.png'),
     'admin_created_user':          (_('[created] user'),
                                     get_user_name, 'user_add.png'),
     'admin_updated_user':          (_('[updated] user'),
                                     get_user_name, 'user_edit.png'),
     'admin_created_users_group':   (_('[created] users group'),
                                     get_users_group, 'group_add.png'),
     'admin_updated_users_group':   (_('[updated] users group'),
                                     get_users_group, 'group_edit.png'),
     'user_commented_revision':     (_('[commented] on revision in repository'),
                                     get_cs_links, 'comment_add.png'),
     'user_commented_pull_request': (_('[commented] on pull request for'),
                                     get_pull_request, 'comment_add.png'),
     'user_closed_pull_request':    (_('[closed] pull request for'),
                                     get_pull_request, 'tick.png'),
     'push':                        (_('[pushed] into'),
                                     get_cs_links, 'script_add.png'),
     'push_local':                  (_('[committed via RhodeCode] into repository'),
                                     get_cs_links, 'script_edit.png'),
     'push_remote':                 (_('[pulled from remote] into repository'),
                                     get_cs_links, 'connect.png'),
     'pull':                        (_('[pulled] from'),
                                     None, 'down_16.png'),
     'started_following_repo':      (_('[started following] repository'),
                                     None, 'heart_add.png'),
     'stopped_following_repo':      (_('[stopped following] repository'),
                                     None, 'heart_delete.png'),
+    }
     action_str = action_map.get(action, action)
     if feed:
         action = action_str[0].replace('[', '').replace(']', '')
     else:
         action = action_str[0]\
             .replace('[', '<span class="journal_highlight">')\
             .replace(']', '</span>')
     action_params_func = lambda: ""
     if callable(action_str[1]):
         action_params_func = action_str[1]
     def action_parser_icon():
         action = user_log.action
         action_params = None
         x = action.split(':')
         if len(x) > 1:
             action, action_params = x
         tmpl = """<img src="%s%s" alt="%s"/>"""
         ico = action_map.get(action, ['', '', ''])[2]
         return literal(tmpl % ((url('/images/icons/')), ico, action))
     # returned callbacks we need to call to get
     return [lambda: literal(action), action_params_func, action_parser_icon]
 #==============================================================================
 # PERMS
 #==============================================================================
 from rhodecode.lib.auth import HasPermissionAny, HasPermissionAll, \
 HasRepoPermissionAny, HasRepoPermissionAll
 #==============================================================================
 # GRAVATAR URL
 #==============================================================================
 def gravatar_url(email_address, size=30):
     from pylons import url  # doh, we need to re-import url to mock it later
     if (not str2bool(config['app_conf'].get('use_gravatar')) or
         not email_address or email_address == 'anonymous@rhodecode.org'):
         f = lambda a, l: min(l, key=lambda x: abs(x - a))
         return url("/images/user%s.png" % f(size, [14, 16, 20, 24, 30]))
     if(str2bool(config['app_conf'].get('use_gravatar')) and
        config['app_conf'].get('alternative_gravatar_url')):
         tmpl = config['app_conf'].get('alternative_gravatar_url', '')
         parsed_url = urlparse.urlparse(url.current(qualified=True))
         tmpl = tmpl.replace('{email}', email_address)\
                    .replace('{md5email}', hashlib.md5(email_address.lower()).hexdigest()) \
                    .replace('{netloc}', parsed_url.netloc)\
                    .replace('{scheme}', parsed_url.scheme)\
                    .replace('{size}', str(size))
         return tmpl
     ssl_enabled = 'https' == request.environ.get('wsgi.url_scheme')
     default = 'identicon'
     baseurl_nossl = "http://www.gravatar.com/avatar/"
     baseurl_ssl = "https://secure.gravatar.com/avatar/"
     baseurl = baseurl_ssl if ssl_enabled else baseurl_nossl
     if isinstance(email_address, unicode):
         #hashlib crashes on unicode items
         email_address = safe_str(email_address)
     # construct the url
     gravatar_url = baseurl + hashlib.md5(email_address.lower()).hexdigest() + "?"
     gravatar_url += urllib.urlencode({'d': default, 's': str(size)})
     return gravatar_url
 #==============================================================================
 # REPO PAGER, PAGER FOR REPOSITORY
 #==============================================================================
 class RepoPage(Page):
     def __init__(self, collection, page=1, items_per_page=20,
                  item_count=None, url=None, **kwargs):
         """Create a "RepoPage" instance. special pager for paging
         repository
         """
         self._url_generator = url
         # Safe the kwargs class-wide so they can be used in the pager() method
         self.kwargs = kwargs
         # Save a reference to the collection
         self.original_collection = collection
         self.collection = collection
         # The self.page is the number of the current page.
         # The first page has the number 1!
         try:
             self.page = int(page)  # make it int() if we get it as a string
         except (ValueError, TypeError):
             self.page = 1
         self.items_per_page = items_per_page
         # Unless the user tells us how many items the collections has
         # we calculate that ourselves.
         if item_count is not None:
             self.item_count = item_count
         else:
             self.item_count = len(self.collection)
         # Compute the number of the first and last available page
         if self.item_count > 0:
             self.first_page = 1
             self.page_count = int(math.ceil(float(self.item_count) /
                                             self.items_per_page))
             self.last_page = self.first_page + self.page_count - 1
             # Make sure that the requested page number is the range of
             # valid pages
             if self.page > self.last_page:
                 self.page = self.last_page
             elif self.page < self.first_page:
                 self.page = self.first_page
             # Note: the number of items on this page can be less than
             #       items_per_page if the last page is not full
             self.first_item = max(0, (self.item_count) - (self.page *
                                                           items_per_page))
             self.last_item = ((self.item_count - 1) - items_per_page *
                               (self.page - 1))
             self.items = list(self.collection[self.first_item:self.last_item + 1])
             # Links to previous and next page
             if self.page > self.first_page:
                 self.previous_page = self.page - 1
             else:
                 self.previous_page = None
             if self.page < self.last_page:
                 self.next_page = self.page + 1
             else:
                 self.next_page = None
         # No items available
         else:
             self.first_page = None
             self.page_count = 0
             self.last_page = None
             self.first_item = None
             self.last_item = None
             self.previous_page = None
             self.next_page = None
             self.items = []
         # This is a subclass of the 'list' type. Initialise the list now.
         list.__init__(self, reversed(self.items))
 def changed_tooltip(nodes):
     """
     Generates a html string for changed nodes in changeset page.
     It limits the output to 30 entries
     :param nodes: LazyNodesGenerator
     """
     if nodes:
         pref = ': <br/> '
         suf = ''
         if len(nodes) > 30:
             suf = '<br/>' + _(' and %s more') % (len(nodes) - 30)
         return literal(pref + '<br/> '.join([safe_unicode(x.path)
                                              for x in nodes[:30]]) + suf)
     else:
         return ': ' + _('No Files')
 def repo_link(groups_and_repos, last_url=None):
     """
     Makes a breadcrumbs link to repo within a group
     joins &raquo; on each group to create a fancy link
     ex::
         group >> subgroup >> repo
     :param groups_and_repos:
     :param last_url:
     """
     groups, repo_name = groups_and_repos
     last_link = link_to(repo_name, last_url) if last_url else repo_name
     if not groups:
         if last_url:
             return last_link
         return repo_name
     else:
         def make_link(group):
             return link_to(group.name,
                            url('repos_group_home', group_name=group.group_name))
         return literal(' &raquo; '.join(map(make_link, groups) + [last_link]))
 def fancy_file_stats(stats):
     """
     Displays a fancy two colored bar for number of added/deleted
     lines of code on file
     :param stats: two element list of added/deleted lines of code
     """
     def cgen(l_type, a_v, d_v):
         mapping = {'tr': 'top-right-rounded-corner-mid',
                    'tl': 'top-left-rounded-corner-mid',
                    'br': 'bottom-right-rounded-corner-mid',
                    'bl': 'bottom-left-rounded-corner-mid'}
         map_getter = lambda x: mapping[x]
         if l_type == 'a' and d_v:
             #case when added and deleted are present
             return ' '.join(map(map_getter, ['tl', 'bl']))
         if l_type == 'a' and not d_v:
             return ' '.join(map(map_getter, ['tr', 'br', 'tl', 'bl']))
         if l_type == 'd' and a_v:
             return ' '.join(map(map_getter, ['tr', 'br']))
         if l_type == 'd' and not a_v:
             return ' '.join(map(map_getter, ['tr', 'br', 'tl', 'bl']))
     a, d = stats[0], stats[1]
     width = 100
     if a == 'b':
         #binary mode
         b_d = '<div class="bin%s %s" style="width:100%%">%s</div>' % (d, cgen('a', a_v='', d_v=0), 'bin')
         b_a = '<div class="bin1" style="width:0%%">%s</div>' % ('bin')
         return literal('<div style="width:%spx">%s%s</div>' % (width, b_a, b_d))
     t = stats[0] + stats[1]
     unit = float(width) / (t or 1)
     # needs > 9% of width to be visible or 0 to be hidden
     a_p = max(9, unit * a) if a > 0 else 0
     d_p = max(9, unit * d) if d > 0 else 0
     p_sum = a_p + d_p
     if p_sum > width:
         #adjust the percentage to be == 100% since we adjusted to 9
         if a_p > d_p:
             a_p = a_p - (p_sum - width)
         else:
             d_p = d_p - (p_sum - width)
     a_v = a if a > 0 else ''
     d_v = d if d > 0 else ''
     d_a = '<div class="added %s" style="width:%s%%">%s</div>' % (
         cgen('a', a_v, d_v), a_p, a_v
+    )
     d_d = '<div class="deleted %s" style="width:%s%%">%s</div>' % (
         cgen('d', a_v, d_v), d_p, d_v
+    )
     return literal('<div style="width:%spx">%s%s</div>' % (width, d_a, d_d))
 def urlify_text(text_):
     url_pat = re.compile(r'''(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]'''
                          '''|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+)''')
     def url_func(match_obj):
         url_full = match_obj.groups()[0]
         return '<a href="%(url)s">%(url)s</a>' % ({'url': url_full})
     return literal(url_pat.sub(url_func, text_))
 def urlify_changesets(text_, repository):
     """
     Extract revision ids from changeset and make link from them
     :param text_:
     :param repository:
     """
     URL_PAT = re.compile(r'([0-9a-fA-F]{12,})')
     def url_func(match_obj):
         rev = match_obj.groups()[0]
         pref = ''
         if match_obj.group().startswith(' '):
             pref = ' '
         tmpl = (
         '%(pref)s<a class="%(cls)s" href="%(url)s">'
         '%(rev)s'
         '</a>'
+        )
         return tmpl % {
          'pref': pref,
          'cls': 'revision-link',
          'url': url('changeset_home', repo_name=repository, revision=rev),
          'rev': rev,
+        }
     newtext = URL_PAT.sub(url_func, text_)
     return newtext
 def urlify_commit(text_, repository=None, link_=None):
     """
     Parses given text message and makes proper links.
     issues are linked to given issue-server, and rest is a changeset link
     if link_ is given, in other case it's a plain text
     :param text_:
     :param repository:
     :param link_: changeset link
     """
     import traceback
     def escaper(string):
         return string.replace('<', '&lt;').replace('>', '&gt;')
     def linkify_others(t, l):
         urls = re.compile(r'(\<a.*?\<\/a\>)',)
         links = []
         for e in urls.split(t):
             if not urls.match(e):
                 links.append('<a class="message-link" href="%s">%s</a>' % (l, e))
             else:
                 links.append(e)
         return ''.join(links)
     # urlify changesets - extrac revisions and make link out of them
     newtext = urlify_changesets(escaper(text_), repository)
     try:
         conf = config['app_conf']
         # allow multiple issue servers to be used
         valid_indices = [
             x.group(1)
             for x in map(lambda x: re.match(r'issue_pat(.*)', x), conf.keys())
             if x and 'issue_server_link%s' % x.group(1) in conf
             and 'issue_prefix%s' % x.group(1) in conf
+        ]
         log.debug('found issue server suffixes `%s` during valuation of: %s'
                   % (','.join(valid_indices), newtext))
         for pattern_index in valid_indices:
             ISSUE_PATTERN = conf.get('issue_pat%s' % pattern_index)
             ISSUE_SERVER_LNK = conf.get('issue_server_link%s' % pattern_index)
             ISSUE_PREFIX = conf.get('issue_prefix%s' % pattern_index)
             log.debug('pattern suffix `%s` PAT:%s SERVER_LINK:%s PREFIX:%s'
                       % (pattern_index, ISSUE_PATTERN, ISSUE_SERVER_LNK,
                          ISSUE_PREFIX))
             URL_PAT = re.compile(r'%s' % ISSUE_PATTERN)
             def url_func(match_obj):
                 pref = ''
                 if match_obj.group().startswith(' '):
                     pref = ' '
                 issue_id = ''.join(match_obj.groups())
                 tmpl = (
                 '%(pref)s<a class="%(cls)s" href="%(url)s">'
                 '%(issue-prefix)s%(id-repr)s'
                 '</a>'
+                )
                 url = ISSUE_SERVER_LNK.replace('{id}', issue_id)
                 if repository:
                     url = url.replace('{repo}', repository)
                     repo_name = repository.split(URL_SEP)[-1]
                     url = url.replace('{repo_name}', repo_name)
                 return tmpl % {
                      'pref': pref,
                      'cls': 'issue-tracker-link',
                      'url': url,
                      'id-repr': issue_id,
                      'issue-prefix': ISSUE_PREFIX,
                      'serv': ISSUE_SERVER_LNK,
+                }
             newtext = URL_PAT.sub(url_func, newtext)
             log.debug('processed prefix:`%s` => %s' % (pattern_index, newtext))
         # if we actually did something above
         if link_:
             # wrap not links into final link => link_
             newtext = linkify_others(newtext, link_)
     except:
         log.error(traceback.format_exc())
         pass
     return literal(newtext)
 def rst(source):
     return literal('<div class="rst-block">%s</div>' %
                    MarkupRenderer.rst(source))
 def rst_w_mentions(source):
     """
     Wrapped rst renderer with @mention highlighting
     :param source:
     """
     return literal('<div class="rst-block">%s</div>' %
                    MarkupRenderer.rst_with_mentions(source))
 def changeset_status(repo, revision):
     return ChangesetStatusModel().get_status(repo, revision)
 def changeset_status_lbl(changeset_status):
     return dict(ChangesetStatus.STATUSES).get(changeset_status)
 def get_permission_name(key):
     return dict(Permission.PERMS).get(key)
 def journal_filter_help():
     return _(textwrap.dedent('''
         Example filter terms:
             repository:vcs
             username:marcin
             action:*push*
             ip:127.0.0.1
             date:20120101
             date:[20120101100000 TO 20120102]
         Generate wildcards using '*' character:
             "repositroy:vcs*" - search everything starting with 'vcs'
             "repository:*vcs*" - search for repository containing 'vcs'
         Optional AND / OR operators in queries
             "repository:vcs OR repository:test"
             "username:test AND repository:test*"
     '''))
 def not_mapped_error(repo_name):
     flash(_('%s repository is not mapped to db perhaps'
             ' it was created or renamed from the filesystem'
             ' please run the application again'
             ' in order to rescan repositories') % repo_name, category='error')
 def ip_range(ip_addr):
     from rhodecode.model.db import UserIpMap
     s, e = UserIpMap._get_ip_range(ip_addr)
     return '%s - %s' % (s, e)

rhodecode/lib/ipaddr.py

➞

Show inline comments

@@ new file 100644 @@
 # Copyright 2007 Google Inc.
 #  Licensed to PSF under a Contributor Agreement.
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
+#
 #      http://www.apache.org/licenses/LICENSE-2.0
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
 # implied. See the License for the specific language governing
 # permissions and limitations under the License.
 """A fast, lightweight IPv4/IPv6 manipulation library in Python.
 This library is used to create/poke/manipulate IPv4 and IPv6 addresses
 and networks.
 """
 __version__ = 'trunk'
 import struct
 IPV4LENGTH = 32
 IPV6LENGTH = 128
 class AddressValueError(ValueError):
     """A Value Error related to the address."""
 class NetmaskValueError(ValueError):
     """A Value Error related to the netmask."""
 def IPAddress(address, version=None):
     """Take an IP string/int and return an object of the correct type.
     Args:
         address: A string or integer, the IP address.  Either IPv4 or
           IPv6 addresses may be supplied; integers less than 2**32 will
           be considered to be IPv4 by default.
         version: An Integer, 4 or 6. If set, don't try to automatically
           determine what the IP address type is. important for things
           like IPAddress(1), which could be IPv4, '0.0.0.1',  or IPv6,
           '::1'.
     Returns:
         An IPv4Address or IPv6Address object.
     Raises:
         ValueError: if the string passed isn't either a v4 or a v6
           address.
     """
     if version:
         if version == 4:
             return IPv4Address(address)
         elif version == 6:
             return IPv6Address(address)
     try:
         return IPv4Address(address)
     except (AddressValueError, NetmaskValueError):
         pass
     try:
         return IPv6Address(address)
     except (AddressValueError, NetmaskValueError):
         pass
     raise ValueError('%r does not appear to be an IPv4 or IPv6 address' %
                      address)
 def IPNetwork(address, version=None, strict=False):
     """Take an IP string/int and return an object of the correct type.
     Args:
         address: A string or integer, the IP address.  Either IPv4 or
           IPv6 addresses may be supplied; integers less than 2**32 will
           be considered to be IPv4 by default.
         version: An Integer, if set, don't try to automatically
           determine what the IP address type is. important for things
           like IPNetwork(1), which could be IPv4, '0.0.0.1/32', or IPv6,
           '::1/128'.
     Returns:
         An IPv4Network or IPv6Network object.
     Raises:
         ValueError: if the string passed isn't either a v4 or a v6
           address. Or if a strict network was requested and a strict
           network wasn't given.
     """
     if version:
         if version == 4:
             return IPv4Network(address, strict)
         elif version == 6:
             return IPv6Network(address, strict)
     try:
         return IPv4Network(address, strict)
     except (AddressValueError, NetmaskValueError):
         pass
     try:
         return IPv6Network(address, strict)
     except (AddressValueError, NetmaskValueError):
         pass
     raise ValueError('%r does not appear to be an IPv4 or IPv6 network' %
                      address)
 def v4_int_to_packed(address):
     """The binary representation of this address.
     Args:
         address: An integer representation of an IPv4 IP address.
     Returns:
         The binary representation of this address.
     Raises:
         ValueError: If the integer is too large to be an IPv4 IP
           address.
     """
     if address > _BaseV4._ALL_ONES:
         raise ValueError('Address too large for IPv4')
     return Bytes(struct.pack('!I', address))
 def v6_int_to_packed(address):
     """The binary representation of this address.
     Args:
         address: An integer representation of an IPv6 IP address.
     Returns:
         The binary representation of this address.
     """
     return Bytes(struct.pack('!QQ', address >> 64, address & (2 ** 64 - 1)))
 def _find_address_range(addresses):
     """Find a sequence of addresses.
     Args:
         addresses: a list of IPv4 or IPv6 addresses.
     Returns:
         A tuple containing the first and last IP addresses in the sequence.
     """
     first = last = addresses[0]
     for ip in addresses[1:]:
         if ip._ip == last._ip + 1:
             last = ip
         else:
             break
     return (first, last)
 def _get_prefix_length(number1, number2, bits):
     """Get the number of leading bits that are same for two numbers.
     Args:
         number1: an integer.
         number2: another integer.
         bits: the maximum number of bits to compare.
     Returns:
         The number of leading bits that are the same for two numbers.
     """
     for i in range(bits):
         if number1 >> i == number2 >> i:
             return bits - i
     return 0
 def _count_righthand_zero_bits(number, bits):
     """Count the number of zero bits on the right hand side.
     Args:
         number: an integer.
         bits: maximum number of bits to count.
     Returns:
         The number of zero bits on the right hand side of the number.
     """
     if number == 0:
         return bits
     for i in range(bits):
         if (number >> i) % 2:
             return i
 def summarize_address_range(first, last):
     """Summarize a network range given the first and last IP addresses.
     Example:
         >>> summarize_address_range(IPv4Address('1.1.1.0'),
             IPv4Address('1.1.1.130'))
         [IPv4Network('1.1.1.0/25'), IPv4Network('1.1.1.128/31'),
         IPv4Network('1.1.1.130/32')]
     Args:
         first: the first IPv4Address or IPv6Address in the range.
         last: the last IPv4Address or IPv6Address in the range.
     Returns:
         The address range collapsed to a list of IPv4Network's or
         IPv6Network's.
     Raise:
         TypeError:
             If the first and last objects are not IP addresses.
             If the first and last objects are not the same version.
         ValueError:
             If the last object is not greater than the first.
             If the version is not 4 or 6.
     """
     if not (isinstance(first, _BaseIP) and isinstance(last, _BaseIP)):
         raise TypeError('first and last must be IP addresses, not networks')
     if first.version != last.version:
         raise TypeError("%s and %s are not of the same version" % (
                 str(first), str(last)))
     if first > last:
         raise ValueError('last IP address must be greater than first')
     networks = []
     if first.version == 4:
         ip = IPv4Network
     elif first.version == 6:
         ip = IPv6Network
     else:
         raise ValueError('unknown IP version')
     ip_bits = first._max_prefixlen
     first_int = first._ip
     last_int = last._ip
     while first_int <= last_int:
         nbits = _count_righthand_zero_bits(first_int, ip_bits)
         current = None
         while nbits >= 0:
             addend = 2 ** nbits - 1
             current = first_int + addend
             nbits -= 1
             if current <= last_int:
                 break
         prefix = _get_prefix_length(first_int, current, ip_bits)
         net = ip('%s/%d' % (str(first), prefix))
         networks.append(net)
         if current == ip._ALL_ONES:
             break
         first_int = current + 1
         first = IPAddress(first_int, version=first._version)
     return networks
 def _collapse_address_list_recursive(addresses):
     """Loops through the addresses, collapsing concurrent netblocks.
     Example:
         ip1 = IPv4Network('1.1.0.0/24')
         ip2 = IPv4Network('1.1.1.0/24')
         ip3 = IPv4Network('1.1.2.0/24')
         ip4 = IPv4Network('1.1.3.0/24')
         ip5 = IPv4Network('1.1.4.0/24')
         ip6 = IPv4Network('1.1.0.1/22')
         _collapse_address_list_recursive([ip1, ip2, ip3, ip4, ip5, ip6]) ->
           [IPv4Network('1.1.0.0/22'), IPv4Network('1.1.4.0/24')]
         This shouldn't be called directly; it is called via
           collapse_address_list([]).
     Args:
         addresses: A list of IPv4Network's or IPv6Network's
     Returns:
         A list of IPv4Network's or IPv6Network's depending on what we were
         passed.
     """
     ret_array = []
     optimized = False
     for cur_addr in addresses:
         if not ret_array:
             ret_array.append(cur_addr)
             continue
         if cur_addr in ret_array[-1]:
             optimized = True
         elif cur_addr == ret_array[-1].supernet().subnet()[1]:
             ret_array.append(ret_array.pop().supernet())
             optimized = True
         else:
             ret_array.append(cur_addr)
     if optimized:
         return _collapse_address_list_recursive(ret_array)
     return ret_array
 def collapse_address_list(addresses):
     """Collapse a list of IP objects.
     Example:
         collapse_address_list([IPv4('1.1.0.0/24'), IPv4('1.1.1.0/24')]) ->
           [IPv4('1.1.0.0/23')]
     Args:
         addresses: A list of IPv4Network or IPv6Network objects.
     Returns:
         A list of IPv4Network or IPv6Network objects depending on what we
         were passed.
     Raises:
         TypeError: If passed a list of mixed version objects.
     """
     i = 0
     addrs = []
     ips = []
     nets = []
     # split IP addresses and networks
     for ip in addresses:
         if isinstance(ip, _BaseIP):
             if ips and ips[-1]._version != ip._version:
                 raise TypeError("%s and %s are not of the same version" % (
                         str(ip), str(ips[-1])))
             ips.append(ip)
         elif ip._prefixlen == ip._max_prefixlen:
             if ips and ips[-1]._version != ip._version:
                 raise TypeError("%s and %s are not of the same version" % (
                         str(ip), str(ips[-1])))
             ips.append(ip.ip)
         else:
             if nets and nets[-1]._version != ip._version:
                 raise TypeError("%s and %s are not of the same version" % (
                         str(ip), str(nets[-1])))
             nets.append(ip)
     # sort and dedup
     ips = sorted(set(ips))
     nets = sorted(set(nets))
     while i < len(ips):
         (first, last) = _find_address_range(ips[i:])
         i = ips.index(last) + 1
         addrs.extend(summarize_address_range(first, last))
     return _collapse_address_list_recursive(sorted(
         addrs + nets, key=_BaseNet._get_networks_key))
 # backwards compatibility
 CollapseAddrList = collapse_address_list
 # We need to distinguish between the string and packed-bytes representations
 # of an IP address.  For example, b'0::1' is the IPv4 address 48.58.58.49,
 # while '0::1' is an IPv6 address.
+#
 # In Python 3, the native 'bytes' type already provides this functionality,
 # so we use it directly.  For earlier implementations where bytes is not a
 # distinct type, we create a subclass of str to serve as a tag.
+#
 # Usage example (Python 2):
 #   ip = ipaddr.IPAddress(ipaddr.Bytes('xxxx'))
+#
 # Usage example (Python 3):
 #   ip = ipaddr.IPAddress(b'xxxx')
 try:
     if bytes is str:
         raise TypeError("bytes is not a distinct type")
     Bytes = bytes
 except (NameError, TypeError):
     class Bytes(str):
         def __repr__(self):
             return 'Bytes(%s)' % str.__repr__(self)
 def get_mixed_type_key(obj):
     """Return a key suitable for sorting between networks and addresses.
     Address and Network objects are not sortable by default; they're
     fundamentally different so the expression
         IPv4Address('1.1.1.1') <= IPv4Network('1.1.1.1/24')
     doesn't make any sense.  There are some times however, where you may wish
     to have ipaddr sort these for you anyway. If you need to do this, you
     can use this function as the key= argument to sorted().
     Args:
       obj: either a Network or Address object.
     Returns:
       appropriate key.
     """
     if isinstance(obj, _BaseNet):
         return obj._get_networks_key()
     elif isinstance(obj, _BaseIP):
         return obj._get_address_key()
     return NotImplemented
 class _IPAddrBase(object):
     """The mother class."""
     def __index__(self):
         return self._ip
     def __int__(self):
         return self._ip
     def __hex__(self):
         return hex(self._ip)
     @property
     def exploded(self):
         """Return the longhand version of the IP address as a string."""
         return self._explode_shorthand_ip_string()
     @property
     def compressed(self):
         """Return the shorthand version of the IP address as a string."""
         return str(self)
 class _BaseIP(_IPAddrBase):
     """A generic IP object.
     This IP class contains the version independent methods which are
     used by single IP addresses.
     """
     def __eq__(self, other):
         try:
             return (self._ip == other._ip
                     and self._version == other._version)
         except AttributeError:
             return NotImplemented
     def __ne__(self, other):
         eq = self.__eq__(other)
         if eq is NotImplemented:
             return NotImplemented
         return not eq
     def __le__(self, other):
         gt = self.__gt__(other)
         if gt is NotImplemented:
             return NotImplemented
         return not gt
     def __ge__(self, other):
         lt = self.__lt__(other)
         if lt is NotImplemented:
             return NotImplemented
         return not lt
     def __lt__(self, other):
         if self._version != other._version:
             raise TypeError('%s and %s are not of the same version' % (
                     str(self), str(other)))
         if not isinstance(other, _BaseIP):
             raise TypeError('%s and %s are not of the same type' % (
                     str(self), str(other)))
         if self._ip != other._ip:
             return self._ip < other._ip
         return False
     def __gt__(self, other):
         if self._version != other._version:
             raise TypeError('%s and %s are not of the same version' % (
                     str(self), str(other)))
         if not isinstance(other, _BaseIP):
             raise TypeError('%s and %s are not of the same type' % (
                     str(self), str(other)))
         if self._ip != other._ip:
             return self._ip > other._ip
         return False
     # Shorthand for Integer addition and subtraction. This is not
     # meant to ever support addition/subtraction of addresses.
     def __add__(self, other):
         if not isinstance(other, int):
             return NotImplemented
         return IPAddress(int(self) + other, version=self._version)
     def __sub__(self, other):
         if not isinstance(other, int):
             return NotImplemented
         return IPAddress(int(self) - other, version=self._version)
     def __repr__(self):
         return '%s(%r)' % (self.__class__.__name__, str(self))
     def __str__(self):
         return  '%s' % self._string_from_ip_int(self._ip)
     def __hash__(self):
         return hash(hex(long(self._ip)))
     def _get_address_key(self):
         return (self._version, self)
     @property
     def version(self):
         raise NotImplementedError('BaseIP has no version')
 class _BaseNet(_IPAddrBase):
     """A generic IP object.
     This IP class contains the version independent methods which are
     used by networks.
     """
     def __init__(self, address):
         self._cache = {}
     def __repr__(self):
         return '%s(%r)' % (self.__class__.__name__, str(self))
     def iterhosts(self):
         """Generate Iterator over usable hosts in a network.
            This is like __iter__ except it doesn't return the network
            or broadcast addresses.
         """
         cur = int(self.network) + 1
         bcast = int(self.broadcast) - 1
         while cur <= bcast:
             cur += 1
             yield IPAddress(cur - 1, version=self._version)
     def __iter__(self):
         cur = int(self.network)
         bcast = int(self.broadcast)
         while cur <= bcast:
             cur += 1
             yield IPAddress(cur - 1, version=self._version)
     def __getitem__(self, n):
         network = int(self.network)
         broadcast = int(self.broadcast)
         if n >= 0:
             if network + n > broadcast:
                 raise IndexError
             return IPAddress(network + n, version=self._version)
         else:
             n += 1
             if broadcast + n < network:
                 raise IndexError
             return IPAddress(broadcast + n, version=self._version)
     def __lt__(self, other):
         if self._version != other._version:
             raise TypeError('%s and %s are not of the same version' % (
                     str(self), str(other)))
         if not isinstance(other, _BaseNet):
             raise TypeError('%s and %s are not of the same type' % (
                     str(self), str(other)))
         if self.network != other.network:
             return self.network < other.network
         if self.netmask != other.netmask:
             return self.netmask < other.netmask
         return False
     def __gt__(self, other):
         if self._version != other._version:
             raise TypeError('%s and %s are not of the same version' % (
                     str(self), str(other)))
         if not isinstance(other, _BaseNet):
             raise TypeError('%s and %s are not of the same type' % (
                     str(self), str(other)))
         if self.network != other.network:
             return self.network > other.network
         if self.netmask != other.netmask:
             return self.netmask > other.netmask
         return False
     def __le__(self, other):
         gt = self.__gt__(other)
         if gt is NotImplemented:
             return NotImplemented
         return not gt
     def __ge__(self, other):
         lt = self.__lt__(other)
         if lt is NotImplemented:
             return NotImplemented
         return not lt
     def __eq__(self, other):
         try:
             return (self._version == other._version
                     and self.network == other.network
                     and int(self.netmask) == int(other.netmask))
         except AttributeError:
             if isinstance(other, _BaseIP):
                 return (self._version == other._version
                         and self._ip == other._ip)
     def __ne__(self, other):
         eq = self.__eq__(other)
         if eq is NotImplemented:
             return NotImplemented
         return not eq
     def __str__(self):
         return  '%s/%s' % (str(self.ip),
                            str(self._prefixlen))
     def __hash__(self):
         return hash(int(self.network) ^ int(self.netmask))
     def __contains__(self, other):
         # always false if one is v4 and the other is v6.
         if self._version != other._version:
             return False
         # dealing with another network.
         if isinstance(other, _BaseNet):
             return (self.network <= other.network and
                     self.broadcast >= other.broadcast)
         # dealing with another address
         else:
             return (int(self.network) <= int(other._ip) <=
                     int(self.broadcast))
     def overlaps(self, other):
         """Tell if self is partly contained in other."""
         return self.network in other or self.broadcast in other or (
             other.network in self or other.broadcast in self)
     @property
     def network(self):
         x = self._cache.get('network')
         if x is None:
             x = IPAddress(self._ip & int(self.netmask), version=self._version)
             self._cache['network'] = x
         return x
     @property
     def broadcast(self):
         x = self._cache.get('broadcast')
         if x is None:
             x = IPAddress(self._ip | int(self.hostmask), version=self._version)
             self._cache['broadcast'] = x
         return x
     @property
     def hostmask(self):
         x = self._cache.get('hostmask')
         if x is None:
             x = IPAddress(int(self.netmask) ^ self._ALL_ONES,
                           version=self._version)
             self._cache['hostmask'] = x
         return x
     @property
     def with_prefixlen(self):
         return '%s/%d' % (str(self.ip), self._prefixlen)
     @property
     def with_netmask(self):
         return '%s/%s' % (str(self.ip), str(self.netmask))
     @property
     def with_hostmask(self):
         return '%s/%s' % (str(self.ip), str(self.hostmask))
     @property
     def numhosts(self):
         """Number of hosts in the current subnet."""
         return int(self.broadcast) - int(self.network) + 1
     @property
     def version(self):
         raise NotImplementedError('BaseNet has no version')
     @property
     def prefixlen(self):
         return self._prefixlen
     def address_exclude(self, other):
         """Remove an address from a larger block.
         For example:
             addr1 = IPNetwork('10.1.1.0/24')
             addr2 = IPNetwork('10.1.1.0/26')
             addr1.address_exclude(addr2) =
                 [IPNetwork('10.1.1.64/26'), IPNetwork('10.1.1.128/25')]
         or IPv6:
             addr1 = IPNetwork('::1/32')
             addr2 = IPNetwork('::1/128')
             addr1.address_exclude(addr2) = [IPNetwork('::0/128'),
                 IPNetwork('::2/127'),
                 IPNetwork('::4/126'),
                 IPNetwork('::8/125'),
                 ...
                 IPNetwork('0:0:8000::/33')]
         Args:
             other: An IPvXNetwork object of the same type.
         Returns:
             A sorted list of IPvXNetwork objects addresses which is self
             minus other.
         Raises:
             TypeError: If self and other are of difffering address
               versions, or if other is not a network object.
             ValueError: If other is not completely contained by self.
         """
         if not self._version == other._version:
             raise TypeError("%s and %s are not of the same version" % (
                 str(self), str(other)))
         if not isinstance(other, _BaseNet):
             raise TypeError("%s is not a network object" % str(other))
         if other not in self:
             raise ValueError('%s not contained in %s' % (str(other),
                                                          str(self)))
         if other == self:
             return []
         ret_addrs = []
         # Make sure we're comparing the network of other.
         other = IPNetwork('%s/%s' % (str(other.network), str(other.prefixlen)),
                    version=other._version)
         s1, s2 = self.subnet()
         while s1 != other and s2 != other:
             if other in s1:
                 ret_addrs.append(s2)
                 s1, s2 = s1.subnet()
             elif other in s2:
                 ret_addrs.append(s1)
                 s1, s2 = s2.subnet()
             else:
                 # If we got here, there's a bug somewhere.
                 assert True == False, ('Error performing exclusion: '
                                        's1: %s s2: %s other: %s' %
                                        (str(s1), str(s2), str(other)))
         if s1 == other:
             ret_addrs.append(s2)
         elif s2 == other:
             ret_addrs.append(s1)
         else:
             # If we got here, there's a bug somewhere.
             assert True == False, ('Error performing exclusion: '
                                    's1: %s s2: %s other: %s' %
                                    (str(s1), str(s2), str(other)))
         return sorted(ret_addrs, key=_BaseNet._get_networks_key)
     def compare_networks(self, other):
         """Compare two IP objects.
         This is only concerned about the comparison of the integer
         representation of the network addresses.  This means that the
         host bits aren't considered at all in this method.  If you want
         to compare host bits, you can easily enough do a
         'HostA._ip < HostB._ip'
         Args:
             other: An IP object.
         Returns:
             If the IP versions of self and other are the same, returns:
             -1 if self < other:
               eg: IPv4('1.1.1.0/24') < IPv4('1.1.2.0/24')
               IPv6('1080::200C:417A') < IPv6('1080::200B:417B')
 if self == other
               eg: IPv4('1.1.1.1/24') == IPv4('1.1.1.2/24')
               IPv6('1080::200C:417A/96') == IPv6('1080::200C:417B/96')
 if self > other
               eg: IPv4('1.1.1.0/24') > IPv4('1.1.0.0/24')
               IPv6('1080::1:200C:417A/112') >
               IPv6('1080::0:200C:417A/112')
             If the IP versions of self and other are different, returns:
             -1 if self._version < other._version
               eg: IPv4('10.0.0.1/24') < IPv6('::1/128')
 if self._version > other._version
               eg: IPv6('::1/128') > IPv4('255.255.255.0/24')
         """
         if self._version < other._version:
             return -1
         if self._version > other._version:
             return 1
         # self._version == other._version below here:
         if self.network < other.network:
             return -1
         if self.network > other.network:
             return 1
         # self.network == other.network below here:
         if self.netmask < other.netmask:
             return -1
         if self.netmask > other.netmask:
             return 1
         # self.network == other.network and self.netmask == other.netmask
         return 0
     def _get_networks_key(self):
         """Network-only key function.
         Returns an object that identifies this address' network and
         netmask. This function is a suitable "key" argument for sorted()
         and list.sort().
         """
         return (self._version, self.network, self.netmask)
     def _ip_int_from_prefix(self, prefixlen=None):
         """Turn the prefix length netmask into a int for comparison.
         Args:
             prefixlen: An integer, the prefix length.
         Returns:
             An integer.
         """
         if not prefixlen and prefixlen != 0:
             prefixlen = self._prefixlen
         return self._ALL_ONES ^ (self._ALL_ONES >> prefixlen)
     def _prefix_from_ip_int(self, ip_int, mask=32):
         """Return prefix length from the decimal netmask.
         Args:
             ip_int: An integer, the IP address.
             mask: The netmask.  Defaults to 32.
         Returns:
             An integer, the prefix length.
         """
         while mask:
             if ip_int & 1 == 1:
                 break
             ip_int >>= 1
             mask -= 1
         return mask
     def _ip_string_from_prefix(self, prefixlen=None):
         """Turn a prefix length into a dotted decimal string.
         Args:
             prefixlen: An integer, the netmask prefix length.
         Returns:
             A string, the dotted decimal netmask string.
         """
         if not prefixlen:
             prefixlen = self._prefixlen
         return self._string_from_ip_int(self._ip_int_from_prefix(prefixlen))
     def iter_subnets(self, prefixlen_diff=1, new_prefix=None):
         """The subnets which join to make the current subnet.
         In the case that self contains only one IP
         (self._prefixlen == 32 for IPv4 or self._prefixlen == 128
         for IPv6), return a list with just ourself.
         Args:
             prefixlen_diff: An integer, the amount the prefix length
               should be increased by. This should not be set if
               new_prefix is also set.
             new_prefix: The desired new prefix length. This must be a
               larger number (smaller prefix) than the existing prefix.
               This should not be set if prefixlen_diff is also set.
         Returns:
             An iterator of IPv(4|6) objects.
         Raises:
             ValueError: The prefixlen_diff is too small or too large.
                 OR
             prefixlen_diff and new_prefix are both set or new_prefix
               is a smaller number than the current prefix (smaller
               number means a larger network)
         """
         if self._prefixlen == self._max_prefixlen:
             yield self
             return
         if new_prefix is not None:
             if new_prefix < self._prefixlen:
                 raise ValueError('new prefix must be longer')
             if prefixlen_diff != 1:
                 raise ValueError('cannot set prefixlen_diff and new_prefix')
             prefixlen_diff = new_prefix - self._prefixlen
         if prefixlen_diff < 0:
             raise ValueError('prefix length diff must be > 0')
         new_prefixlen = self._prefixlen + prefixlen_diff
         if not self._is_valid_netmask(str(new_prefixlen)):
             raise ValueError(
                 'prefix length diff %d is invalid for netblock %s' % (
                     new_prefixlen, str(self)))
         first = IPNetwork('%s/%s' % (str(self.network),
                                      str(self._prefixlen + prefixlen_diff)),
                          version=self._version)
         yield first
         current = first
         while True:
             broadcast = current.broadcast
             if broadcast == self.broadcast:
                 return
             new_addr = IPAddress(int(broadcast) + 1, version=self._version)
             current = IPNetwork('%s/%s' % (str(new_addr), str(new_prefixlen)),
                                 version=self._version)
             yield current
     def masked(self):
         """Return the network object with the host bits masked out."""
         return IPNetwork('%s/%d' % (self.network, self._prefixlen),
                          version=self._version)
     def subnet(self, prefixlen_diff=1, new_prefix=None):
         """Return a list of subnets, rather than an iterator."""
         return list(self.iter_subnets(prefixlen_diff, new_prefix))
     def supernet(self, prefixlen_diff=1, new_prefix=None):
         """The supernet containing the current network.
         Args:
             prefixlen_diff: An integer, the amount the prefix length of
               the network should be decreased by.  For example, given a
               /24 network and a prefixlen_diff of 3, a supernet with a
               /21 netmask is returned.
         Returns:
             An IPv4 network object.
         Raises:
             ValueError: If self.prefixlen - prefixlen_diff < 0. I.e., you have a
               negative prefix length.
                 OR
             If prefixlen_diff and new_prefix are both set or new_prefix is a
               larger number than the current prefix (larger number means a
               smaller network)
         """
         if self._prefixlen == 0:
             return self
         if new_prefix is not None:
             if new_prefix > self._prefixlen:
                 raise ValueError('new prefix must be shorter')
             if prefixlen_diff != 1:
                 raise ValueError('cannot set prefixlen_diff and new_prefix')
             prefixlen_diff = self._prefixlen - new_prefix
         if self.prefixlen - prefixlen_diff < 0:
             raise ValueError(
                 'current prefixlen is %d, cannot have a prefixlen_diff of %d' %
                 (self.prefixlen, prefixlen_diff))
         return IPNetwork('%s/%s' % (str(self.network),
                                     str(self.prefixlen - prefixlen_diff)),
                          version=self._version)
     # backwards compatibility
     Subnet = subnet
     Supernet = supernet
     AddressExclude = address_exclude
     CompareNetworks = compare_networks
     Contains = __contains__
 class _BaseV4(object):
     """Base IPv4 object.
     The following methods are used by IPv4 objects in both single IP
     addresses and networks.
     """
     # Equivalent to 255.255.255.255 or 32 bits of 1's.
     _ALL_ONES = (2 ** IPV4LENGTH) - 1
     _DECIMAL_DIGITS = frozenset('0123456789')
     def __init__(self, address):
         self._version = 4
         self._max_prefixlen = IPV4LENGTH
     def _explode_shorthand_ip_string(self):
         return str(self)
     def _ip_int_from_string(self, ip_str):
         """Turn the given IP string into an integer for comparison.
         Args:
             ip_str: A string, the IP ip_str.
         Returns:
             The IP ip_str as an integer.
         Raises:
             AddressValueError: if ip_str isn't a valid IPv4 Address.
         """
         octets = ip_str.split('.')
         if len(octets) != 4:
             raise AddressValueError(ip_str)
         packed_ip = 0
         for oc in octets:
             try:
                 packed_ip = (packed_ip << 8) | self._parse_octet(oc)
             except ValueError:
                 raise AddressValueError(ip_str)
         return packed_ip
     def _parse_octet(self, octet_str):
         """Convert a decimal octet into an integer.
         Args:
             octet_str: A string, the number to parse.
         Returns:
             The octet as an integer.
         Raises:
             ValueError: if the octet isn't strictly a decimal from [0..255].
         """
         # Whitelist the characters, since int() allows a lot of bizarre stuff.
         if not self._DECIMAL_DIGITS.issuperset(octet_str):
             raise ValueError
         octet_int = int(octet_str, 10)
         # Disallow leading zeroes, because no clear standard exists on
         # whether these should be interpreted as decimal or octal.
         if octet_int > 255 or (octet_str[0] == '0' and len(octet_str) > 1):
             raise ValueError
         return octet_int
     def _string_from_ip_int(self, ip_int):
         """Turns a 32-bit integer into dotted decimal notation.
         Args:
             ip_int: An integer, the IP address.
         Returns:
             The IP address as a string in dotted decimal notation.
         """
         octets = []
         for _ in xrange(4):
             octets.insert(0, str(ip_int & 0xFF))
             ip_int >>= 8
         return '.'.join(octets)
     @property
     def max_prefixlen(self):
         return self._max_prefixlen
     @property
     def packed(self):
         """The binary representation of this address."""
         return v4_int_to_packed(self._ip)
     @property
     def version(self):
         return self._version
     @property
     def is_reserved(self):
         """Test if the address is otherwise IETF reserved.
          Returns:
              A boolean, True if the address is within the
              reserved IPv4 Network range.
         """
         return self in IPv4Network('240.0.0.0/4')
     @property
     def is_private(self):
         """Test if this address is allocated for private networks.
         Returns:
             A boolean, True if the address is reserved per RFC 1918.
         """
         return (self in IPv4Network('10.0.0.0/8') or
                 self in IPv4Network('172.16.0.0/12') or
                 self in IPv4Network('192.168.0.0/16'))
     @property
     def is_multicast(self):
         """Test if the address is reserved for multicast use.
         Returns:
             A boolean, True if the address is multicast.
             See RFC 3171 for details.
         """
         return self in IPv4Network('224.0.0.0/4')
     @property
     def is_unspecified(self):
         """Test if the address is unspecified.
         Returns:
             A boolean, True if this is the unspecified address as defined in
             RFC 5735 3.
         """
         return self in IPv4Network('0.0.0.0')
     @property
     def is_loopback(self):
         """Test if the address is a loopback address.
         Returns:
             A boolean, True if the address is a loopback per RFC 3330.
         """
         return self in IPv4Network('127.0.0.0/8')
     @property
     def is_link_local(self):
         """Test if the address is reserved for link-local.
         Returns:
             A boolean, True if the address is link-local per RFC 3927.
         """
         return self in IPv4Network('169.254.0.0/16')
 class IPv4Address(_BaseV4, _BaseIP):
     """Represent and manipulate single IPv4 Addresses."""
     def __init__(self, address):
         """
         Args:
             address: A string or integer representing the IP
               '192.168.1.1'
               Additionally, an integer can be passed, so
               IPv4Address('192.168.1.1') == IPv4Address(3232235777).
               or, more generally
               IPv4Address(int(IPv4Address('192.168.1.1'))) ==
                 IPv4Address('192.168.1.1')
         Raises:
             AddressValueError: If ipaddr isn't a valid IPv4 address.
         """
         _BaseV4.__init__(self, address)
         # Efficient constructor from integer.
         if isinstance(address, (int, long)):
             self._ip = address
             if address < 0 or address > self._ALL_ONES:
                 raise AddressValueError(address)
             return
         # Constructing from a packed address
         if isinstance(address, Bytes):
             try:
                 self._ip, = struct.unpack('!I', address)
             except struct.error:
                 raise AddressValueError(address)  # Wrong length.
             return
         # Assume input argument to be string or any object representation
         # which converts into a formatted IP string.
         addr_str = str(address)
         self._ip = self._ip_int_from_string(addr_str)
 class IPv4Network(_BaseV4, _BaseNet):
     """This class represents and manipulates 32-bit IPv4 networks.
     Attributes: [examples for IPv4Network('1.2.3.4/27')]
         ._ip: 16909060
         .ip: IPv4Address('1.2.3.4')
         .network: IPv4Address('1.2.3.0')
         .hostmask: IPv4Address('0.0.0.31')
         .broadcast: IPv4Address('1.2.3.31')
         .netmask: IPv4Address('255.255.255.224')
         .prefixlen: 27
     """
     # the valid octets for host and netmasks. only useful for IPv4.
     _valid_mask_octets = set((255, 254, 252, 248, 240, 224, 192, 128, 0))
     def __init__(self, address, strict=False):
         """Instantiate a new IPv4 network object.
         Args:
             address: A string or integer representing the IP [& network].
               '192.168.1.1/24'
               '192.168.1.1/255.255.255.0'
               '192.168.1.1/0.0.0.255'
               are all functionally the same in IPv4. Similarly,
               '192.168.1.1'
               '192.168.1.1/255.255.255.255'
               '192.168.1.1/32'
               are also functionaly equivalent. That is to say, failing to
               provide a subnetmask will create an object with a mask of /32.
               If the mask (portion after the / in the argument) is given in
               dotted quad form, it is treated as a netmask if it starts with a
               non-zero field (e.g. /255.0.0.0 == /8) and as a hostmask if it
               starts with a zero field (e.g. 0.255.255.255 == /8), with the
               single exception of an all-zero mask which is treated as a
               netmask == /0. If no mask is given, a default of /32 is used.
               Additionally, an integer can be passed, so
               IPv4Network('192.168.1.1') == IPv4Network(3232235777).
               or, more generally
               IPv4Network(int(IPv4Network('192.168.1.1'))) ==
                 IPv4Network('192.168.1.1')
             strict: A boolean. If true, ensure that we have been passed
               A true network address, eg, 192.168.1.0/24 and not an
               IP address on a network, eg, 192.168.1.1/24.
         Raises:
             AddressValueError: If ipaddr isn't a valid IPv4 address.
             NetmaskValueError: If the netmask isn't valid for
               an IPv4 address.
             ValueError: If strict was True and a network address was not
               supplied.
         """
         _BaseNet.__init__(self, address)
         _BaseV4.__init__(self, address)
         # Constructing from an integer or packed bytes.
         if isinstance(address, (int, long, Bytes)):
             self.ip = IPv4Address(address)
             self._ip = self.ip._ip
             self._prefixlen = self._max_prefixlen
             self.netmask = IPv4Address(self._ALL_ONES)
             return
         # Assume input argument to be string or any object representation
         # which converts into a formatted IP prefix string.
         addr = str(address).split('/')
         if len(addr) > 2:
             raise AddressValueError(address)
         self._ip = self._ip_int_from_string(addr[0])
         self.ip = IPv4Address(self._ip)
         if len(addr) == 2:
             mask = addr[1].split('.')
             if len(mask) == 4:
                 # We have dotted decimal netmask.
                 if self._is_valid_netmask(addr[1]):
                     self.netmask = IPv4Address(self._ip_int_from_string(
                             addr[1]))
                 elif self._is_hostmask(addr[1]):
                     self.netmask = IPv4Address(
                         self._ip_int_from_string(addr[1]) ^ self._ALL_ONES)
                 else:
                     raise NetmaskValueError('%s is not a valid netmask'
                                                      % addr[1])
                 self._prefixlen = self._prefix_from_ip_int(int(self.netmask))
             else:
                 # We have a netmask in prefix length form.
                 if not self._is_valid_netmask(addr[1]):
                     raise NetmaskValueError(addr[1])
                 self._prefixlen = int(addr[1])
                 self.netmask = IPv4Address(self._ip_int_from_prefix(
                     self._prefixlen))
         else:
             self._prefixlen = self._max_prefixlen
             self.netmask = IPv4Address(self._ip_int_from_prefix(
                 self._prefixlen))
         if strict:
             if self.ip != self.network:
                 raise ValueError('%s has host bits set' %
                                  self.ip)
         if self._prefixlen == (self._max_prefixlen - 1):
             self.iterhosts = self.__iter__
     def _is_hostmask(self, ip_str):
         """Test if the IP string is a hostmask (rather than a netmask).
         Args:
             ip_str: A string, the potential hostmask.
         Returns:
             A boolean, True if the IP string is a hostmask.
         """
         bits = ip_str.split('.')
         try:
             parts = [int(x) for x in bits if int(x) in self._valid_mask_octets]
         except ValueError:
             return False
         if len(parts) != len(bits):
             return False
         if parts[0] < parts[-1]:
             return True
         return False
     def _is_valid_netmask(self, netmask):
         """Verify that the netmask is valid.
         Args:
             netmask: A string, either a prefix or dotted decimal
               netmask.
         Returns:
             A boolean, True if the prefix represents a valid IPv4
             netmask.
         """
         mask = netmask.split('.')
         if len(mask) == 4:
             if [x for x in mask if int(x) not in self._valid_mask_octets]:
                 return False
             if [y for idx, y in enumerate(mask) if idx > 0 and
                 y > mask[idx - 1]]:
                 return False
             return True
         try:
             netmask = int(netmask)
         except ValueError:
             return False
         return 0 <= netmask <= self._max_prefixlen
     # backwards compatibility
     IsRFC1918 = lambda self: self.is_private
     IsMulticast = lambda self: self.is_multicast
     IsLoopback = lambda self: self.is_loopback
     IsLinkLocal = lambda self: self.is_link_local
 class _BaseV6(object):
     """Base IPv6 object.
     The following methods are used by IPv6 objects in both single IP
     addresses and networks.
     """
     _ALL_ONES = (2 ** IPV6LENGTH) - 1
     _HEXTET_COUNT = 8
     _HEX_DIGITS = frozenset('0123456789ABCDEFabcdef')
     def __init__(self, address):
         self._version = 6
         self._max_prefixlen = IPV6LENGTH
     def _ip_int_from_string(self, ip_str):
         """Turn an IPv6 ip_str into an integer.
         Args:
             ip_str: A string, the IPv6 ip_str.
         Returns:
             A long, the IPv6 ip_str.
         Raises:
             AddressValueError: if ip_str isn't a valid IPv6 Address.
         """
         parts = ip_str.split(':')
         # An IPv6 address needs at least 2 colons (3 parts).
         if len(parts) < 3:
             raise AddressValueError(ip_str)
         # If the address has an IPv4-style suffix, convert it to hexadecimal.
         if '.' in parts[-1]:
             ipv4_int = IPv4Address(parts.pop())._ip
             parts.append('%x' % ((ipv4_int >> 16) & 0xFFFF))
             parts.append('%x' % (ipv4_int & 0xFFFF))
         # An IPv6 address can't have more than 8 colons (9 parts).
         if len(parts) > self._HEXTET_COUNT + 1:
             raise AddressValueError(ip_str)
         # Disregarding the endpoints, find '::' with nothing in between.
         # This indicates that a run of zeroes has been skipped.
         try:
             skip_index, = (
                 [i for i in xrange(1, len(parts) - 1) if not parts[i]] or
                 [None])
         except ValueError:
             # Can't have more than one '::'
             raise AddressValueError(ip_str)
         # parts_hi is the number of parts to copy from above/before the '::'
         # parts_lo is the number of parts to copy from below/after the '::'
         if skip_index is not None:
             # If we found a '::', then check if it also covers the endpoints.
             parts_hi = skip_index
             parts_lo = len(parts) - skip_index - 1
             if not parts[0]:
                 parts_hi -= 1
                 if parts_hi:
                     raise AddressValueError(ip_str)  # ^: requires ^::
             if not parts[-1]:
                 parts_lo -= 1
                 if parts_lo:
                     raise AddressValueError(ip_str)  # :$ requires ::$
             parts_skipped = self._HEXTET_COUNT - (parts_hi + parts_lo)
             if parts_skipped < 1:
                 raise AddressValueError(ip_str)
         else:
             # Otherwise, allocate the entire address to parts_hi.  The endpoints
             # could still be empty, but _parse_hextet() will check for that.
             if len(parts) != self._HEXTET_COUNT:
                 raise AddressValueError(ip_str)
             parts_hi = len(parts)
             parts_lo = 0
             parts_skipped = 0
         try:
             # Now, parse the hextets into a 128-bit integer.
             ip_int = 0L
             for i in xrange(parts_hi):
                 ip_int <<= 16
                 ip_int |= self._parse_hextet(parts[i])
             ip_int <<= 16 * parts_skipped
             for i in xrange(-parts_lo, 0):
                 ip_int <<= 16
                 ip_int |= self._parse_hextet(parts[i])
             return ip_int
         except ValueError:
             raise AddressValueError(ip_str)
     def _parse_hextet(self, hextet_str):
         """Convert an IPv6 hextet string into an integer.
         Args:
             hextet_str: A string, the number to parse.
         Returns:
             The hextet as an integer.
         Raises:
             ValueError: if the input isn't strictly a hex number from [0..FFFF].
         """
         # Whitelist the characters, since int() allows a lot of bizarre stuff.
         if not self._HEX_DIGITS.issuperset(hextet_str):
             raise ValueError
         if len(hextet_str) > 4:
             raise ValueError
         hextet_int = int(hextet_str, 16)
         if hextet_int > 0xFFFF:
             raise ValueError
         return hextet_int
     def _compress_hextets(self, hextets):
         """Compresses a list of hextets.
         Compresses a list of strings, replacing the longest continuous
         sequence of "0" in the list with "" and adding empty strings at
         the beginning or at the end of the string such that subsequently
         calling ":".join(hextets) will produce the compressed version of
         the IPv6 address.
         Args:
             hextets: A list of strings, the hextets to compress.
         Returns:
             A list of strings.
         """
         best_doublecolon_start = -1
         best_doublecolon_len = 0
         doublecolon_start = -1
         doublecolon_len = 0
         for index in range(len(hextets)):
             if hextets[index] == '0':
                 doublecolon_len += 1
                 if doublecolon_start == -1:
                     # Start of a sequence of zeros.
                     doublecolon_start = index
                 if doublecolon_len > best_doublecolon_len:
                     # This is the longest sequence of zeros so far.
                     best_doublecolon_len = doublecolon_len
                     best_doublecolon_start = doublecolon_start
             else:
                 doublecolon_len = 0
                 doublecolon_start = -1
         if best_doublecolon_len > 1:
             best_doublecolon_end = (best_doublecolon_start +
                                     best_doublecolon_len)
             # For zeros at the end of the address.
             if best_doublecolon_end == len(hextets):
                 hextets += ['']
             hextets[best_doublecolon_start:best_doublecolon_end] = ['']
             # For zeros at the beginning of the address.
             if best_doublecolon_start == 0:
                 hextets = [''] + hextets
         return hextets
     def _string_from_ip_int(self, ip_int=None):
         """Turns a 128-bit integer into hexadecimal notation.
         Args:
             ip_int: An integer, the IP address.
         Returns:
             A string, the hexadecimal representation of the address.
         Raises:
             ValueError: The address is bigger than 128 bits of all ones.
         """
         if not ip_int and ip_int != 0:
             ip_int = int(self._ip)
         if ip_int > self._ALL_ONES:
             raise ValueError('IPv6 address is too large')
         hex_str = '%032x' % ip_int
         hextets = []
         for x in range(0, 32, 4):
             hextets.append('%x' % int(hex_str[x:x + 4], 16))
         hextets = self._compress_hextets(hextets)
         return ':'.join(hextets)
     def _explode_shorthand_ip_string(self):
         """Expand a shortened IPv6 address.
         Args:
             ip_str: A string, the IPv6 address.
         Returns:
             A string, the expanded IPv6 address.
         """
         if isinstance(self, _BaseNet):
             ip_str = str(self.ip)
         else:
             ip_str = str(self)
         ip_int = self._ip_int_from_string(ip_str)
         parts = []
         for i in xrange(self._HEXTET_COUNT):
             parts.append('%04x' % (ip_int & 0xFFFF))
             ip_int >>= 16
         parts.reverse()
         if isinstance(self, _BaseNet):
             return '%s/%d' % (':'.join(parts), self.prefixlen)
         return ':'.join(parts)
     @property
     def max_prefixlen(self):
         return self._max_prefixlen
     @property
     def packed(self):
         """The binary representation of this address."""
         return v6_int_to_packed(self._ip)
     @property
     def version(self):
         return self._version
     @property
     def is_multicast(self):
         """Test if the address is reserved for multicast use.
         Returns:
             A boolean, True if the address is a multicast address.
             See RFC 2373 2.7 for details.
         """
         return self in IPv6Network('ff00::/8')
     @property
     def is_reserved(self):
         """Test if the address is otherwise IETF reserved.
         Returns:
             A boolean, True if the address is within one of the
             reserved IPv6 Network ranges.
         """
         return (self in IPv6Network('::/8') or
                 self in IPv6Network('100::/8') or
                 self in IPv6Network('200::/7') or
                 self in IPv6Network('400::/6') or
                 self in IPv6Network('800::/5') or
                 self in IPv6Network('1000::/4') or
                 self in IPv6Network('4000::/3') or
                 self in IPv6Network('6000::/3') or
                 self in IPv6Network('8000::/3') or
                 self in IPv6Network('A000::/3') or
                 self in IPv6Network('C000::/3') or
                 self in IPv6Network('E000::/4') or
                 self in IPv6Network('F000::/5') or
                 self in IPv6Network('F800::/6') or
                 self in IPv6Network('FE00::/9'))
     @property
     def is_unspecified(self):
         """Test if the address is unspecified.
         Returns:
             A boolean, True if this is the unspecified address as defined in
             RFC 2373 2.5.2.
         """
         return self._ip == 0 and getattr(self, '_prefixlen', 128) == 128
     @property
     def is_loopback(self):
         """Test if the address is a loopback address.
         Returns:
             A boolean, True if the address is a loopback address as defined in
             RFC 2373 2.5.3.
         """
         return self._ip == 1 and getattr(self, '_prefixlen', 128) == 128
     @property
     def is_link_local(self):
         """Test if the address is reserved for link-local.
         Returns:
             A boolean, True if the address is reserved per RFC 4291.
         """
         return self in IPv6Network('fe80::/10')
     @property
     def is_site_local(self):
         """Test if the address is reserved for site-local.
         Note that the site-local address space has been deprecated by RFC 3879.
         Use is_private to test if this address is in the space of unique local
         addresses as defined by RFC 4193.
         Returns:
             A boolean, True if the address is reserved per RFC 3513 2.5.6.
         """
         return self in IPv6Network('fec0::/10')
     @property
     def is_private(self):
         """Test if this address is allocated for private networks.
         Returns:
             A boolean, True if the address is reserved per RFC 4193.
         """
         return self in IPv6Network('fc00::/7')
     @property
     def ipv4_mapped(self):
         """Return the IPv4 mapped address.
         Returns:
             If the IPv6 address is a v4 mapped address, return the
             IPv4 mapped address. Return None otherwise.
         """
         if (self._ip >> 32) != 0xFFFF:
             return None
         return IPv4Address(self._ip & 0xFFFFFFFF)
     @property
     def teredo(self):
         """Tuple of embedded teredo IPs.
         Returns:
             Tuple of the (server, client) IPs or None if the address
             doesn't appear to be a teredo address (doesn't start with
 ::/32)
         """
         if (self._ip >> 96) != 0x20010000:
             return None
         return (IPv4Address((self._ip >> 64) & 0xFFFFFFFF),
                 IPv4Address(~self._ip & 0xFFFFFFFF))
     @property
     def sixtofour(self):
         """Return the IPv4 6to4 embedded address.
         Returns:
             The IPv4 6to4-embedded address if present or None if the
             address doesn't appear to contain a 6to4 embedded address.
         """
         if (self._ip >> 112) != 0x2002:
             return None
         return IPv4Address((self._ip >> 80) & 0xFFFFFFFF)
 class IPv6Address(_BaseV6, _BaseIP):
     """Represent and manipulate single IPv6 Addresses.
     """
     def __init__(self, address):
         """Instantiate a new IPv6 address object.
         Args:
             address: A string or integer representing the IP
               Additionally, an integer can be passed, so
               IPv6Address('2001:4860::') ==
                 IPv6Address(42541956101370907050197289607612071936L).
               or, more generally
               IPv6Address(IPv6Address('2001:4860::')._ip) ==
                 IPv6Address('2001:4860::')
         Raises:
             AddressValueError: If address isn't a valid IPv6 address.
         """
         _BaseV6.__init__(self, address)
         # Efficient constructor from integer.
         if isinstance(address, (int, long)):
             self._ip = address
             if address < 0 or address > self._ALL_ONES:
                 raise AddressValueError(address)
             return
         # Constructing from a packed address
         if isinstance(address, Bytes):
             try:
                 hi, lo = struct.unpack('!QQ', address)
             except struct.error:
                 raise AddressValueError(address)  # Wrong length.
             self._ip = (hi << 64) | lo
             return
         # Assume input argument to be string or any object representation
         # which converts into a formatted IP string.
         addr_str = str(address)
         if not addr_str:
             raise AddressValueError('')
         self._ip = self._ip_int_from_string(addr_str)
 class IPv6Network(_BaseV6, _BaseNet):
     """This class represents and manipulates 128-bit IPv6 networks.
     Attributes: [examples for IPv6('2001:658:22A:CAFE:200::1/64')]
         .ip: IPv6Address('2001:658:22a:cafe:200::1')
         .network: IPv6Address('2001:658:22a:cafe::')
         .hostmask: IPv6Address('::ffff:ffff:ffff:ffff')
         .broadcast: IPv6Address('2001:658:22a:cafe:ffff:ffff:ffff:ffff')
         .netmask: IPv6Address('ffff:ffff:ffff:ffff::')
         .prefixlen: 64
     """
     def __init__(self, address, strict=False):
         """Instantiate a new IPv6 Network object.
         Args:
             address: A string or integer representing the IPv6 network or the IP
               and prefix/netmask.
               '2001:4860::/128'
               '2001:4860:0000:0000:0000:0000:0000:0000/128'
               '2001:4860::'
               are all functionally the same in IPv6.  That is to say,
               failing to provide a subnetmask will create an object with
               a mask of /128.
               Additionally, an integer can be passed, so
               IPv6Network('2001:4860::') ==
                 IPv6Network(42541956101370907050197289607612071936L).
               or, more generally
               IPv6Network(IPv6Network('2001:4860::')._ip) ==
                 IPv6Network('2001:4860::')
             strict: A boolean. If true, ensure that we have been passed
               A true network address, eg, 192.168.1.0/24 and not an
               IP address on a network, eg, 192.168.1.1/24.
         Raises:
             AddressValueError: If address isn't a valid IPv6 address.
             NetmaskValueError: If the netmask isn't valid for
               an IPv6 address.
             ValueError: If strict was True and a network address was not
               supplied.
         """
         _BaseNet.__init__(self, address)
         _BaseV6.__init__(self, address)
         # Constructing from an integer or packed bytes.
         if isinstance(address, (int, long, Bytes)):
             self.ip = IPv6Address(address)
             self._ip = self.ip._ip
             self._prefixlen = self._max_prefixlen
             self.netmask = IPv6Address(self._ALL_ONES)
             return
         # Assume input argument to be string or any object representation
         # which converts into a formatted IP prefix string.
         addr = str(address).split('/')
         if len(addr) > 2:
             raise AddressValueError(address)
         self._ip = self._ip_int_from_string(addr[0])
         self.ip = IPv6Address(self._ip)
         if len(addr) == 2:
             if self._is_valid_netmask(addr[1]):
                 self._prefixlen = int(addr[1])
             else:
                 raise NetmaskValueError(addr[1])
         else:
             self._prefixlen = self._max_prefixlen
         self.netmask = IPv6Address(self._ip_int_from_prefix(self._prefixlen))
         if strict:
             if self.ip != self.network:
                 raise ValueError('%s has host bits set' %
                                  self.ip)
         if self._prefixlen == (self._max_prefixlen - 1):
             self.iterhosts = self.__iter__
     def _is_valid_netmask(self, prefixlen):
         """Verify that the netmask/prefixlen is valid.
         Args:
             prefixlen: A string, the netmask in prefix length format.
         Returns:
             A boolean, True if the prefix represents a valid IPv6
             netmask.
         """
         try:
             prefixlen = int(prefixlen)
         except ValueError:
             return False
         return 0 <= prefixlen <= self._max_prefixlen
     @property
     def with_netmask(self):
         return self.with_prefixlen

rhodecode/lib/middleware/simplegit.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.lib.middleware.simplegit
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     SimpleGit middleware for handling git protocol request (push/clone etc.)
     It's implemented with basic auth function
     :created_on: Apr 28, 2010
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import os
 import re
 import logging
 import traceback
 from dulwich import server as dulserver
 from dulwich.web import LimitedInputFilter, GunzipFilter
 from rhodecode.lib.exceptions import HTTPLockedRC
 from rhodecode.lib.hooks import pre_pull
 class SimpleGitUploadPackHandler(dulserver.UploadPackHandler):
     def handle(self):
         write = lambda x: self.proto.write_sideband(1, x)
         graph_walker = dulserver.ProtocolGraphWalker(self,
                                                      self.repo.object_store,
                                                      self.repo.get_peeled)
         objects_iter = self.repo.fetch_objects(
           graph_walker.determine_wants, graph_walker, self.progress,
           get_tagged=self.get_tagged)
         # Did the process short-circuit (e.g. in a stateless RPC call)? Note
         # that the client still expects a 0-object pack in most cases.
         if objects_iter is None:
             return
         self.progress("counting objects: %d, done.\n" % len(objects_iter))
         dulserver.write_pack_objects(dulserver.ProtocolFile(None, write),
                                      objects_iter)
         messages = []
         messages.append('thank you for using rhodecode')
         for msg in messages:
             self.progress(msg + "\n")
         # we are done
         self.proto.write("0000")
 dulserver.DEFAULT_HANDLERS = {
   #git-ls-remote, git-clone, git-fetch and git-pull
   'git-upload-pack': SimpleGitUploadPackHandler,
   #git-push
   'git-receive-pack': dulserver.ReceivePackHandler,
+}
 # not used for now until dulwich get's fixed
 #from dulwich.repo import Repo
 #from dulwich.web import make_wsgi_chain
 from paste.httpheaders import REMOTE_USER, AUTH_TYPE
 from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \
     HTTPBadRequest, HTTPNotAcceptable
 from rhodecode.lib.utils2 import safe_str, fix_PATH, get_server_url
 from rhodecode.lib.base import BaseVCSController
 from rhodecode.lib.auth import get_container_username
 from rhodecode.lib.utils import is_valid_repo, make_ui
 from rhodecode.lib.compat import json
 from rhodecode.model.db import User, RhodeCodeUi
 log = logging.getLogger(__name__)
 GIT_PROTO_PAT = re.compile(r'^/(.+)/(info/refs|git-upload-pack|git-receive-pack)')
 def is_git(environ):
     path_info = environ['PATH_INFO']
     isgit_path = GIT_PROTO_PAT.match(path_info)
     log.debug('pathinfo: %s detected as GIT %s' % (
         path_info, isgit_path != None)
+    )
     return isgit_path
 class SimpleGit(BaseVCSController):
     def _handle_request(self, environ, start_response):
         if not is_git(environ):
             return self.application(environ, start_response)
         if not self._check_ssl(environ, start_response):
             return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response)
-        ipaddr = self._get_ip_addr(environ)
+        ip_addr = self._get_ip_addr(environ)
         username = None
         self._git_first_op = False
         # skip passing error to error controller
         environ['pylons.status_code_redirect'] = True
         #======================================================================
         # EXTRACT REPOSITORY NAME FROM ENV
         #======================================================================
         try:
             repo_name = self.__get_repository(environ)
             log.debug('Extracted repo name is %s' % repo_name)
         except:
             return HTTPInternalServerError()(environ, start_response)
         # quick check if that dir exists...
         if is_valid_repo(repo_name, self.basepath, 'git') is False:
             return HTTPNotFound()(environ, start_response)
         #======================================================================
         # GET ACTION PULL or PUSH
         #======================================================================
         action = self.__get_action(environ)
         #======================================================================
         # CHECK ANONYMOUS PERMISSION
         #======================================================================
         if action in ['pull', 'push']:
             anonymous_user = self.__get_user('default')
             username = anonymous_user.username
             anonymous_perm = self._check_permission(action, anonymous_user,
                                                     repo_name)
+                                                    repo_name, ip_addr)
             if anonymous_perm is not True or anonymous_user.active is False:
                 if anonymous_perm is not True:
                     log.debug('Not enough credentials to access this '
                               'repository as anonymous user')
                 if anonymous_user.active is False:
                     log.debug('Anonymous access is disabled, running '
                               'authentication')
                 #==============================================================
                 # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
                 # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
                 #==============================================================
                 # Attempting to retrieve username from the container
                 username = get_container_username(environ, self.config)
                 # If not authenticated by the container, running basic auth
                 if not username:
                     self.authenticate.realm = \
                         safe_str(self.config['rhodecode_realm'])
                     result = self.authenticate(environ)
                     if isinstance(result, str):
                         AUTH_TYPE.update(environ, 'basic')
                         REMOTE_USER.update(environ, result)
                         username = result
                     else:
                         return result.wsgi_application(environ, start_response)
                 #==============================================================
                 # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME
                 #==============================================================
                 try:
                     user = self.__get_user(username)
                     if user is None or not user.active:
                         return HTTPForbidden()(environ, start_response)
                     username = user.username
                 except:
                     log.error(traceback.format_exc())
                     return HTTPInternalServerError()(environ, start_response)
                 #check permissions for this repository
                 perm = self._check_permission(action, user, repo_name)
+                perm = self._check_permission(action, user, repo_name, ip_addr)
                 if perm is not True:
                     return HTTPForbidden()(environ, start_response)
         # extras are injected into UI object and later available
         # in hooks executed by rhodecode
         from rhodecode import CONFIG
         server_url = get_server_url(environ)
         extras = {
-            'ip': ipaddr,
+            'ip': ip_addr,
             'username': username,
             'action': action,
             'repository': repo_name,
             'scm': 'git',
             'config': CONFIG['__file__'],
             'server_url': server_url,
             'make_lock': None,
             'locked_by': [None, None]
+        }
         #===================================================================
         # GIT REQUEST HANDLING
         #===================================================================
         repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name))
         log.debug('Repository path is %s' % repo_path)
         # CHECK LOCKING only if it's not ANONYMOUS USER
         if username != User.DEFAULT_USER:
             log.debug('Checking locking on repository')
             (make_lock,
              locked,
              locked_by) = self._check_locking_state(
                             environ=environ, action=action,
                             repo=repo_name, user_id=user.user_id
+                       )
             # store the make_lock for later evaluation in hooks
             extras.update({'make_lock': make_lock,
                            'locked_by': locked_by})
         # set the environ variables for this request
         os.environ['RC_SCM_DATA'] = json.dumps(extras)
         fix_PATH()
         log.debug('HOOKS extras is %s' % extras)
         baseui = make_ui('db')
         self.__inject_extras(repo_path, baseui, extras)
         try:
             # invalidate cache on push
             if action == 'push':
                 self._invalidate_cache(repo_name)
             self._handle_githooks(repo_name, action, baseui, environ)
             log.info('%s action on GIT repo "%s"' % (action, repo_name))
             app = self.__make_app(repo_name, repo_path, extras)
             return app(environ, start_response)
         except HTTPLockedRC, e:
             log.debug('Repositry LOCKED ret code 423!')
             return e(environ, start_response)
         except Exception:
             log.error(traceback.format_exc())
             return HTTPInternalServerError()(environ, start_response)
     def __make_app(self, repo_name, repo_path, extras):
         """
         Make an wsgi application using dulserver
         :param repo_name: name of the repository
         :param repo_path: full path to the repository
         """
         from rhodecode.lib.middleware.pygrack import make_wsgi_app
         app = make_wsgi_app(
             repo_root=safe_str(self.basepath),
             repo_name=repo_name,
             extras=extras,
+        )
         app = GunzipFilter(LimitedInputFilter(app))
         return app
     def __get_repository(self, environ):
         """
         Get's repository name out of PATH_INFO header
         :param environ: environ where PATH_INFO is stored
         """
         try:
             environ['PATH_INFO'] = self._get_by_id(environ['PATH_INFO'])
             repo_name = GIT_PROTO_PAT.match(environ['PATH_INFO']).group(1)
         except:
             log.error(traceback.format_exc())
             raise
         return repo_name
     def __get_user(self, username):
         return User.get_by_username(username)
     def __get_action(self, environ):
         """
         Maps git request commands into a pull or push command.
         :param environ:
         """
         service = environ['QUERY_STRING'].split('=')
         if len(service) > 1:
             service_cmd = service[1]
             mapping = {
                 'git-receive-pack': 'push',
                 'git-upload-pack': 'pull',
+            }
             op = mapping[service_cmd]
             self._git_stored_op = op
             return op
         else:
             # try to fallback to stored variable as we don't know if the last
             # operation is pull/push
             op = getattr(self, '_git_stored_op', 'pull')
         return op
     def _handle_githooks(self, repo_name, action, baseui, environ):
         """
         Handles pull action, push is handled by post-receive hook
         """
         from rhodecode.lib.hooks import log_pull_action
         service = environ['QUERY_STRING'].split('=')
         if len(service) < 2:
             return
         from rhodecode.model.db import Repository
         _repo = Repository.get_by_repo_name(repo_name)
         _repo = _repo.scm_instance
         _repo._repo.ui = baseui
         _hooks = dict(baseui.configitems('hooks')) or {}
         if action == 'pull':
             # stupid git, emulate pre-pull hook !
             pre_pull(ui=baseui, repo=_repo._repo)
         if action == 'pull' and _hooks.get(RhodeCodeUi.HOOK_PULL):
             log_pull_action(ui=baseui, repo=_repo._repo)
     def __inject_extras(self, repo_path, baseui, extras={}):
         """
         Injects some extra params into baseui instance
         :param baseui: baseui instance
         :param extras: dict with extra params to put into baseui
         """
         # make our hgweb quiet so it doesn't print output
         baseui.setconfig('ui', 'quiet', 'true')
         #inject some additional parameters that will be available in ui
         #for hooks
         for k, v in extras.items():
             baseui.setconfig('rhodecode_extras', k, v)

rhodecode/lib/middleware/simplehg.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.lib.middleware.simplehg
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     SimpleHG middleware for handling mercurial protocol request
     (push/clone etc.). It's implemented with basic auth function
     :created_on: Apr 28, 2010
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import os
 import logging
 import traceback
 from mercurial.error import RepoError
 from mercurial.hgweb import hgweb_mod
 from paste.httpheaders import REMOTE_USER, AUTH_TYPE
 from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \
     HTTPBadRequest, HTTPNotAcceptable
 from rhodecode.lib.utils2 import safe_str, fix_PATH, get_server_url
 from rhodecode.lib.base import BaseVCSController
 from rhodecode.lib.auth import get_container_username
 from rhodecode.lib.utils import make_ui, is_valid_repo, ui_sections
 from rhodecode.lib.compat import json
 from rhodecode.model.db import User
 from rhodecode.lib.exceptions import HTTPLockedRC
 log = logging.getLogger(__name__)
 def is_mercurial(environ):
     """
     Returns True if request's target is mercurial server - header
     ``HTTP_ACCEPT`` of such request would start with ``application/mercurial``.
     """
     http_accept = environ.get('HTTP_ACCEPT')
     path_info = environ['PATH_INFO']
     if http_accept and http_accept.startswith('application/mercurial'):
         ishg_path = True
     else:
         ishg_path = False
     log.debug('pathinfo: %s detected as HG %s' % (
         path_info, ishg_path)
+    )
     return ishg_path
 class SimpleHg(BaseVCSController):
     def _handle_request(self, environ, start_response):
         if not is_mercurial(environ):
             return self.application(environ, start_response)
         if not self._check_ssl(environ, start_response):
             return HTTPNotAcceptable('SSL REQUIRED !')(environ, start_response)
-        ipaddr = self._get_ip_addr(environ)
+        ip_addr = self._get_ip_addr(environ)
         username = None
         # skip passing error to error controller
         environ['pylons.status_code_redirect'] = True
         #======================================================================
         # EXTRACT REPOSITORY NAME FROM ENV
         #======================================================================
         try:
             repo_name = environ['REPO_NAME'] = self.__get_repository(environ)
             log.debug('Extracted repo name is %s' % repo_name)
         except:
             return HTTPInternalServerError()(environ, start_response)
         # quick check if that dir exists...
         if is_valid_repo(repo_name, self.basepath, 'hg') is False:
             return HTTPNotFound()(environ, start_response)
         #======================================================================
         # GET ACTION PULL or PUSH
         #======================================================================
         action = self.__get_action(environ)
         #======================================================================
         # CHECK ANONYMOUS PERMISSION
         #======================================================================
         if action in ['pull', 'push']:
             anonymous_user = self.__get_user('default')
             username = anonymous_user.username
             anonymous_perm = self._check_permission(action, anonymous_user,
                                                     repo_name)
+                                                    repo_name, ip_addr)
             if anonymous_perm is not True or anonymous_user.active is False:
                 if anonymous_perm is not True:
                     log.debug('Not enough credentials to access this '
                               'repository as anonymous user')
                 if anonymous_user.active is False:
                     log.debug('Anonymous access is disabled, running '
                               'authentication')
                 #==============================================================
                 # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE
                 # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS
                 #==============================================================
                 # Attempting to retrieve username from the container
                 username = get_container_username(environ, self.config)
                 # If not authenticated by the container, running basic auth
                 if not username:
                     self.authenticate.realm = \
                         safe_str(self.config['rhodecode_realm'])
                     result = self.authenticate(environ)
                     if isinstance(result, str):
                         AUTH_TYPE.update(environ, 'basic')
                         REMOTE_USER.update(environ, result)
                         username = result
                     else:
                         return result.wsgi_application(environ, start_response)
                 #==============================================================
                 # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME
                 #==============================================================
                 try:
                     user = self.__get_user(username)
                     if user is None or not user.active:
                         return HTTPForbidden()(environ, start_response)
                     username = user.username
                 except:
                     log.error(traceback.format_exc())
                     return HTTPInternalServerError()(environ, start_response)
                 #check permissions for this repository
                 perm = self._check_permission(action, user, repo_name)
+                perm = self._check_permission(action, user, repo_name, ip_addr)
                 if perm is not True:
                     return HTTPForbidden()(environ, start_response)
         # extras are injected into mercurial UI object and later available
         # in hg hooks executed by rhodecode
         from rhodecode import CONFIG
         server_url = get_server_url(environ)
         extras = {
-            'ip': ipaddr,
+            'ip': ip_addr,
             'username': username,
             'action': action,
             'repository': repo_name,
             'scm': 'hg',
             'config': CONFIG['__file__'],
             'server_url': server_url,
             'make_lock': None,
             'locked_by': [None, None]
+        }
         #======================================================================
         # MERCURIAL REQUEST HANDLING
         #======================================================================
         repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name))
         log.debug('Repository path is %s' % repo_path)
         # CHECK LOCKING only if it's not ANONYMOUS USER
         if username != User.DEFAULT_USER:
             log.debug('Checking locking on repository')
             (make_lock,
              locked,
              locked_by) = self._check_locking_state(
                             environ=environ, action=action,
                             repo=repo_name, user_id=user.user_id
+                       )
             # store the make_lock for later evaluation in hooks
             extras.update({'make_lock': make_lock,
                            'locked_by': locked_by})
         # set the environ variables for this request
         os.environ['RC_SCM_DATA'] = json.dumps(extras)
         fix_PATH()
         log.debug('HOOKS extras is %s' % extras)
         baseui = make_ui('db')
         self.__inject_extras(repo_path, baseui, extras)
         try:
             # invalidate cache on push
             if action == 'push':
                 self._invalidate_cache(repo_name)
             log.info('%s action on HG repo "%s"' % (action, repo_name))
             app = self.__make_app(repo_path, baseui, extras)
             return app(environ, start_response)
         except RepoError, e:
             if str(e).find('not found') != -1:
                 return HTTPNotFound()(environ, start_response)
         except HTTPLockedRC, e:
             log.debug('Repositry LOCKED ret code 423!')
             return e(environ, start_response)
         except Exception:
             log.error(traceback.format_exc())
             return HTTPInternalServerError()(environ, start_response)
     def __make_app(self, repo_name, baseui, extras):
         """
         Make an wsgi application using hgweb, and inject generated baseui
         instance, additionally inject some extras into ui object
         """
         return hgweb_mod.hgweb(repo_name, name=repo_name, baseui=baseui)
     def __get_repository(self, environ):
         """
         Get's repository name out of PATH_INFO header
         :param environ: environ where PATH_INFO is stored
         """
         try:
             environ['PATH_INFO'] = self._get_by_id(environ['PATH_INFO'])
             repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])
             if repo_name.endswith('/'):
                 repo_name = repo_name.rstrip('/')
         except:
             log.error(traceback.format_exc())
             raise
         return repo_name
     def __get_user(self, username):
         return User.get_by_username(username)
     def __get_action(self, environ):
         """
         Maps mercurial request commands into a clone,pull or push command.
         This should always return a valid command string
         :param environ:
         """
         mapping = {'changegroup': 'pull',
                    'changegroupsubset': 'pull',
                    'stream_out': 'pull',
                    'listkeys': 'pull',
                    'unbundle': 'push',
                    'pushkey': 'push', }
         for qry in environ['QUERY_STRING'].split('&'):
             if qry.startswith('cmd'):
                 cmd = qry.split('=')[-1]
                 if cmd in mapping:
                     return mapping[cmd]
                 return 'pull'
         raise Exception('Unable to detect pull/push action !!'
                         'Are you using non standard command or client ?')
     def __inject_extras(self, repo_path, baseui, extras={}):
         """
         Injects some extra params into baseui instance
         also overwrites global settings with those takes from local hgrc file
         :param baseui: baseui instance
         :param extras: dict with extra params to put into baseui
         """
         hgrc = os.path.join(repo_path, '.hg', 'hgrc')
         # make our hgweb quiet so it doesn't print output
         baseui.setconfig('ui', 'quiet', 'true')
         #inject some additional parameters that will be available in ui
         #for hooks
         for k, v in extras.items():
             baseui.setconfig('rhodecode_extras', k, v)
         repoui = make_ui('file', hgrc, False)
         if repoui:
             #overwrite our ui instance with the section from hgrc file
             for section in ui_sections:
                 for k, v in repoui.configitems(section):
                     baseui.setconfig(section, k, v)

rhodecode/model/db.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.model.db
     ~~~~~~~~~~~~~~~~~~
     Database Models for RhodeCode
     :created_on: Apr 08, 2010
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import os
 import logging
 import datetime
 import traceback
 import hashlib
 import time
 from collections import defaultdict
 from sqlalchemy import *
 from sqlalchemy.ext.hybrid import hybrid_property
 from sqlalchemy.orm import relationship, joinedload, class_mapper, validates
 from sqlalchemy.exc import DatabaseError
 from beaker.cache import cache_region, region_invalidate
 from webob.exc import HTTPNotFound
 from pylons.i18n.translation import lazy_ugettext as _
 from rhodecode.lib.vcs import get_backend
 from rhodecode.lib.vcs.utils.helpers import get_scm
 from rhodecode.lib.vcs.exceptions import VCSError
 from rhodecode.lib.vcs.utils.lazy import LazyProperty
 from rhodecode.lib.utils2 import str2bool, safe_str, get_changeset_safe, \
     safe_unicode, remove_suffix, remove_prefix
 from rhodecode.lib.compat import json
 from rhodecode.lib.caching_query import FromCache
 from rhodecode.model.meta import Base, Session
 URL_SEP = '/'
 log = logging.getLogger(__name__)
 #==============================================================================
 # BASE CLASSES
 #==============================================================================
 _hash_key = lambda k: hashlib.md5(safe_str(k)).hexdigest()
 class BaseModel(object):
     """
     Base Model for all classess
     """
     @classmethod
     def _get_keys(cls):
         """return column names for this model """
         return class_mapper(cls).c.keys()
     def get_dict(self):
         """
         return dict with keys and values corresponding
         to this model data """
         d = {}
         for k in self._get_keys():
             d[k] = getattr(self, k)
         # also use __json__() if present to get additional fields
         _json_attr = getattr(self, '__json__', None)
         if _json_attr:
             # update with attributes from __json__
             if callable(_json_attr):
                 _json_attr = _json_attr()
             for k, val in _json_attr.iteritems():
                 d[k] = val
         return d
     def get_appstruct(self):
         """return list with keys and values tupples corresponding
         to this model data """
         l = []
         for k in self._get_keys():
             l.append((k, getattr(self, k),))
         return l
     def populate_obj(self, populate_dict):
         """populate model with data from given populate_dict"""
         for k in self._get_keys():
             if k in populate_dict:
                 setattr(self, k, populate_dict[k])
     @classmethod
     def query(cls):
         return Session().query(cls)
     @classmethod
     def get(cls, id_):
         if id_:
             return cls.query().get(id_)
     @classmethod
     def get_or_404(cls, id_):
         try:
             id_ = int(id_)
         except (TypeError, ValueError):
             raise HTTPNotFound
         res = cls.query().get(id_)
         if not res:
             raise HTTPNotFound
         return res
     @classmethod
     def getAll(cls):
         return cls.query().all()
     @classmethod
     def delete(cls, id_):
         obj = cls.query().get(id_)
         Session().delete(obj)
     def __repr__(self):
         if hasattr(self, '__unicode__'):
             # python repr needs to return str
             return safe_str(self.__unicode__())
         return '<DB:%s>' % (self.__class__.__name__)
 class RhodeCodeSetting(Base, BaseModel):
     __tablename__ = 'rhodecode_settings'
     __table_args__ = (
         UniqueConstraint('app_settings_name'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     app_settings_name = Column("app_settings_name", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     _app_settings_value = Column("app_settings_value", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     def __init__(self, k='', v=''):
         self.app_settings_name = k
         self.app_settings_value = v
     @validates('_app_settings_value')
     def validate_settings_value(self, key, val):
         assert type(val) == unicode
         return val
     @hybrid_property
     def app_settings_value(self):
         v = self._app_settings_value
         if self.app_settings_name in ["ldap_active",
                                       "default_repo_enable_statistics",
                                       "default_repo_enable_locking",
                                       "default_repo_private",
                                       "default_repo_enable_downloads"]:
             v = str2bool(v)
         return v
     @app_settings_value.setter
     def app_settings_value(self, val):
         """
         Setter that will always make sure we use unicode in app_settings_value
         :param val:
         """
         self._app_settings_value = safe_unicode(val)
     def __unicode__(self):
         return u"<%s('%s:%s')>" % (
             self.__class__.__name__,
             self.app_settings_name, self.app_settings_value
+        )
     @classmethod
     def get_by_name(cls, key):
         return cls.query()\
             .filter(cls.app_settings_name == key).scalar()
     @classmethod
     def get_by_name_or_create(cls, key):
         res = cls.get_by_name(key)
         if not res:
             res = cls(key)
         return res
     @classmethod
     def get_app_settings(cls, cache=False):
         ret = cls.query()
         if cache:
             ret = ret.options(FromCache("sql_cache_short", "get_hg_settings"))
         if not ret:
             raise Exception('Could not get application settings !')
         settings = {}
         for each in ret:
             settings['rhodecode_' + each.app_settings_name] = \
                 each.app_settings_value
         return settings
     @classmethod
     def get_ldap_settings(cls, cache=False):
         ret = cls.query()\
                 .filter(cls.app_settings_name.startswith('ldap_')).all()
         fd = {}
         for row in ret:
             fd.update({row.app_settings_name: row.app_settings_value})
         return fd
     @classmethod
     def get_default_repo_settings(cls, cache=False, strip_prefix=False):
         ret = cls.query()\
                 .filter(cls.app_settings_name.startswith('default_')).all()
         fd = {}
         for row in ret:
             key = row.app_settings_name
             if strip_prefix:
                 key = remove_prefix(key, prefix='default_')
             fd.update({key: row.app_settings_value})
         return fd
 class RhodeCodeUi(Base, BaseModel):
     __tablename__ = 'rhodecode_ui'
     __table_args__ = (
         UniqueConstraint('ui_key'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     HOOK_UPDATE = 'changegroup.update'
     HOOK_REPO_SIZE = 'changegroup.repo_size'
     HOOK_PUSH = 'changegroup.push_logger'
     HOOK_PRE_PUSH = 'prechangegroup.pre_push'
     HOOK_PULL = 'outgoing.pull_logger'
     HOOK_PRE_PULL = 'preoutgoing.pre_pull'
     ui_id = Column("ui_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     ui_section = Column("ui_section", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     ui_key = Column("ui_key", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     ui_value = Column("ui_value", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     ui_active = Column("ui_active", Boolean(), nullable=True, unique=None, default=True)
     @classmethod
     def get_by_key(cls, key):
         return cls.query().filter(cls.ui_key == key).scalar()
     @classmethod
     def get_builtin_hooks(cls):
         q = cls.query()
         q = q.filter(cls.ui_key.in_([cls.HOOK_UPDATE, cls.HOOK_REPO_SIZE,
                                      cls.HOOK_PUSH, cls.HOOK_PRE_PUSH,
                                      cls.HOOK_PULL, cls.HOOK_PRE_PULL]))
         return q.all()
     @classmethod
     def get_custom_hooks(cls):
         q = cls.query()
         q = q.filter(~cls.ui_key.in_([cls.HOOK_UPDATE, cls.HOOK_REPO_SIZE,
                                       cls.HOOK_PUSH, cls.HOOK_PRE_PUSH,
                                       cls.HOOK_PULL, cls.HOOK_PRE_PULL]))
         q = q.filter(cls.ui_section == 'hooks')
         return q.all()
     @classmethod
     def get_repos_location(cls):
         return cls.get_by_key('/').ui_value
     @classmethod
     def create_or_update_hook(cls, key, val):
         new_ui = cls.get_by_key(key) or cls()
         new_ui.ui_section = 'hooks'
         new_ui.ui_active = True
         new_ui.ui_key = key
         new_ui.ui_value = val
         Session().add(new_ui)
     def __repr__(self):
         return '<DB:%s[%s:%s]>' % (self.__class__.__name__, self.ui_key,
                                    self.ui_value)
 class User(Base, BaseModel):
     __tablename__ = 'users'
     __table_args__ = (
         UniqueConstraint('username'), UniqueConstraint('email'),
         Index('u_username_idx', 'username'),
         Index('u_email_idx', 'email'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     DEFAULT_USER = 'default'
     DEFAULT_PERMISSIONS = [
         'hg.register.manual_activate', 'hg.create.repository',
         'hg.fork.repository', 'repository.read', 'group.read'
+    ]
     user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     username = Column("username", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     password = Column("password", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     active = Column("active", Boolean(), nullable=True, unique=None, default=True)
     admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)
     name = Column("firstname", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     lastname = Column("lastname", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     _email = Column("email", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
     ldap_dn = Column("ldap_dn", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     api_key = Column("api_key", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     inherit_default_permissions = Column("inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
     user_log = relationship('UserLog')
     user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
     repositories = relationship('Repository')
     user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')
     followings = relationship('UserFollowing', primaryjoin='UserFollowing.user_id==User.user_id', cascade='all')
     repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')
     repo_group_to_perm = relationship('UserRepoGroupToPerm', primaryjoin='UserRepoGroupToPerm.user_id==User.user_id', cascade='all')
     group_member = relationship('UsersGroupMember', cascade='all')
     notifications = relationship('UserNotification', cascade='all')
     # notifications assigned to this user
     user_created_notifications = relationship('Notification', cascade='all')
     # comments created by this user
     user_comments = relationship('ChangesetComment', cascade='all')
     #extra emails for this user
     user_emails = relationship('UserEmailMap', cascade='all')
     @hybrid_property
     def email(self):
         return self._email
     @email.setter
     def email(self, val):
         self._email = val.lower() if val else None
     @property
     def firstname(self):
         # alias for future
         return self.name
     @property
     def emails(self):
         other = UserEmailMap.query().filter(UserEmailMap.user==self).all()
         return [self.email] + [x.email for x in other]
     @property
     def username_and_name(self):
         return '%s (%s %s)' % (self.username, self.firstname, self.lastname)
     @property
     def full_name(self):
         return '%s %s' % (self.firstname, self.lastname)
     @property
     def full_name_or_username(self):
         return ('%s %s' % (self.firstname, self.lastname)
                 if (self.firstname and self.lastname) else self.username)
     @property
     def full_contact(self):
         return '%s %s <%s>' % (self.firstname, self.lastname, self.email)
     @property
     def short_contact(self):
         return '%s %s' % (self.firstname, self.lastname)
     @property
     def is_admin(self):
         return self.admin
     def __unicode__(self):
         return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
                                      self.user_id, self.username)
     @classmethod
     def get_by_username(cls, username, case_insensitive=False, cache=False):
         if case_insensitive:
             q = cls.query().filter(cls.username.ilike(username))
         else:
             q = cls.query().filter(cls.username == username)
         if cache:
             q = q.options(FromCache(
                             "sql_cache_short",
                             "get_user_%s" % _hash_key(username)
+                          )
+            )
         return q.scalar()
     @classmethod
     def get_by_api_key(cls, api_key, cache=False):
         q = cls.query().filter(cls.api_key == api_key)
         if cache:
             q = q.options(FromCache("sql_cache_short",
                                     "get_api_key_%s" % api_key))
         return q.scalar()
     @classmethod
     def get_by_email(cls, email, case_insensitive=False, cache=False):
         if case_insensitive:
             q = cls.query().filter(cls.email.ilike(email))
         else:
             q = cls.query().filter(cls.email == email)
         if cache:
             q = q.options(FromCache("sql_cache_short",
                                     "get_email_key_%s" % email))
         ret = q.scalar()
         if ret is None:
             q = UserEmailMap.query()
             # try fetching in alternate email map
             if case_insensitive:
                 q = q.filter(UserEmailMap.email.ilike(email))
             else:
                 q = q.filter(UserEmailMap.email == email)
             q = q.options(joinedload(UserEmailMap.user))
             if cache:
                 q = q.options(FromCache("sql_cache_short",
                                         "get_email_map_key_%s" % email))
             ret = getattr(q.scalar(), 'user', None)
         return ret
     def update_lastlogin(self):
         """Update user lastlogin"""
         self.last_login = datetime.datetime.now()
         Session().add(self)
         log.debug('updated user %s lastlogin' % self.username)
     def get_api_data(self):
         """
         Common function for generating user related data for API
         """
         user = self
         data = dict(
             user_id=user.user_id,
             username=user.username,
             firstname=user.name,
             lastname=user.lastname,
             email=user.email,
             emails=user.emails,
             api_key=user.api_key,
             active=user.active,
             admin=user.admin,
             ldap_dn=user.ldap_dn,
             last_login=user.last_login,
+        )
         return data
     def __json__(self):
         data = dict(
             full_name=self.full_name,
             full_name_or_username=self.full_name_or_username,
             short_contact=self.short_contact,
             full_contact=self.full_contact
+        )
         data.update(self.get_api_data())
         return data
 class UserEmailMap(Base, BaseModel):
     __tablename__ = 'user_email_map'
     __table_args__ = (
         Index('uem_email_idx', 'email'),
         UniqueConstraint('email'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     __mapper_args__ = {}
     email_id = Column("email_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
     _email = Column("email", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=False, default=None)
     user = relationship('User', lazy='joined')
     @validates('_email')
     def validate_email(self, key, email):
         # check if this email is not main one
         main_email = Session().query(User).filter(User.email == email).scalar()
         if main_email is not None:
             raise AttributeError('email %s is present is user table' % email)
         return email
     @hybrid_property
     def email(self):
         return self._email
     @email.setter
     def email(self, val):
         self._email = val.lower() if val else None
 class UserIpMap(Base, BaseModel):
     __tablename__ = 'user_ip_map'
     __table_args__ = (
         UniqueConstraint('user_id', 'ip_addr'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     __mapper_args__ = {}
     ip_id = Column("ip_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
     ip_addr = Column("ip_addr", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=False, default=None)
     user = relationship('User', lazy='joined')
     @classmethod
     def _get_ip_range(cls, ip_addr):
         from rhodecode.lib import ipaddr
         net = ipaddr.IPv4Network(ip_addr)
         return [str(net.network), str(net.broadcast)]
     def __json__(self):
         return dict(
           ip_addr=self.ip_addr,
           ip_range=self._get_ip_range(self.ip_addr)
+        )
 class UserLog(Base, BaseModel):
     __tablename__ = 'user_logs'
     __table_args__ = (
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'},
+    )
     user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
     username = Column("username", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True)
     repository_name = Column("repository_name", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     user_ip = Column("user_ip", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     action = Column("action", UnicodeText(1200000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)
     @property
     def action_as_day(self):
         return datetime.date(*self.action_date.timetuple()[:3])
     user = relationship('User')
     repository = relationship('Repository', cascade='')
 class UsersGroup(Base, BaseModel):
     __tablename__ = 'users_groups'
     __table_args__ = (
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'},
+    )
     users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     users_group_name = Column("users_group_name", String(255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
     users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)
     inherit_default_permissions = Column("users_group_inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
     members = relationship('UsersGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
     users_group_to_perm = relationship('UsersGroupToPerm', cascade='all')
     users_group_repo_to_perm = relationship('UsersGroupRepoToPerm', cascade='all')
     def __unicode__(self):
         return u'<userGroup(%s)>' % (self.users_group_name)
     @classmethod
     def get_by_group_name(cls, group_name, cache=False,
                           case_insensitive=False):
         if case_insensitive:
             q = cls.query().filter(cls.users_group_name.ilike(group_name))
         else:
             q = cls.query().filter(cls.users_group_name == group_name)
         if cache:
             q = q.options(FromCache(
                             "sql_cache_short",
                             "get_user_%s" % _hash_key(group_name)
+                          )
+            )
         return q.scalar()
     @classmethod
     def get(cls, users_group_id, cache=False):
         users_group = cls.query()
         if cache:
             users_group = users_group.options(FromCache("sql_cache_short",
                                     "get_users_group_%s" % users_group_id))
         return users_group.get(users_group_id)
     def get_api_data(self):
         users_group = self
         data = dict(
             users_group_id=users_group.users_group_id,
             group_name=users_group.users_group_name,
             active=users_group.users_group_active,
+        )
         return data
 class UsersGroupMember(Base, BaseModel):
     __tablename__ = 'users_groups_members'
     __table_args__ = (
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'},
+    )
     users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
     user = relationship('User', lazy='joined')
     users_group = relationship('UsersGroup')
     def __init__(self, gr_id='', u_id=''):
         self.users_group_id = gr_id
         self.user_id = u_id
 class Repository(Base, BaseModel):
     __tablename__ = 'repositories'
     __table_args__ = (
         UniqueConstraint('repo_name'),
         Index('r_repo_name_idx', 'repo_name'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'},
+    )
     repo_id = Column("repo_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     repo_name = Column("repo_name", String(255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
     clone_uri = Column("clone_uri", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=False, default=None)
     repo_type = Column("repo_type", String(255, convert_unicode=False, assert_unicode=None), nullable=False, unique=False, default=None)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
     private = Column("private", Boolean(), nullable=True, unique=None, default=None)
     enable_statistics = Column("statistics", Boolean(), nullable=True, unique=None, default=True)
     enable_downloads = Column("downloads", Boolean(), nullable=True, unique=None, default=True)
     description = Column("description", String(10000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     created_on = Column('created_on', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
     updated_on = Column('updated_on', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
     landing_rev = Column("landing_revision", String(255, convert_unicode=False, assert_unicode=None), nullable=False, unique=False, default=None)
     enable_locking = Column("enable_locking", Boolean(), nullable=False, unique=None, default=False)
     _locked = Column("locked", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=False, default=None)
     #changeset_cache = Column("changeset_cache", LargeBinary(), nullable=False) #JSON data
     fork_id = Column("fork_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=False, default=None)
     group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=False, default=None)
     user = relationship('User')
     fork = relationship('Repository', remote_side=repo_id)
     group = relationship('RepoGroup')
     repo_to_perm = relationship('UserRepoToPerm', cascade='all', order_by='UserRepoToPerm.repo_to_perm_id')
     users_group_to_perm = relationship('UsersGroupRepoToPerm', cascade='all')
     stats = relationship('Statistics', cascade='all', uselist=False)
     followers = relationship('UserFollowing',
                              primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id',
                              cascade='all')
     logs = relationship('UserLog')
     comments = relationship('ChangesetComment', cascade="all, delete, delete-orphan")
     pull_requests_org = relationship('PullRequest',
                     primaryjoin='PullRequest.org_repo_id==Repository.repo_id',
                     cascade="all, delete, delete-orphan")
     pull_requests_other = relationship('PullRequest',
                     primaryjoin='PullRequest.other_repo_id==Repository.repo_id',
                     cascade="all, delete, delete-orphan")
     def __unicode__(self):
         return u"<%s('%s:%s')>" % (self.__class__.__name__, self.repo_id,
                                    self.repo_name)
     @hybrid_property
     def locked(self):
         # always should return [user_id, timelocked]
         if self._locked:
             _lock_info = self._locked.split(':')
             return int(_lock_info[0]), _lock_info[1]
         return [None, None]
     @locked.setter
     def locked(self, val):
         if val and isinstance(val, (list, tuple)):
             self._locked = ':'.join(map(str, val))
         else:
             self._locked = None
     @classmethod
     def url_sep(cls):
         return URL_SEP
     @classmethod
     def get_by_repo_name(cls, repo_name):
         q = Session().query(cls).filter(cls.repo_name == repo_name)
         q = q.options(joinedload(Repository.fork))\
                 .options(joinedload(Repository.user))\
                 .options(joinedload(Repository.group))
         return q.scalar()
     @classmethod
     def get_by_full_path(cls, repo_full_path):
         repo_name = repo_full_path.split(cls.base_path(), 1)[-1]
         return cls.get_by_repo_name(repo_name.strip(URL_SEP))
     @classmethod
     def get_repo_forks(cls, repo_id):
         return cls.query().filter(Repository.fork_id == repo_id)
     @classmethod
     def base_path(cls):
         """
         Returns base path when all repos are stored
         :param cls:
         """
         q = Session().query(RhodeCodeUi)\
             .filter(RhodeCodeUi.ui_key == cls.url_sep())
         q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
         return q.one().ui_value
     @property
     def forks(self):
         """
         Return forks of this repo
         """
         return Repository.get_repo_forks(self.repo_id)
     @property
     def parent(self):
         """
         Returns fork parent
         """
         return self.fork
     @property
     def just_name(self):
         return self.repo_name.split(Repository.url_sep())[-1]
     @property
     def groups_with_parents(self):
         groups = []
         if self.group is None:
             return groups
         cur_gr = self.group
         groups.insert(0, cur_gr)
         while 1:
             gr = getattr(cur_gr, 'parent_group', None)
             cur_gr = cur_gr.parent_group
             if gr is None:
                 break
             groups.insert(0, gr)
         return groups
     @property
     def groups_and_repo(self):
         return self.groups_with_parents, self.just_name
     @LazyProperty
     def repo_path(self):
         """
         Returns base full path for that repository means where it actually
         exists on a filesystem
         """
         q = Session().query(RhodeCodeUi).filter(RhodeCodeUi.ui_key ==
                                               Repository.url_sep())
         q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
         return q.one().ui_value
     @property
     def repo_full_path(self):
         p = [self.repo_path]
         # we need to split the name by / since this is how we store the
         # names in the database, but that eventually needs to be converted
         # into a valid system path
         p += self.repo_name.split(Repository.url_sep())
         return os.path.join(*p)
     @property
     def cache_keys(self):
         """
         Returns associated cache keys for that repo
         """
         return CacheInvalidation.query()\
             .filter(CacheInvalidation.cache_args == self.repo_name)\
             .order_by(CacheInvalidation.cache_key)\
             .all()
     def get_new_name(self, repo_name):
         """
         returns new full repository name based on assigned group and new new
         :param group_name:
         """
         path_prefix = self.group.full_path_splitted if self.group else []
         return Repository.url_sep().join(path_prefix + [repo_name])
     @property
     def _ui(self):
         """
         Creates an db based ui object for this repository
         """
         from rhodecode.lib.utils import make_ui
         return make_ui('db', clear_session=False)
     @classmethod
     def inject_ui(cls, repo, extras={}):
         from rhodecode.lib.vcs.backends.hg import MercurialRepository
         from rhodecode.lib.vcs.backends.git import GitRepository
         required = (MercurialRepository, GitRepository)
         if not isinstance(repo, required):
             raise Exception('repo must be instance of %s' % required)
         # inject ui extra param to log this action via push logger
         for k, v in extras.items():
             repo._repo.ui.setconfig('rhodecode_extras', k, v)
     @classmethod
     def is_valid(cls, repo_name):
         """
         returns True if given repo name is a valid filesystem repository
         :param cls:
         :param repo_name:
         """
         from rhodecode.lib.utils import is_valid_repo
         return is_valid_repo(repo_name, cls.base_path())
     def get_api_data(self):
         """
         Common function for generating repo api data
         """
         repo = self
         data = dict(
             repo_id=repo.repo_id,
             repo_name=repo.repo_name,
             repo_type=repo.repo_type,
             clone_uri=repo.clone_uri,
             private=repo.private,
             created_on=repo.created_on,
             description=repo.description,
             landing_rev=repo.landing_rev,
             owner=repo.user.username,
             fork_of=repo.fork.repo_name if repo.fork else None,
             enable_statistics=repo.enable_statistics,
             enable_locking=repo.enable_locking,
             enable_downloads=repo.enable_downloads
+        )
         return data
     @classmethod
     def lock(cls, repo, user_id):
         repo.locked = [user_id, time.time()]
         Session().add(repo)
         Session().commit()
     @classmethod
     def unlock(cls, repo):
         repo.locked = None
         Session().add(repo)
         Session().commit()
     @property
     def last_db_change(self):
         return self.updated_on
     #==========================================================================
     # SCM PROPERTIES
     #==========================================================================
     def get_changeset(self, rev=None):
         return get_changeset_safe(self.scm_instance, rev)
     def get_landing_changeset(self):
         """
         Returns landing changeset, or if that doesn't exist returns the tip
         """
         cs = self.get_changeset(self.landing_rev) or self.get_changeset()
         return cs
     def update_last_change(self, last_change=None):
         if last_change is None:
             last_change = datetime.datetime.now()
         if self.updated_on is None or self.updated_on != last_change:
             log.debug('updated repo %s with new date %s' % (self, last_change))
             self.updated_on = last_change
             Session().add(self)
             Session().commit()
     @property
     def tip(self):
         return self.get_changeset('tip')
     @property
     def author(self):
         return self.tip.author
     @property
     def last_change(self):
         return self.scm_instance.last_change
     def get_comments(self, revisions=None):
         """
         Returns comments for this repository grouped by revisions
         :param revisions: filter query by revisions only
         """
         cmts = ChangesetComment.query()\
             .filter(ChangesetComment.repo == self)
         if revisions:
             cmts = cmts.filter(ChangesetComment.revision.in_(revisions))
         grouped = defaultdict(list)
         for cmt in cmts.all():
             grouped[cmt.revision].append(cmt)
         return grouped
     def statuses(self, revisions=None):
         """
         Returns statuses for this repository
         :param revisions: list of revisions to get statuses for
         :type revisions: list
         """
         statuses = ChangesetStatus.query()\
             .filter(ChangesetStatus.repo == self)\
             .filter(ChangesetStatus.version == 0)
         if revisions:
             statuses = statuses.filter(ChangesetStatus.revision.in_(revisions))
         grouped = {}
         #maybe we have open new pullrequest without a status ?
         stat = ChangesetStatus.STATUS_UNDER_REVIEW
         status_lbl = ChangesetStatus.get_status_lbl(stat)
         for pr in PullRequest.query().filter(PullRequest.org_repo == self).all():
             for rev in pr.revisions:
                 pr_id = pr.pull_request_id
                 pr_repo = pr.other_repo.repo_name
                 grouped[rev] = [stat, status_lbl, pr_id, pr_repo]
         for stat in statuses.all():
             pr_id = pr_repo = None
             if stat.pull_request:
                 pr_id = stat.pull_request.pull_request_id
                 pr_repo = stat.pull_request.other_repo.repo_name
             grouped[stat.revision] = [str(stat.status), stat.status_lbl,
                                       pr_id, pr_repo]
         return grouped
     #==========================================================================
     # SCM CACHE INSTANCE
     #==========================================================================
     @property
     def invalidate(self):
         return CacheInvalidation.invalidate(self.repo_name)
     def set_invalidate(self):
         """
         set a cache for invalidation for this instance
         """
         CacheInvalidation.set_invalidate(repo_name=self.repo_name)
     @LazyProperty
     def scm_instance(self):
         import rhodecode
         full_cache = str2bool(rhodecode.CONFIG.get('vcs_full_cache'))
         if full_cache:
             return self.scm_instance_cached()
         return self.__get_instance()
     def scm_instance_cached(self, cache_map=None):
         @cache_region('long_term')
         def _c(repo_name):
             return self.__get_instance()
         rn = self.repo_name
         log.debug('Getting cached instance of repo')
         if cache_map:
             # get using prefilled cache_map
             invalidate_repo = cache_map[self.repo_name]
             if invalidate_repo:
                 invalidate_repo = (None if invalidate_repo.cache_active
                                    else invalidate_repo)
         else:
             # get from invalidate
             invalidate_repo = self.invalidate
         if invalidate_repo is not None:
             region_invalidate(_c, None, rn)
             # update our cache
             CacheInvalidation.set_valid(invalidate_repo.cache_key)
         return _c(rn)
     def __get_instance(self):
         repo_full_path = self.repo_full_path
         try:
             alias = get_scm(repo_full_path)[0]
             log.debug('Creating instance of %s repository' % alias)
             backend = get_backend(alias)
         except VCSError:
             log.error(traceback.format_exc())
             log.error('Perhaps this repository is in db and not in '
                       'filesystem run rescan repositories with '
                       '"destroy old data " option from admin panel')
             return
         if alias == 'hg':
             repo = backend(safe_str(repo_full_path), create=False,
                            baseui=self._ui)
             # skip hidden web repository
             if repo._get_hidden():
                 return
         else:
             repo = backend(repo_full_path, create=False)
         return repo
 class RepoGroup(Base, BaseModel):
     __tablename__ = 'groups'
     __table_args__ = (
         UniqueConstraint('group_name', 'group_parent_id'),
         CheckConstraint('group_id != group_parent_id'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'},
+    )
     __mapper_args__ = {'order_by': 'group_name'}
     group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     group_name = Column("group_name", String(255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
     group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)
     group_description = Column("group_description", String(10000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     enable_locking = Column("enable_locking", Boolean(), nullable=False, unique=None, default=False)
     repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')
     users_group_to_perm = relationship('UsersGroupRepoGroupToPerm', cascade='all')
     parent_group = relationship('RepoGroup', remote_side=group_id)
     def __init__(self, group_name='', parent_group=None):
         self.group_name = group_name
         self.parent_group = parent_group
     def __unicode__(self):
         return u"<%s('%s:%s')>" % (self.__class__.__name__, self.group_id,
                                   self.group_name)
     @classmethod
     def groups_choices(cls, check_perms=False):
         from webhelpers.html import literal as _literal
         from rhodecode.model.scm import ScmModel
         groups = cls.query().all()
         if check_perms:
             #filter group user have access to, it's done
             #magically inside ScmModel based on current user
             groups = ScmModel().get_repos_groups(groups)
         repo_groups = [('', '')]
         sep = ' &raquo; '
         _name = lambda k: _literal(sep.join(k))
         repo_groups.extend([(x.group_id, _name(x.full_path_splitted))
                               for x in groups])
         repo_groups = sorted(repo_groups, key=lambda t: t[1].split(sep)[0])
         return repo_groups
     @classmethod
     def url_sep(cls):
         return URL_SEP
     @classmethod
     def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):
         if case_insensitive:
             gr = cls.query()\
                 .filter(cls.group_name.ilike(group_name))
         else:
             gr = cls.query()\
                 .filter(cls.group_name == group_name)
         if cache:
             gr = gr.options(FromCache(
                             "sql_cache_short",
                             "get_group_%s" % _hash_key(group_name)
+                            )
+            )
         return gr.scalar()
     @property
     def parents(self):
         parents_recursion_limit = 5
         groups = []
         if self.parent_group is None:
             return groups
         cur_gr = self.parent_group
         groups.insert(0, cur_gr)
         cnt = 0
         while 1:
             cnt += 1
             gr = getattr(cur_gr, 'parent_group', None)
             cur_gr = cur_gr.parent_group
             if gr is None:
                 break
             if cnt == parents_recursion_limit:
                 # this will prevent accidental infinit loops
                 log.error('group nested more than %s' %
                           parents_recursion_limit)
                 break
             groups.insert(0, gr)
         return groups
     @property
     def children(self):
         return RepoGroup.query().filter(RepoGroup.parent_group == self)
     @property
     def name(self):
         return self.group_name.split(RepoGroup.url_sep())[-1]
     @property
     def full_path(self):
         return self.group_name
     @property
     def full_path_splitted(self):
         return self.group_name.split(RepoGroup.url_sep())
     @property
     def repositories(self):
         return Repository.query()\
                 .filter(Repository.group == self)\
                 .order_by(Repository.repo_name)
     @property
     def repositories_recursive_count(self):
         cnt = self.repositories.count()
         def children_count(group):
             cnt = 0
             for child in group.children:
                 cnt += child.repositories.count()
                 cnt += children_count(child)
             return cnt
         return cnt + children_count(self)
     def recursive_groups_and_repos(self):
         """
         Recursive return all groups, with repositories in those groups
         """
         all_ = []
         def _get_members(root_gr):
             for r in root_gr.repositories:
                 all_.append(r)
             childs = root_gr.children.all()
             if childs:
                 for gr in childs:
                     all_.append(gr)
                     _get_members(gr)
         _get_members(self)
         return [self] + all_
     def get_new_name(self, group_name):
         """
         returns new full group name based on parent and new name
         :param group_name:
         """
         path_prefix = (self.parent_group.full_path_splitted if
                        self.parent_group else [])
         return RepoGroup.url_sep().join(path_prefix + [group_name])
 class Permission(Base, BaseModel):
     __tablename__ = 'permissions'
     __table_args__ = (
         Index('p_perm_name_idx', 'permission_name'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'},
+    )
     PERMS = [
         ('repository.none', _('Repository no access')),
         ('repository.read', _('Repository read access')),
         ('repository.write', _('Repository write access')),
         ('repository.admin', _('Repository admin access')),
         ('group.none', _('Repositories Group no access')),
         ('group.read', _('Repositories Group read access')),
         ('group.write', _('Repositories Group write access')),
         ('group.admin', _('Repositories Group admin access')),
         ('hg.admin', _('RhodeCode Administrator')),
         ('hg.create.none', _('Repository creation disabled')),
         ('hg.create.repository', _('Repository creation enabled')),
         ('hg.fork.none', _('Repository forking disabled')),
         ('hg.fork.repository', _('Repository forking enabled')),
         ('hg.register.none', _('Register disabled')),
         ('hg.register.manual_activate', _('Register new user with RhodeCode '
                                           'with manual activation')),
         ('hg.register.auto_activate', _('Register new user with RhodeCode '
                                         'with auto activation')),
+    ]
     # defines which permissions are more important higher the more important
     PERM_WEIGHTS = {
         'repository.none': 0,
         'repository.read': 1,
         'repository.write': 3,
         'repository.admin': 4,
         'group.none': 0,
         'group.read': 1,
         'group.write': 3,
         'group.admin': 4,
         'hg.fork.none': 0,
         'hg.fork.repository': 1,
         'hg.create.none': 0,
         'hg.create.repository':1
+    }
     permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     permission_name = Column("permission_name", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     permission_longname = Column("permission_longname", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     def __unicode__(self):
         return u"<%s('%s:%s')>" % (
             self.__class__.__name__, self.permission_id, self.permission_name
+        )
     @classmethod
     def get_by_key(cls, key):
         return cls.query().filter(cls.permission_name == key).scalar()
     @classmethod
     def get_default_perms(cls, default_user_id):
         q = Session().query(UserRepoToPerm, Repository, cls)\
          .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\
          .join((cls, UserRepoToPerm.permission_id == cls.permission_id))\
          .filter(UserRepoToPerm.user_id == default_user_id)
         return q.all()
     @classmethod
     def get_default_group_perms(cls, default_user_id):
         q = Session().query(UserRepoGroupToPerm, RepoGroup, cls)\
          .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
          .join((cls, UserRepoGroupToPerm.permission_id == cls.permission_id))\
          .filter(UserRepoGroupToPerm.user_id == default_user_id)
         return q.all()
 class UserRepoToPerm(Base, BaseModel):
     __tablename__ = 'repo_to_perm'
     __table_args__ = (
         UniqueConstraint('user_id', 'repository_id', 'permission_id'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
     permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
     repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
     user = relationship('User')
     repository = relationship('Repository')
     permission = relationship('Permission')
     @classmethod
     def create(cls, user, repository, permission):
         n = cls()
         n.user = user
         n.repository = repository
         n.permission = permission
         Session().add(n)
         return n
     def __unicode__(self):
         return u'<user:%s => %s >' % (self.user, self.repository)
 class UserToPerm(Base, BaseModel):
     __tablename__ = 'user_to_perm'
     __table_args__ = (
         UniqueConstraint('user_id', 'permission_id'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
     permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
     user = relationship('User')
     permission = relationship('Permission', lazy='joined')
 class UsersGroupRepoToPerm(Base, BaseModel):
     __tablename__ = 'users_group_repo_to_perm'
     __table_args__ = (
         UniqueConstraint('repository_id', 'users_group_id', 'permission_id'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
     permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
     repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
     users_group = relationship('UsersGroup')
     permission = relationship('Permission')
     repository = relationship('Repository')
     @classmethod
     def create(cls, users_group, repository, permission):
         n = cls()
         n.users_group = users_group
         n.repository = repository
         n.permission = permission
         Session().add(n)
         return n
     def __unicode__(self):
         return u'<userGroup:%s => %s >' % (self.users_group, self.repository)
 class UsersGroupToPerm(Base, BaseModel):
     __tablename__ = 'users_group_to_perm'
     __table_args__ = (
         UniqueConstraint('users_group_id', 'permission_id',),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
     permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
     users_group = relationship('UsersGroup')
     permission = relationship('Permission')
 class UserRepoGroupToPerm(Base, BaseModel):
     __tablename__ = 'user_repo_group_to_perm'
     __table_args__ = (
         UniqueConstraint('user_id', 'group_id', 'permission_id'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
     group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
     permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
     user = relationship('User')
     group = relationship('RepoGroup')
     permission = relationship('Permission')
 class UsersGroupRepoGroupToPerm(Base, BaseModel):
     __tablename__ = 'users_group_repo_group_to_perm'
     __table_args__ = (
         UniqueConstraint('users_group_id', 'group_id'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     users_group_repo_group_to_perm_id = Column("users_group_repo_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
     group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
     permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
     users_group = relationship('UsersGroup')
     permission = relationship('Permission')
     group = relationship('RepoGroup')
 class Statistics(Base, BaseModel):
     __tablename__ = 'statistics'
     __table_args__ = (
          UniqueConstraint('repository_id'),
          {'extend_existing': True, 'mysql_engine': 'InnoDB',
           'mysql_charset': 'utf8'}
+    )
     stat_id = Column("stat_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=True, default=None)
     stat_on_revision = Column("stat_on_revision", Integer(), nullable=False)
     commit_activity = Column("commit_activity", LargeBinary(1000000), nullable=False)#JSON data
     commit_activity_combined = Column("commit_activity_combined", LargeBinary(), nullable=False)#JSON data
     languages = Column("languages", LargeBinary(1000000), nullable=False)#JSON data
     repository = relationship('Repository', single_parent=True)
 class UserFollowing(Base, BaseModel):
     __tablename__ = 'user_followings'
     __table_args__ = (
         UniqueConstraint('user_id', 'follows_repository_id'),
         UniqueConstraint('user_id', 'follows_user_id'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     user_following_id = Column("user_following_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
     follows_repo_id = Column("follows_repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=None, default=None)
     follows_user_id = Column("follows_user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
     follows_from = Column('follows_from', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
     user = relationship('User', primaryjoin='User.user_id==UserFollowing.user_id')
     follows_user = relationship('User', primaryjoin='User.user_id==UserFollowing.follows_user_id')
     follows_repository = relationship('Repository', order_by='Repository.repo_name')
     @classmethod
     def get_repo_followers(cls, repo_id):
         return cls.query().filter(cls.follows_repo_id == repo_id)
 class CacheInvalidation(Base, BaseModel):
     __tablename__ = 'cache_invalidation'
     __table_args__ = (
         UniqueConstraint('cache_key'),
         Index('key_idx', 'cache_key'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'},
+    )
     cache_id = Column("cache_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     cache_key = Column("cache_key", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     cache_args = Column("cache_args", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     cache_active = Column("cache_active", Boolean(), nullable=True, unique=None, default=False)
     def __init__(self, cache_key, cache_args=''):
         self.cache_key = cache_key
         self.cache_args = cache_args
         self.cache_active = False
     def __unicode__(self):
         return u"<%s('%s:%s')>" % (self.__class__.__name__,
                                   self.cache_id, self.cache_key)
     @property
     def prefix(self):
         _split = self.cache_key.split(self.cache_args, 1)
         if _split and len(_split) == 2:
             return _split[0]
         return ''
     @classmethod
     def clear_cache(cls):
         cls.query().delete()
     @classmethod
     def _get_key(cls, key):
         """
         Wrapper for generating a key, together with a prefix
         :param key:
         """
         import rhodecode
         prefix = ''
         org_key = key
         iid = rhodecode.CONFIG.get('instance_id')
         if iid:
             prefix = iid
         return "%s%s" % (prefix, key), prefix, org_key
     @classmethod
     def get_by_key(cls, key):
         return cls.query().filter(cls.cache_key == key).scalar()
     @classmethod
     def get_by_repo_name(cls, repo_name):
         return cls.query().filter(cls.cache_args == repo_name).all()
     @classmethod
     def _get_or_create_key(cls, key, repo_name, commit=True):
         inv_obj = Session().query(cls).filter(cls.cache_key == key).scalar()
         if not inv_obj:
             try:
                 inv_obj = CacheInvalidation(key, repo_name)
                 Session().add(inv_obj)
                 if commit:
                     Session().commit()
             except Exception:
                 log.error(traceback.format_exc())
                 Session().rollback()
         return inv_obj
     @classmethod
     def invalidate(cls, key):
         """
         Returns Invalidation object if this given key should be invalidated
         None otherwise. `cache_active = False` means that this cache
         state is not valid and needs to be invalidated
         :param key:
         """
         repo_name = key
         repo_name = remove_suffix(repo_name, '_README')
         repo_name = remove_suffix(repo_name, '_RSS')
         repo_name = remove_suffix(repo_name, '_ATOM')
         # adds instance prefix
         key, _prefix, _org_key = cls._get_key(key)
         inv = cls._get_or_create_key(key, repo_name)
         if inv and inv.cache_active is False:
             return inv
     @classmethod
     def set_invalidate(cls, key=None, repo_name=None):
         """
         Mark this Cache key for invalidation, either by key or whole
         cache sets based on repo_name
         :param key:
         """
         if key:
             key, _prefix, _org_key = cls._get_key(key)
             inv_objs = Session().query(cls).filter(cls.cache_key == key).all()
         elif repo_name:
             inv_objs = Session().query(cls).filter(cls.cache_args == repo_name).all()
         log.debug('marking %s key[s] for invalidation based on key=%s,repo_name=%s'
                   % (len(inv_objs), key, repo_name))
         try:
             for inv_obj in inv_objs:
                 inv_obj.cache_active = False
                 Session().add(inv_obj)
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             Session().rollback()
     @classmethod
     def set_valid(cls, key):
         """
         Mark this cache key as active and currently cached
         :param key:
         """
         inv_obj = cls.get_by_key(key)
         inv_obj.cache_active = True
         Session().add(inv_obj)
         Session().commit()
     @classmethod
     def get_cache_map(cls):
         class cachemapdict(dict):
             def __init__(self, *args, **kwargs):
                 fixkey = kwargs.get('fixkey')
                 if fixkey:
                     del kwargs['fixkey']
                 self.fixkey = fixkey
                 super(cachemapdict, self).__init__(*args, **kwargs)
             def __getattr__(self, name):
                 key = name
                 if self.fixkey:
                     key, _prefix, _org_key = cls._get_key(key)
                 if key in self.__dict__:
                     return self.__dict__[key]
                 else:
                     return self[key]
             def __getitem__(self, key):
                 if self.fixkey:
                     key, _prefix, _org_key = cls._get_key(key)
                 try:
                     return super(cachemapdict, self).__getitem__(key)
                 except KeyError:
                     return
         cache_map = cachemapdict(fixkey=True)
         for obj in cls.query().all():
             cache_map[obj.cache_key] = cachemapdict(obj.get_dict())
         return cache_map
 class ChangesetComment(Base, BaseModel):
     __tablename__ = 'changeset_comments'
     __table_args__ = (
         Index('cc_revision_idx', 'revision'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'},
+    )
     comment_id = Column('comment_id', Integer(), nullable=False, primary_key=True)
     repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
     revision = Column('revision', String(40), nullable=True)
     pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
     line_no = Column('line_no', Unicode(10), nullable=True)
     hl_lines = Column('hl_lines', Unicode(512), nullable=True)
     f_path = Column('f_path', Unicode(1000), nullable=True)
     user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)
     text = Column('text', UnicodeText(25000), nullable=False)
     created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
     modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
     author = relationship('User', lazy='joined')
     repo = relationship('Repository')
     status_change = relationship('ChangesetStatus', cascade="all, delete, delete-orphan")
     pull_request = relationship('PullRequest', lazy='joined')
     @classmethod
     def get_users(cls, revision=None, pull_request_id=None):
         """
         Returns user associated with this ChangesetComment. ie those
         who actually commented
         :param cls:
         :param revision:
         """
         q = Session().query(User)\
                 .join(ChangesetComment.author)
         if revision:
             q = q.filter(cls.revision == revision)
         elif pull_request_id:
             q = q.filter(cls.pull_request_id == pull_request_id)
         return q.all()
 class ChangesetStatus(Base, BaseModel):
     __tablename__ = 'changeset_statuses'
     __table_args__ = (
         Index('cs_revision_idx', 'revision'),
         Index('cs_version_idx', 'version'),
         UniqueConstraint('repo_id', 'revision', 'version'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     STATUS_NOT_REVIEWED = DEFAULT = 'not_reviewed'
     STATUS_APPROVED = 'approved'
     STATUS_REJECTED = 'rejected'
     STATUS_UNDER_REVIEW = 'under_review'
     STATUSES = [
         (STATUS_NOT_REVIEWED, _("Not Reviewed")),  # (no icon) and default
         (STATUS_APPROVED, _("Approved")),
         (STATUS_REJECTED, _("Rejected")),
         (STATUS_UNDER_REVIEW, _("Under Review")),
+    ]
     changeset_status_id = Column('changeset_status_id', Integer(), nullable=False, primary_key=True)
     repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None)
     revision = Column('revision', String(40), nullable=False)
     status = Column('status', String(128), nullable=False, default=DEFAULT)
     changeset_comment_id = Column('changeset_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'))
     modified_at = Column('modified_at', DateTime(), nullable=False, default=datetime.datetime.now)
     version = Column('version', Integer(), nullable=False, default=0)
     pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
     author = relationship('User', lazy='joined')
     repo = relationship('Repository')
     comment = relationship('ChangesetComment', lazy='joined')
     pull_request = relationship('PullRequest', lazy='joined')
     def __unicode__(self):
         return u"<%s('%s:%s')>" % (
             self.__class__.__name__,
             self.status, self.author
+        )
     @classmethod
     def get_status_lbl(cls, value):
         return dict(cls.STATUSES).get(value)
     @property
     def status_lbl(self):
         return ChangesetStatus.get_status_lbl(self.status)
 class PullRequest(Base, BaseModel):
     __tablename__ = 'pull_requests'
     __table_args__ = (
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'},
+    )
     STATUS_NEW = u'new'
     STATUS_OPEN = u'open'
     STATUS_CLOSED = u'closed'
     pull_request_id = Column('pull_request_id', Integer(), nullable=False, primary_key=True)
     title = Column('title', Unicode(256), nullable=True)
     description = Column('description', UnicodeText(10240), nullable=True)
     status = Column('status', Unicode(256), nullable=False, default=STATUS_NEW)
     created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
     updated_on = Column('updated_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None)
     _revisions = Column('revisions', UnicodeText(20500))  # 500 revisions max
     org_repo_id = Column('org_repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
     org_ref = Column('org_ref', Unicode(256), nullable=False)
     other_repo_id = Column('other_repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
     other_ref = Column('other_ref', Unicode(256), nullable=False)
     @hybrid_property
     def revisions(self):
         return self._revisions.split(':')
     @revisions.setter
     def revisions(self, val):
         self._revisions = ':'.join(val)
     author = relationship('User', lazy='joined')
     reviewers = relationship('PullRequestReviewers',
                              cascade="all, delete, delete-orphan")
     org_repo = relationship('Repository', primaryjoin='PullRequest.org_repo_id==Repository.repo_id')
     other_repo = relationship('Repository', primaryjoin='PullRequest.other_repo_id==Repository.repo_id')
     statuses = relationship('ChangesetStatus')
     comments = relationship('ChangesetComment',
                              cascade="all, delete, delete-orphan")
     def is_closed(self):
         return self.status == self.STATUS_CLOSED
     def __json__(self):
         return dict(
           revisions=self.revisions
+        )
 class PullRequestReviewers(Base, BaseModel):
     __tablename__ = 'pull_request_reviewers'
     __table_args__ = (
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'},
+    )
     def __init__(self, user=None, pull_request=None):
         self.user = user
         self.pull_request = pull_request
     pull_requests_reviewers_id = Column('pull_requests_reviewers_id', Integer(), nullable=False, primary_key=True)
     pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=False)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True)
     user = relationship('User')
     pull_request = relationship('PullRequest')
 class Notification(Base, BaseModel):
     __tablename__ = 'notifications'
     __table_args__ = (
         Index('notification_type_idx', 'type'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'},
+    )
     TYPE_CHANGESET_COMMENT = u'cs_comment'
     TYPE_MESSAGE = u'message'
     TYPE_MENTION = u'mention'
     TYPE_REGISTRATION = u'registration'
     TYPE_PULL_REQUEST = u'pull_request'
     TYPE_PULL_REQUEST_COMMENT = u'pull_request_comment'
     notification_id = Column('notification_id', Integer(), nullable=False, primary_key=True)
     subject = Column('subject', Unicode(512), nullable=True)
     body = Column('body', UnicodeText(50000), nullable=True)
     created_by = Column("created_by", Integer(), ForeignKey('users.user_id'), nullable=True)
     created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
     type_ = Column('type', Unicode(256))
     created_by_user = relationship('User')
     notifications_to_users = relationship('UserNotification', lazy='joined',
                                           cascade="all, delete, delete-orphan")
     @property
     def recipients(self):
         return [x.user for x in UserNotification.query()\
                 .filter(UserNotification.notification == self)\
                 .order_by(UserNotification.user_id.asc()).all()]
     @classmethod
     def create(cls, created_by, subject, body, recipients, type_=None):
         if type_ is None:
             type_ = Notification.TYPE_MESSAGE
         notification = cls()
         notification.created_by_user = created_by
         notification.subject = subject
         notification.body = body
         notification.type_ = type_
         notification.created_on = datetime.datetime.now()
         for u in recipients:
             assoc = UserNotification()
             assoc.notification = notification
             u.notifications.append(assoc)
         Session().add(notification)
         return notification
     @property
     def description(self):
         from rhodecode.model.notification import NotificationModel
         return NotificationModel().make_description(self)
 class UserNotification(Base, BaseModel):
     __tablename__ = 'user_to_notification'
     __table_args__ = (
         UniqueConstraint('user_id', 'notification_id'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), primary_key=True)
     notification_id = Column("notification_id", Integer(), ForeignKey('notifications.notification_id'), primary_key=True)
     read = Column('read', Boolean, default=False)
     sent_on = Column('sent_on', DateTime(timezone=False), nullable=True, unique=None)
     user = relationship('User', lazy="joined")
     notification = relationship('Notification', lazy="joined",
                                 order_by=lambda: Notification.created_on.desc(),)
     def mark_as_read(self):
         self.read = True
         Session().add(self)
 class DbMigrateVersion(Base, BaseModel):
     __tablename__ = 'db_migrate_version'
     __table_args__ = (
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'},
+    )
     repository_id = Column('repository_id', String(250), primary_key=True)
     repository_path = Column('repository_path', Text)
     version = Column('version', Integer)

rhodecode/model/forms.py

➞

Show inline comments

 """ this is forms validation classes
 http://formencode.org/module-formencode.validators.html
 for list off all availible validators
 we can create our own validators
 The table below outlines the options which can be used in a schema in addition to the validators themselves
 pre_validators          []     These validators will be applied before the schema
 chained_validators      []     These validators will be applied after the schema
 allow_extra_fields      False     If True, then it is not an error when keys that aren't associated with a validator are present
 filter_extra_fields     False     If True, then keys that aren't associated with a validator are removed
 if_key_missing          NoDefault If this is given, then any keys that aren't available but are expected will be replaced with this value (and then validated). This does not override a present .if_missing attribute on validators. NoDefault is a special FormEncode class to mean that no default values has been specified and therefore missing keys shouldn't take a default value.
 ignore_key_missing      False     If True, then missing keys will be missing in the result, if the validator doesn't have .if_missing on it already
 <name> = formencode.validators.<name of validator>
 <name> must equal form name
 list=[1,2,3,4,5]
 for SELECT use formencode.All(OneOf(list), Int())
 """
 import logging
 import formencode
 from formencode import All
 from pylons.i18n.translation import _
 from rhodecode.model import validators as v
 from rhodecode import BACKENDS
 log = logging.getLogger(__name__)
 class LoginForm(formencode.Schema):
     allow_extra_fields = True
     filter_extra_fields = True
     username = v.UnicodeString(
         strip=True,
         min=1,
         not_empty=True,
         messages={
            'empty': _(u'Please enter a login'),
            'tooShort': _(u'Enter a value %(min)i characters long or more')}
+    )
     password = v.UnicodeString(
         strip=False,
         min=3,
         not_empty=True,
         messages={
             'empty': _(u'Please enter a password'),
             'tooShort': _(u'Enter %(min)i characters or more')}
+    )
     remember = v.StringBoolean(if_missing=False)
     chained_validators = [v.ValidAuth()]
 def UserForm(edit=False, old_data={}):
     class _UserForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         username = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                        v.ValidUsername(edit, old_data))
         if edit:
             new_password = All(
                 v.ValidPassword(),
                 v.UnicodeString(strip=False, min=6, not_empty=False)
+            )
             password_confirmation = All(
                 v.ValidPassword(),
                 v.UnicodeString(strip=False, min=6, not_empty=False),
+            )
             admin = v.StringBoolean(if_missing=False)
         else:
             password = All(
                 v.ValidPassword(),
                 v.UnicodeString(strip=False, min=6, not_empty=True)
+            )
             password_confirmation = All(
                 v.ValidPassword(),
                 v.UnicodeString(strip=False, min=6, not_empty=False)
+            )
         active = v.StringBoolean(if_missing=False)
         firstname = v.UnicodeString(strip=True, min=1, not_empty=False)
         lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
         email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))
         chained_validators = [v.ValidPasswordsMatch()]
     return _UserForm
 def UsersGroupForm(edit=False, old_data={}, available_members=[]):
     class _UsersGroupForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         users_group_name = All(
             v.UnicodeString(strip=True, min=1, not_empty=True),
             v.ValidUsersGroup(edit, old_data)
+        )
         users_group_active = v.StringBoolean(if_missing=False)
         if edit:
             users_group_members = v.OneOf(
                 available_members, hideList=False, testValueList=True,
                 if_missing=None, not_empty=False
+            )
     return _UsersGroupForm
 def ReposGroupForm(edit=False, old_data={}, available_groups=[]):
     class _ReposGroupForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         group_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                                v.SlugifyName())
         group_description = v.UnicodeString(strip=True, min=1,
                                                 not_empty=True)
         group_parent_id = v.OneOf(available_groups, hideList=False,
                                         testValueList=True,
                                         if_missing=None, not_empty=False)
         enable_locking = v.StringBoolean(if_missing=False)
         recursive = v.StringBoolean(if_missing=False)
         chained_validators = [v.ValidReposGroup(edit, old_data),
                               v.ValidPerms('group')]
     return _ReposGroupForm
 def RegisterForm(edit=False, old_data={}):
     class _RegisterForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         username = All(
             v.ValidUsername(edit, old_data),
             v.UnicodeString(strip=True, min=1, not_empty=True)
+        )
         password = All(
             v.ValidPassword(),
             v.UnicodeString(strip=False, min=6, not_empty=True)
+        )
         password_confirmation = All(
             v.ValidPassword(),
             v.UnicodeString(strip=False, min=6, not_empty=True)
+        )
         active = v.StringBoolean(if_missing=False)
         firstname = v.UnicodeString(strip=True, min=1, not_empty=False)
         lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
         email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))
         chained_validators = [v.ValidPasswordsMatch()]
     return _RegisterForm
 def PasswordResetForm():
     class _PasswordResetForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         email = All(v.ValidSystemEmail(), v.Email(not_empty=True))
     return _PasswordResetForm
 def RepoForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),
              repo_groups=[], landing_revs=[]):
     class _RepoForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                         v.SlugifyName())
         repo_group = All(v.CanWriteGroup(),
                          v.OneOf(repo_groups, hideList=True))
         repo_type = v.OneOf(supported_backends)
         repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)
         repo_private = v.StringBoolean(if_missing=False)
         repo_landing_rev = v.OneOf(landing_revs, hideList=True)
         clone_uri = All(v.UnicodeString(strip=True, min=1, not_empty=False))
         repo_enable_statistics = v.StringBoolean(if_missing=False)
         repo_enable_downloads = v.StringBoolean(if_missing=False)
         repo_enable_locking = v.StringBoolean(if_missing=False)
         if edit:
             #this is repo owner
             user = All(v.UnicodeString(not_empty=True), v.ValidRepoUser())
         chained_validators = [v.ValidCloneUri(),
                               v.ValidRepoName(edit, old_data),
                               v.ValidPerms()]
     return _RepoForm
 def RepoSettingsForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),
                      repo_groups=[], landing_revs=[]):
     class _RepoForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                         v.SlugifyName())
         repo_group = All(v.CanWriteGroup(),
                          v.OneOf(repo_groups, hideList=True))
         repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)
         repo_private = v.StringBoolean(if_missing=False)
         repo_landing_rev = v.OneOf(landing_revs, hideList=True)
         clone_uri = All(v.UnicodeString(strip=True, min=1, not_empty=False))
         chained_validators = [v.ValidCloneUri(),
                               v.ValidRepoName(edit, old_data),
                               v.ValidPerms(),
                               v.ValidSettings()]
     return _RepoForm
 def RepoForkForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),
                  repo_groups=[], landing_revs=[]):
     class _RepoForkForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                         v.SlugifyName())
         repo_group = All(v.CanWriteGroup(),
                          v.OneOf(repo_groups, hideList=True))
         repo_type = All(v.ValidForkType(old_data), v.OneOf(supported_backends))
         description = v.UnicodeString(strip=True, min=1, not_empty=True)
         private = v.StringBoolean(if_missing=False)
         copy_permissions = v.StringBoolean(if_missing=False)
         update_after_clone = v.StringBoolean(if_missing=False)
         fork_parent_id = v.UnicodeString()
         chained_validators = [v.ValidForkName(edit, old_data)]
         landing_rev = v.OneOf(landing_revs, hideList=True)
     return _RepoForkForm
 def ApplicationSettingsForm():
     class _ApplicationSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         rhodecode_title = v.UnicodeString(strip=True, min=1, not_empty=True)
         rhodecode_realm = v.UnicodeString(strip=True, min=1, not_empty=True)
         rhodecode_ga_code = v.UnicodeString(strip=True, min=1, not_empty=False)
     return _ApplicationSettingsForm
 def ApplicationVisualisationForm():
     class _ApplicationVisualisationForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         rhodecode_show_public_icon = v.StringBoolean(if_missing=False)
         rhodecode_show_private_icon = v.StringBoolean(if_missing=False)
         rhodecode_stylify_metatags = v.StringBoolean(if_missing=False)
         rhodecode_lightweight_dashboard = v.StringBoolean(if_missing=False)
         rhodecode_lightweight_journal = v.StringBoolean(if_missing=False)
     return _ApplicationVisualisationForm
 def ApplicationUiSettingsForm():
     class _ApplicationUiSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         web_push_ssl = v.StringBoolean(if_missing=False)
         paths_root_path = All(
             v.ValidPath(),
             v.UnicodeString(strip=True, min=1, not_empty=True)
+        )
         hooks_changegroup_update = v.StringBoolean(if_missing=False)
         hooks_changegroup_repo_size = v.StringBoolean(if_missing=False)
         hooks_changegroup_push_logger = v.StringBoolean(if_missing=False)
         hooks_outgoing_pull_logger = v.StringBoolean(if_missing=False)
         extensions_largefiles = v.StringBoolean(if_missing=False)
         extensions_hgsubversion = v.StringBoolean(if_missing=False)
         extensions_hggit = v.StringBoolean(if_missing=False)
     return _ApplicationUiSettingsForm
 def DefaultPermissionsForm(repo_perms_choices, group_perms_choices,
                            register_choices, create_choices, fork_choices):
     class _DefaultPermissionsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         overwrite_default_repo = v.StringBoolean(if_missing=False)
         overwrite_default_group = v.StringBoolean(if_missing=False)
         anonymous = v.StringBoolean(if_missing=False)
         default_repo_perm = v.OneOf(repo_perms_choices)
         default_group_perm = v.OneOf(group_perms_choices)
         default_register = v.OneOf(register_choices)
         default_create = v.OneOf(create_choices)
         default_fork = v.OneOf(fork_choices)
     return _DefaultPermissionsForm
 def DefaultsForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()):
     class _DefaultsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         default_repo_type = v.OneOf(supported_backends)
         default_repo_private = v.StringBoolean(if_missing=False)
         default_repo_enable_statistics = v.StringBoolean(if_missing=False)
         default_repo_enable_downloads = v.StringBoolean(if_missing=False)
         default_repo_enable_locking = v.StringBoolean(if_missing=False)
     return _DefaultsForm
 def LdapSettingsForm(tls_reqcert_choices, search_scope_choices,
                      tls_kind_choices):
     class _LdapSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         #pre_validators = [LdapLibValidator]
         ldap_active = v.StringBoolean(if_missing=False)
         ldap_host = v.UnicodeString(strip=True,)
         ldap_port = v.Number(strip=True,)
         ldap_tls_kind = v.OneOf(tls_kind_choices)
         ldap_tls_reqcert = v.OneOf(tls_reqcert_choices)
         ldap_dn_user = v.UnicodeString(strip=True,)
         ldap_dn_pass = v.UnicodeString(strip=True,)
         ldap_base_dn = v.UnicodeString(strip=True,)
         ldap_filter = v.UnicodeString(strip=True,)
         ldap_search_scope = v.OneOf(search_scope_choices)
         ldap_attr_login = All(
             v.AttrLoginValidator(),
             v.UnicodeString(strip=True,)
+        )
         ldap_attr_firstname = v.UnicodeString(strip=True,)
         ldap_attr_lastname = v.UnicodeString(strip=True,)
         ldap_attr_email = v.UnicodeString(strip=True,)
     return _LdapSettingsForm
 def UserExtraEmailForm():
     class _UserExtraEmailForm(formencode.Schema):
         email = All(v.UniqSystemEmail(), v.Email)
         email = All(v.UniqSystemEmail(), v.Email(not_empty=True))
     return _UserExtraEmailForm
     return _UserExtraEmailForm
 def UserExtraIpForm():
     class _UserExtraIpForm(formencode.Schema):
         ip = v.ValidIp()(not_empty=True)
     return _UserExtraIpForm
 def PullRequestForm(repo_id):
     class _PullRequestForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         user = v.UnicodeString(strip=True, required=True)
         org_repo = v.UnicodeString(strip=True, required=True)
         org_ref = v.UnicodeString(strip=True, required=True)
         other_repo = v.UnicodeString(strip=True, required=True)
         other_ref = v.UnicodeString(strip=True, required=True)
         revisions = All(v.NotReviewedRevisions(repo_id)(), v.UniqueList(not_empty=True))
         review_members = v.UniqueList(not_empty=True)
         pullrequest_title = v.UnicodeString(strip=True, required=True, min=3)
         pullrequest_desc = v.UnicodeString(strip=True, required=False)
     return _PullRequestForm

rhodecode/model/user.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.model.user
     ~~~~~~~~~~~~~~~~~~~~
     users model for RhodeCode
     :created_on: Apr 9, 2010
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import traceback
 import itertools
 import collections
 import functools
 from pylons import url
 from pylons.i18n.translation import _
 from sqlalchemy.exc import DatabaseError
 from sqlalchemy.orm import joinedload
 from rhodecode.lib.utils2 import safe_unicode, generate_api_key
 from rhodecode.lib.caching_query import FromCache
 from rhodecode.model import BaseModel
 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \
     UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember, \
     Notification, RepoGroup, UserRepoGroupToPerm, UsersGroupRepoGroupToPerm, \
     UserEmailMap
+    UserEmailMap, UserIpMap
 from rhodecode.lib.exceptions import DefaultUserException, \
     UserOwnsReposException
 log = logging.getLogger(__name__)
 PERM_WEIGHTS = Permission.PERM_WEIGHTS
 class UserModel(BaseModel):
     cls = User
     def get(self, user_id, cache=False):
         user = self.sa.query(User)
         if cache:
             user = user.options(FromCache("sql_cache_short",
                                           "get_user_%s" % user_id))
         return user.get(user_id)
     def get_user(self, user):
         return self._get_user(user)
     def get_by_username(self, username, cache=False, case_insensitive=False):
         if case_insensitive:
             user = self.sa.query(User).filter(User.username.ilike(username))
         else:
             user = self.sa.query(User)\
                 .filter(User.username == username)
         if cache:
             user = user.options(FromCache("sql_cache_short",
                                           "get_user_%s" % username))
         return user.scalar()
     def get_by_email(self, email, cache=False, case_insensitive=False):
         return User.get_by_email(email, case_insensitive, cache)
     def get_by_api_key(self, api_key, cache=False):
         return User.get_by_api_key(api_key, cache)
     def create(self, form_data):
         from rhodecode.lib.auth import get_crypt_password
         try:
             new_user = User()
             for k, v in form_data.items():
                 if k == 'password':
                     v = get_crypt_password(v)
                 if k == 'firstname':
                     k = 'name'
                 setattr(new_user, k, v)
             new_user.api_key = generate_api_key(form_data['username'])
             self.sa.add(new_user)
             return new_user
         except:
             log.error(traceback.format_exc())
             raise
     def create_or_update(self, username, password, email, firstname='',
                          lastname='', active=True, admin=False, ldap_dn=None):
         """
         Creates a new instance if not found, or updates current one
         :param username:
         :param password:
         :param email:
         :param active:
         :param firstname:
         :param lastname:
         :param active:
         :param admin:
         :param ldap_dn:
         """
         from rhodecode.lib.auth import get_crypt_password
         log.debug('Checking for %s account in RhodeCode database' % username)
         user = User.get_by_username(username, case_insensitive=True)
         if user is None:
             log.debug('creating new user %s' % username)
             new_user = User()
             edit = False
         else:
             log.debug('updating user %s' % username)
             new_user = user
             edit = True
         try:
             new_user.username = username
             new_user.admin = admin
             # set password only if creating an user or password is changed
             if edit is False or user.password != password:
                 new_user.password = get_crypt_password(password)
                 new_user.api_key = generate_api_key(username)
             new_user.email = email
             new_user.active = active
             new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
             new_user.name = firstname
             new_user.lastname = lastname
             self.sa.add(new_user)
             return new_user
         except (DatabaseError,):
             log.error(traceback.format_exc())
             raise
     def create_for_container_auth(self, username, attrs):
         """
         Creates the given user if it's not already in the database
         :param username:
         :param attrs:
         """
         if self.get_by_username(username, case_insensitive=True) is None:
             # autogenerate email for container account without one
             generate_email = lambda usr: '%s@container_auth.account' % usr
             try:
                 new_user = User()
                 new_user.username = username
                 new_user.password = None
                 new_user.api_key = generate_api_key(username)
                 new_user.email = attrs['email']
                 new_user.active = attrs.get('active', True)
                 new_user.name = attrs['name'] or generate_email(username)
                 new_user.lastname = attrs['lastname']
                 self.sa.add(new_user)
                 return new_user
             except (DatabaseError,):
                 log.error(traceback.format_exc())
                 self.sa.rollback()
                 raise
         log.debug('User %s already exists. Skipping creation of account'
                   ' for container auth.', username)
         return None
     def create_ldap(self, username, password, user_dn, attrs):
         """
         Checks if user is in database, if not creates this user marked
         as ldap user
         :param username:
         :param password:
         :param user_dn:
         :param attrs:
         """
         from rhodecode.lib.auth import get_crypt_password
         log.debug('Checking for such ldap account in RhodeCode database')
         if self.get_by_username(username, case_insensitive=True) is None:
             # autogenerate email for ldap account without one
             generate_email = lambda usr: '%s@ldap.account' % usr
             try:
                 new_user = User()
                 username = username.lower()
                 # add ldap account always lowercase
                 new_user.username = username
                 new_user.password = get_crypt_password(password)
                 new_user.api_key = generate_api_key(username)
                 new_user.email = attrs['email'] or generate_email(username)
                 new_user.active = attrs.get('active', True)
                 new_user.ldap_dn = safe_unicode(user_dn)
                 new_user.name = attrs['name']
                 new_user.lastname = attrs['lastname']
                 self.sa.add(new_user)
                 return new_user
             except (DatabaseError,):
                 log.error(traceback.format_exc())
                 self.sa.rollback()
                 raise
         log.debug('this %s user exists skipping creation of ldap account',
                   username)
         return None
     def create_registration(self, form_data):
         from rhodecode.model.notification import NotificationModel
         try:
             form_data['admin'] = False
             new_user = self.create(form_data)
             self.sa.add(new_user)
             self.sa.flush()
             # notification to admins
             subject = _('new user registration')
             body = ('New user registration\n'
                     '---------------------\n'
                     '- Username: %s\n'
                     '- Full Name: %s\n'
                     '- Email: %s\n')
             body = body % (new_user.username, new_user.full_name,
                            new_user.email)
             edit_url = url('edit_user', id=new_user.user_id, qualified=True)
             kw = {'registered_user_url': edit_url}
             NotificationModel().create(created_by=new_user, subject=subject,
                                        body=body, recipients=None,
                                        type_=Notification.TYPE_REGISTRATION,
                                        email_kwargs=kw)
         except:
             log.error(traceback.format_exc())
             raise
     def update(self, user_id, form_data, skip_attrs=[]):
         from rhodecode.lib.auth import get_crypt_password
         try:
             user = self.get(user_id, cache=False)
             if user.username == 'default':
                 raise DefaultUserException(
                                 _("You can't Edit this user since it's"
                                   " crucial for entire application"))
             for k, v in form_data.items():
                 if k in skip_attrs:
                     continue
                 if k == 'new_password' and v:
                     user.password = get_crypt_password(v)
                     user.api_key = generate_api_key(user.username)
                 else:
                     if k == 'firstname':
                         k = 'name'
                     setattr(user, k, v)
             self.sa.add(user)
         except:
             log.error(traceback.format_exc())
             raise
     def update_user(self, user, **kwargs):
         from rhodecode.lib.auth import get_crypt_password
         try:
             user = self._get_user(user)
             if user.username == 'default':
                 raise DefaultUserException(
                     _("You can't Edit this user since it's"
                       " crucial for entire application")
+                )
             for k, v in kwargs.items():
                 if k == 'password' and v:
                     v = get_crypt_password(v)
                     user.api_key = generate_api_key(user.username)
                 setattr(user, k, v)
             self.sa.add(user)
             return user
         except:
             log.error(traceback.format_exc())
             raise
     def update_my_account(self, user_id, form_data):
         from rhodecode.lib.auth import get_crypt_password
         try:
             user = self.get(user_id, cache=False)
             if user.username == 'default':
                 raise DefaultUserException(
                     _("You can't Edit this user since it's"
                       " crucial for entire application")
+                )
             for k, v in form_data.items():
                 if k == 'new_password' and v:
                     user.password = get_crypt_password(v)
                     user.api_key = generate_api_key(user.username)
                 else:
                     if k == 'firstname':
                         k = 'name'
                     if k not in ['admin', 'active']:
                         setattr(user, k, v)
             self.sa.add(user)
         except:
             log.error(traceback.format_exc())
             raise
     def delete(self, user):
         user = self._get_user(user)
         try:
             if user.username == 'default':
                 raise DefaultUserException(
                     _(u"You can't remove this user since it's"
                       " crucial for entire application")
+                )
             if user.repositories:
                 repos = [x.repo_name for x in user.repositories]
                 raise UserOwnsReposException(
                     _(u'user "%s" still owns %s repositories and cannot be '
                       'removed. Switch owners or remove those repositories. %s')
                     % (user.username, len(repos), ', '.join(repos))
+                )
             self.sa.delete(user)
         except:
             log.error(traceback.format_exc())
             raise
     def reset_password_link(self, data):
         from rhodecode.lib.celerylib import tasks, run_task
         run_task(tasks.send_password_link, data['email'])
     def reset_password(self, data):
         from rhodecode.lib.celerylib import tasks, run_task
         run_task(tasks.reset_user_password, data['email'])
     def fill_data(self, auth_user, user_id=None, api_key=None):
         """
         Fetches auth_user by user_id,or api_key if present.
         Fills auth_user attributes with those taken from database.
         Additionally set's is_authenitated if lookup fails
         present in database
         :param auth_user: instance of user to set attributes
         :param user_id: user id to fetch by
         :param api_key: api key to fetch by
         """
         if user_id is None and api_key is None:
             raise Exception('You need to pass user_id or api_key')
         try:
             if api_key:
                 dbuser = self.get_by_api_key(api_key)
             else:
                 dbuser = self.get(user_id)
             if dbuser is not None and dbuser.active:
                 log.debug('filling %s data' % dbuser)
                 for k, v in dbuser.get_dict().items():
                     setattr(auth_user, k, v)
             else:
                 return False
         except:
             log.error(traceback.format_exc())
             auth_user.is_authenticated = False
             return False
         return True
     def fill_perms(self, user, explicit=True, algo='higherwin'):
         """
         Fills user permission attribute with permissions taken from database
         works for permissions given for repositories, and for permissions that
         are granted to groups
         :param user: user instance to fill his perms
         :param explicit: In case there are permissions both for user and a group
             that user is part of, explicit flag will defiine if user will
             explicitly override permissions from group, if it's False it will
             make decision based on the algo
         :param algo: algorithm to decide what permission should be choose if
             it's multiple defined, eg user in two different groups. It also
             decides if explicit flag is turned off how to specify the permission
             for case when user is in a group + have defined separate permission
         """
         RK = 'repositories'
         GK = 'repositories_groups'
         GLOBAL = 'global'
         user.permissions[RK] = {}
         user.permissions[GK] = {}
         user.permissions[GLOBAL] = set()
         def _choose_perm(new_perm, cur_perm):
             new_perm_val = PERM_WEIGHTS[new_perm]
             cur_perm_val = PERM_WEIGHTS[cur_perm]
             if algo == 'higherwin':
                 if new_perm_val > cur_perm_val:
                     return new_perm
                 return cur_perm
             elif algo == 'lowerwin':
                 if new_perm_val < cur_perm_val:
                     return new_perm
                 return cur_perm
         #======================================================================
         # fetch default permissions
         #======================================================================
         default_user = User.get_by_username('default', cache=True)
         default_user_id = default_user.user_id
         default_repo_perms = Permission.get_default_perms(default_user_id)
         default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)
         if user.is_admin:
             #==================================================================
             # admin user have all default rights for repositories
             # and groups set to admin
             #==================================================================
             user.permissions[GLOBAL].add('hg.admin')
             # repositories
             for perm in default_repo_perms:
                 r_k = perm.UserRepoToPerm.repository.repo_name
                 p = 'repository.admin'
                 user.permissions[RK][r_k] = p
             # repositories groups
             for perm in default_repo_groups_perms:
                 rg_k = perm.UserRepoGroupToPerm.group.group_name
                 p = 'group.admin'
                 user.permissions[GK][rg_k] = p
             return user
         #==================================================================
         # SET DEFAULTS GLOBAL, REPOS, REPOS GROUPS
         #==================================================================
         uid = user.user_id
         # default global permissions taken fron the default user
         default_global_perms = self.sa.query(UserToPerm)\
             .filter(UserToPerm.user_id == default_user_id)
         for perm in default_global_perms:
             user.permissions[GLOBAL].add(perm.permission.permission_name)
         # defaults for repositories, taken from default user
         for perm in default_repo_perms:
             r_k = perm.UserRepoToPerm.repository.repo_name
             if perm.Repository.private and not (perm.Repository.user_id == uid):
                 # disable defaults for private repos,
                 p = 'repository.none'
             elif perm.Repository.user_id == uid:
                 # set admin if owner
                 p = 'repository.admin'
             else:
                 p = perm.Permission.permission_name
             user.permissions[RK][r_k] = p
         # defaults for repositories groups taken from default user permission
         # on given group
         for perm in default_repo_groups_perms:
             rg_k = perm.UserRepoGroupToPerm.group.group_name
             p = perm.Permission.permission_name
             user.permissions[GK][rg_k] = p
         #======================================================================
         # !! OVERRIDE GLOBALS !! with user permissions if any found
         #======================================================================
         # those can be configured from groups or users explicitly
         _configurable = set(['hg.fork.none', 'hg.fork.repository',
                              'hg.create.none', 'hg.create.repository'])
         # USER GROUPS comes first
         # users group global permissions
         user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\
             .options(joinedload(UsersGroupToPerm.permission))\
             .join((UsersGroupMember, UsersGroupToPerm.users_group_id ==
                    UsersGroupMember.users_group_id))\
             .filter(UsersGroupMember.user_id == uid)\
             .order_by(UsersGroupToPerm.users_group_id)\
             .all()
         #need to group here by groups since user can be in more than one group
         _grouped = [[x, list(y)] for x, y in
                     itertools.groupby(user_perms_from_users_groups,
                                       lambda x:x.users_group)]
         for gr, perms in _grouped:
             # since user can be in multiple groups iterate over them and
             # select the lowest permissions first (more explicit)
             ##TODO: do this^^
             if not gr.inherit_default_permissions:
                 # NEED TO IGNORE all configurable permissions and
                 # replace them with explicitly set
                 user.permissions[GLOBAL] = user.permissions[GLOBAL]\
                                                 .difference(_configurable)
             for perm in perms:
                 user.permissions[GLOBAL].add(perm.permission.permission_name)
         # user specific global permissions
         user_perms = self.sa.query(UserToPerm)\
                 .options(joinedload(UserToPerm.permission))\
                 .filter(UserToPerm.user_id == uid).all()
         if not user.inherit_default_permissions:
             # NEED TO IGNORE all configurable permissions and
             # replace them with explicitly set
             user.permissions[GLOBAL] = user.permissions[GLOBAL]\
                                             .difference(_configurable)
             for perm in user_perms:
                 user.permissions[GLOBAL].add(perm.permission.permission_name)
         #======================================================================
         # !! PERMISSIONS FOR REPOSITORIES !!
         #======================================================================
         #======================================================================
         # check if user is part of user groups for this repository and
         # fill in his permission from it. _choose_perm decides of which
         # permission should be selected based on selected method
         #======================================================================
         # users group for repositories permissions
         user_repo_perms_from_users_groups = \
          self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\
             .join((Repository, UsersGroupRepoToPerm.repository_id ==
                    Repository.repo_id))\
             .join((Permission, UsersGroupRepoToPerm.permission_id ==
                    Permission.permission_id))\
             .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id ==
                    UsersGroupMember.users_group_id))\
             .filter(UsersGroupMember.user_id == uid)\
             .all()
         multiple_counter = collections.defaultdict(int)
         for perm in user_repo_perms_from_users_groups:
             r_k = perm.UsersGroupRepoToPerm.repository.repo_name
             multiple_counter[r_k] += 1
             p = perm.Permission.permission_name
             cur_perm = user.permissions[RK][r_k]
             if perm.Repository.user_id == uid:
                 # set admin if owner
                 p = 'repository.admin'
             else:
                 if multiple_counter[r_k] > 1:
                     p = _choose_perm(p, cur_perm)
             user.permissions[RK][r_k] = p
         # user explicit permissions for repositories, overrides any specified
         # by the group permission
         user_repo_perms = \
          self.sa.query(UserRepoToPerm, Permission, Repository)\
             .join((Repository, UserRepoToPerm.repository_id ==
                    Repository.repo_id))\
             .join((Permission, UserRepoToPerm.permission_id ==
                    Permission.permission_id))\
             .filter(UserRepoToPerm.user_id == uid)\
             .all()
         for perm in user_repo_perms:
             r_k = perm.UserRepoToPerm.repository.repo_name
             cur_perm = user.permissions[RK][r_k]
             # set admin if owner
             if perm.Repository.user_id == uid:
                 p = 'repository.admin'
             else:
                 p = perm.Permission.permission_name
                 if not explicit:
                     p = _choose_perm(p, cur_perm)
             user.permissions[RK][r_k] = p
         #======================================================================
         # !! PERMISSIONS FOR REPOSITORIES GROUPS !!
         #======================================================================
         #======================================================================
         # check if user is part of user groups for this repository groups and
         # fill in his permission from it. _choose_perm decides of which
         # permission should be selected based on selected method
         #======================================================================
         # users group for repo groups permissions
         user_repo_group_perms_from_users_groups = \
          self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\
          .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\
          .join((Permission, UsersGroupRepoGroupToPerm.permission_id
                 == Permission.permission_id))\
          .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id
                 == UsersGroupMember.users_group_id))\
          .filter(UsersGroupMember.user_id == uid)\
          .all()
         multiple_counter = collections.defaultdict(int)
         for perm in user_repo_group_perms_from_users_groups:
             g_k = perm.UsersGroupRepoGroupToPerm.group.group_name
             multiple_counter[g_k] += 1
             p = perm.Permission.permission_name
             cur_perm = user.permissions[GK][g_k]
             if multiple_counter[g_k] > 1:
                 p = _choose_perm(p, cur_perm)
             user.permissions[GK][g_k] = p
         # user explicit permissions for repository groups
         user_repo_groups_perms = \
          self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\
          .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
          .join((Permission, UserRepoGroupToPerm.permission_id
                 == Permission.permission_id))\
          .filter(UserRepoGroupToPerm.user_id == uid)\
          .all()
         for perm in user_repo_groups_perms:
             rg_k = perm.UserRepoGroupToPerm.group.group_name
             p = perm.Permission.permission_name
             cur_perm = user.permissions[GK][rg_k]
             if not explicit:
                 p = _choose_perm(p, cur_perm)
             user.permissions[GK][rg_k] = p
         return user
     def has_perm(self, user, perm):
         perm = self._get_perm(perm)
         user = self._get_user(user)
         return UserToPerm.query().filter(UserToPerm.user == user)\
             .filter(UserToPerm.permission == perm).scalar() is not None
     def grant_perm(self, user, perm):
         """
         Grant user global permissions
         :param user:
         :param perm:
         """
         user = self._get_user(user)
         perm = self._get_perm(perm)
         # if this permission is already granted skip it
         _perm = UserToPerm.query()\
             .filter(UserToPerm.user == user)\
             .filter(UserToPerm.permission == perm)\
             .scalar()
         if _perm:
             return
         new = UserToPerm()
         new.user = user
         new.permission = perm
         self.sa.add(new)
     def revoke_perm(self, user, perm):
         """
         Revoke users global permissions
         :param user:
         :param perm:
         """
         user = self._get_user(user)
         perm = self._get_perm(perm)
         obj = UserToPerm.query()\
                 .filter(UserToPerm.user == user)\
                 .filter(UserToPerm.permission == perm)\
                 .scalar()
         if obj:
             self.sa.delete(obj)
     def add_extra_email(self, user, email):
         """
         Adds email address to UserEmailMap
         :param user:
         :param email:
         """
         from rhodecode.model import forms
         form = forms.UserExtraEmailForm()()
         data = form.to_python(dict(email=email))
         user = self._get_user(user)
         obj = UserEmailMap()
         obj.user = user
         obj.email = data['email']
         self.sa.add(obj)
         return obj
     def delete_extra_email(self, user, email_id):
         """
         Removes email address from UserEmailMap
         :param user:
         :param email_id:
         """
         user = self._get_user(user)
         obj = UserEmailMap.query().get(email_id)
         if obj:
             self.sa.delete(obj)
     def add_extra_ip(self, user, ip):
         """
         Adds ip address to UserIpMap
         :param user:
         :param ip:
         """
         from rhodecode.model import forms
         form = forms.UserExtraIpForm()()
         data = form.to_python(dict(ip=ip))
         user = self._get_user(user)
         obj = UserIpMap()
         obj.user = user
         obj.ip_addr = data['ip']
         self.sa.add(obj)
         return obj
     def delete_extra_ip(self, user, ip_id):
         """
         Removes ip address from UserIpMap
         :param user:
         :param ip_id:
         """
         user = self._get_user(user)
         obj = UserIpMap.query().get(ip_id)
         if obj:
             self.sa.delete(obj)

rhodecode/model/validators.py

➞

Show inline comments

 """
 Set of generic validators
 """
 import os
 import re
 import formencode
 import logging
 from collections import defaultdict
 from pylons.i18n.translation import _
 from webhelpers.pylonslib.secure_form import authentication_token
 from formencode.validators import (
     UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set,
     NotEmpty
+    NotEmpty, IPAddress, CIDR
+)
 from rhodecode.lib.compat import OrderedSet
 from rhodecode.lib.utils import repo_name_slug
 from rhodecode.model.db import RepoGroup, Repository, UsersGroup, User,\
     ChangesetStatus
 from rhodecode.lib.exceptions import LdapImportError
 from rhodecode.config.routing import ADMIN_PREFIX
 from rhodecode.lib.auth import HasReposGroupPermissionAny
 # silence warnings and pylint
 UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \
     NotEmpty
+    NotEmpty, IPAddress, CIDR
 log = logging.getLogger(__name__)
 class UniqueList(formencode.FancyValidator):
     """
     Unique List !
     """
     messages = dict(
         empty=_('Value cannot be an empty list'),
         missing_value=_('Value cannot be an empty list'),
+    )
     def _to_python(self, value, state):
         if isinstance(value, list):
             return value
         elif isinstance(value, set):
             return list(value)
         elif isinstance(value, tuple):
             return list(value)
         elif value is None:
             return []
         else:
             return [value]
     def empty_value(self, value):
         return []
 class StateObj(object):
     """
     this is needed to translate the messages using _() in validators
     """
     _ = staticmethod(_)
 def M(self, key, state=None, **kwargs):
     """
     returns string from self.message based on given key,
     passed kw params are used to substitute %(named)s params inside
     translated strings
     :param msg:
     :param state:
     """
     if state is None:
         state = StateObj()
     else:
         state._ = staticmethod(_)
     #inject validator into state object
     return self.message(key, state, **kwargs)
 def ValidUsername(edit=False, old_data={}):
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'username_exists': _(u'Username "%(username)s" already exists'),
             'system_invalid_username':
                 _(u'Username "%(username)s" is forbidden'),
             'invalid_username':
                 _(u'Username may only contain alphanumeric characters '
                   'underscores, periods or dashes and must begin with '
                   'alphanumeric character')
+        }
         def validate_python(self, value, state):
             if value in ['default', 'new_user']:
                 msg = M(self, 'system_invalid_username', state, username=value)
                 raise formencode.Invalid(msg, value, state)
             #check if user is unique
             old_un = None
             if edit:
                 old_un = User.get(old_data.get('user_id')).username
             if old_un != value or not edit:
                 if User.get_by_username(value, case_insensitive=True):
                     msg = M(self, 'username_exists', state, username=value)
                     raise formencode.Invalid(msg, value, state)
             if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:
                 msg = M(self, 'invalid_username', state)
                 raise formencode.Invalid(msg, value, state)
     return _validator
 def ValidRepoUser():
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'invalid_username': _(u'Username %(username)s is not valid')
+        }
         def validate_python(self, value, state):
             try:
                 User.query().filter(User.active == True)\
                     .filter(User.username == value).one()
             except Exception:
                 msg = M(self, 'invalid_username', state, username=value)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(username=msg)
+                )
     return _validator
 def ValidUsersGroup(edit=False, old_data={}):
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'invalid_group': _(u'Invalid users group name'),
             'group_exist': _(u'Users group "%(usersgroup)s" already exists'),
             'invalid_usersgroup_name':
                 _(u'users group name may only contain  alphanumeric '
                   'characters underscores, periods or dashes and must begin '
                   'with alphanumeric character')
+        }
         def validate_python(self, value, state):
             if value in ['default']:
                 msg = M(self, 'invalid_group', state)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(users_group_name=msg)
+                )
             #check if group is unique
             old_ugname = None
             if edit:
                 old_id = old_data.get('users_group_id')
                 old_ugname = UsersGroup.get(old_id).users_group_name
             if old_ugname != value or not edit:
                 is_existing_group = UsersGroup.get_by_group_name(value,
                                                         case_insensitive=True)
                 if is_existing_group:
                     msg = M(self, 'group_exist', state, usersgroup=value)
                     raise formencode.Invalid(msg, value, state,
                         error_dict=dict(users_group_name=msg)
+                    )
             if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:
                 msg = M(self, 'invalid_usersgroup_name', state)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(users_group_name=msg)
+                )
     return _validator
 def ValidReposGroup(edit=False, old_data={}):
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'group_parent_id': _(u'Cannot assign this group as parent'),
             'group_exists': _(u'Group "%(group_name)s" already exists'),
             'repo_exists':
                 _(u'Repository with name "%(group_name)s" already exists')
+        }
         def validate_python(self, value, state):
             # TODO WRITE VALIDATIONS
             group_name = value.get('group_name')
             group_parent_id = value.get('group_parent_id')
             # slugify repo group just in case :)
             slug = repo_name_slug(group_name)
             # check for parent of self
             parent_of_self = lambda: (
                 old_data['group_id'] == int(group_parent_id)
                 if group_parent_id else False
+            )
             if edit and parent_of_self():
                 msg = M(self, 'group_parent_id', state)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(group_parent_id=msg)
+                )
             old_gname = None
             if edit:
                 old_gname = RepoGroup.get(old_data.get('group_id')).group_name
             if old_gname != group_name or not edit:
                 # check group
                 gr = RepoGroup.query()\
                       .filter(RepoGroup.group_name == slug)\
                       .filter(RepoGroup.group_parent_id == group_parent_id)\
                       .scalar()
                 if gr:
                     msg = M(self, 'group_exists', state, group_name=slug)
                     raise formencode.Invalid(msg, value, state,
                             error_dict=dict(group_name=msg)
+                    )
                 # check for same repo
                 repo = Repository.query()\
                       .filter(Repository.repo_name == slug)\
                       .scalar()
                 if repo:
                     msg = M(self, 'repo_exists', state, group_name=slug)
                     raise formencode.Invalid(msg, value, state,
                             error_dict=dict(group_name=msg)
+                    )
     return _validator
 def ValidPassword():
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'invalid_password':
                 _(u'Invalid characters (non-ascii) in password')
+        }
         def validate_python(self, value, state):
             try:
                 (value or '').decode('ascii')
             except UnicodeError:
                 msg = M(self, 'invalid_password', state)
                 raise formencode.Invalid(msg, value, state,)
     return _validator
 def ValidPasswordsMatch():
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'password_mismatch': _(u'Passwords do not match'),
+        }
         def validate_python(self, value, state):
             pass_val = value.get('password') or value.get('new_password')
             if pass_val != value['password_confirmation']:
                 msg = M(self, 'password_mismatch', state)
                 raise formencode.Invalid(msg, value, state,
                      error_dict=dict(password_confirmation=msg)
+                )
     return _validator
 def ValidAuth():
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'invalid_password': _(u'invalid password'),
             'invalid_username': _(u'invalid user name'),
             'disabled_account': _(u'Your account is disabled')
+        }
         def validate_python(self, value, state):
             from rhodecode.lib.auth import authenticate
             password = value['password']
             username = value['username']
             if not authenticate(username, password):
                 user = User.get_by_username(username)
                 if user and user.active is False:
                     log.warning('user %s is disabled' % username)
                     msg = M(self, 'disabled_account', state)
                     raise formencode.Invalid(msg, value, state,
                         error_dict=dict(username=msg)
+                    )
                 else:
                     log.warning('user %s failed to authenticate' % username)
                     msg = M(self, 'invalid_username', state)
                     msg2 = M(self, 'invalid_password', state)
                     raise formencode.Invalid(msg, value, state,
                         error_dict=dict(username=msg, password=msg2)
+                    )
     return _validator
 def ValidAuthToken():
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'invalid_token': _(u'Token mismatch')
+        }
         def validate_python(self, value, state):
             if value != authentication_token():
                 msg = M(self, 'invalid_token', state)
                 raise formencode.Invalid(msg, value, state)
     return _validator
 def ValidRepoName(edit=False, old_data={}):
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'invalid_repo_name':
                 _(u'Repository name %(repo)s is disallowed'),
             'repository_exists':
                 _(u'Repository named %(repo)s already exists'),
             'repository_in_group_exists': _(u'Repository "%(repo)s" already '
                                             'exists in group "%(group)s"'),
             'same_group_exists': _(u'Repositories group with name "%(repo)s" '
                                    'already exists')
+        }
         def _to_python(self, value, state):
             repo_name = repo_name_slug(value.get('repo_name', ''))
             repo_group = value.get('repo_group')
             if repo_group:
                 gr = RepoGroup.get(repo_group)
                 group_path = gr.full_path
                 group_name = gr.group_name
                 # value needs to be aware of group name in order to check
                 # db key This is an actual just the name to store in the
                 # database
                 repo_name_full = group_path + RepoGroup.url_sep() + repo_name
             else:
                 group_name = group_path = ''
                 repo_name_full = repo_name
             value['repo_name'] = repo_name
             value['repo_name_full'] = repo_name_full
             value['group_path'] = group_path
             value['group_name'] = group_name
             return value
         def validate_python(self, value, state):
             repo_name = value.get('repo_name')
             repo_name_full = value.get('repo_name_full')
             group_path = value.get('group_path')
             group_name = value.get('group_name')
             if repo_name in [ADMIN_PREFIX, '']:
                 msg = M(self, 'invalid_repo_name', state, repo=repo_name)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(repo_name=msg)
+                )
             rename = old_data.get('repo_name') != repo_name_full
             create = not edit
             if rename or create:
                 if group_path != '':
                     if Repository.get_by_repo_name(repo_name_full):
                         msg = M(self, 'repository_in_group_exists', state,
                                 repo=repo_name, group=group_name)
                         raise formencode.Invalid(msg, value, state,
                             error_dict=dict(repo_name=msg)
+                        )
                 elif RepoGroup.get_by_group_name(repo_name_full):
                         msg = M(self, 'same_group_exists', state,
                                 repo=repo_name)
                         raise formencode.Invalid(msg, value, state,
                             error_dict=dict(repo_name=msg)
+                        )
                 elif Repository.get_by_repo_name(repo_name_full):
                         msg = M(self, 'repository_exists', state,
                                 repo=repo_name)
                         raise formencode.Invalid(msg, value, state,
                             error_dict=dict(repo_name=msg)
+                        )
             return value
     return _validator
 def ValidForkName(*args, **kwargs):
     return ValidRepoName(*args, **kwargs)
 def SlugifyName():
     class _validator(formencode.validators.FancyValidator):
         def _to_python(self, value, state):
             return repo_name_slug(value)
         def validate_python(self, value, state):
             pass
     return _validator
 def ValidCloneUri():
     from rhodecode.lib.utils import make_ui
     def url_handler(repo_type, url, ui=None):
         if repo_type == 'hg':
             from rhodecode.lib.vcs.backends.hg.repository import MercurialRepository
             from mercurial.httppeer import httppeer
             if url.startswith('http'):
                 ## initially check if it's at least the proper URL
                 ## or does it pass basic auth
                 MercurialRepository._check_url(url)
                 httppeer(ui, url)._capabilities()
             elif url.startswith('svn+http'):
                 from hgsubversion.svnrepo import svnremoterepo
                 svnremoterepo(ui, url).capabilities
             elif url.startswith('git+http'):
                 raise NotImplementedError()
         elif repo_type == 'git':
             from rhodecode.lib.vcs.backends.git.repository import GitRepository
             if url.startswith('http'):
                 ## initially check if it's at least the proper URL
                 ## or does it pass basic auth
                 GitRepository._check_url(url)
             elif url.startswith('svn+http'):
                 raise NotImplementedError()
             elif url.startswith('hg+http'):
                 raise NotImplementedError()
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'clone_uri': _(u'invalid clone url'),
             'invalid_clone_uri': _(u'Invalid clone url, provide a '
                                     'valid clone http(s)/svn+http(s) url')
+        }
         def validate_python(self, value, state):
             repo_type = value.get('repo_type')
             url = value.get('clone_uri')
             if not url:
                 pass
             else:
                 try:
                     url_handler(repo_type, url, make_ui('db', clear_session=False))
                 except Exception:
                     log.exception('Url validation failed')
                     msg = M(self, 'clone_uri')
                     raise formencode.Invalid(msg, value, state,
                         error_dict=dict(clone_uri=msg)
+                    )
     return _validator
 def ValidForkType(old_data={}):
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'invalid_fork_type': _(u'Fork have to be the same type as parent')
+        }
         def validate_python(self, value, state):
             if old_data['repo_type'] != value:
                 msg = M(self, 'invalid_fork_type', state)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(repo_type=msg)
+                )
     return _validator
 def CanWriteGroup():
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'permission_denied': _(u"You don't have permissions "
                                    "to create repository in this group")
+        }
         def validate_python(self, value, state):
             gr = RepoGroup.get(value)
             if not HasReposGroupPermissionAny(
                 'group.write', 'group.admin'
             )(gr.group_name, 'get group of repo form'):
                 msg = M(self, 'permission_denied', state)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(repo_type=msg)
+                )
     return _validator
 def ValidPerms(type_='repo'):
     if type_ == 'group':
         EMPTY_PERM = 'group.none'
     elif type_ == 'repo':
         EMPTY_PERM = 'repository.none'
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'perm_new_member_name':
                 _(u'This username or users group name is not valid')
+        }
         def to_python(self, value, state):
             perms_update = OrderedSet()
             perms_new = OrderedSet()
             # build a list of permission to update and new permission to create
             #CLEAN OUT ORG VALUE FROM NEW MEMBERS, and group them using
             new_perms_group = defaultdict(dict)
             for k, v in value.copy().iteritems():
                 if k.startswith('perm_new_member'):
                     del value[k]
                     _type, part = k.split('perm_new_member_')
                     args = part.split('_')
                     if len(args) == 1:
                         new_perms_group[args[0]]['perm'] = v
                     elif len(args) == 2:
                         _key, pos = args
                         new_perms_group[pos][_key] = v
             # fill new permissions in order of how they were added
             for k in sorted(map(int, new_perms_group.keys())):
                 perm_dict = new_perms_group[str(k)]
                 new_member = perm_dict.get('name')
                 new_perm = perm_dict.get('perm')
                 new_type = perm_dict.get('type')
                 if new_member and new_perm and new_type:
                     perms_new.add((new_member, new_perm, new_type))
             for k, v in value.iteritems():
                 if k.startswith('u_perm_') or k.startswith('g_perm_'):
                     member = k[7:]
                     t = {'u': 'user',
                          'g': 'users_group'
                     }[k[0]]
                     if member == 'default':
                         if value.get('private'):
                             # set none for default when updating to
                             # private repo
                             v = EMPTY_PERM
                     perms_update.add((member, v, t))
             value['perms_updates'] = list(perms_update)
             value['perms_new'] = list(perms_new)
             # update permissions
             for k, v, t in perms_new:
                 try:
                     if t is 'user':
                         self.user_db = User.query()\
                             .filter(User.active == True)\
                             .filter(User.username == k).one()
                     if t is 'users_group':
                         self.user_db = UsersGroup.query()\
                             .filter(UsersGroup.users_group_active == True)\
                             .filter(UsersGroup.users_group_name == k).one()
                 except Exception:
                     log.exception('Updated permission failed')
                     msg = M(self, 'perm_new_member_type', state)
                     raise formencode.Invalid(msg, value, state,
                         error_dict=dict(perm_new_member_name=msg)
+                    )
             return value
     return _validator
 def ValidSettings():
     class _validator(formencode.validators.FancyValidator):
         def _to_python(self, value, state):
             # settings  form for users that are not admin
             # can't edit certain parameters, it's extra backup if they mangle
             # with forms
             forbidden_params = [
                 'user', 'repo_type', 'repo_enable_locking',
                 'repo_enable_downloads', 'repo_enable_statistics'
+            ]
             for param in forbidden_params:
                 if param in value:
                     del value[param]
             return value
         def validate_python(self, value, state):
             pass
     return _validator
 def ValidPath():
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'invalid_path': _(u'This is not a valid path')
+        }
         def validate_python(self, value, state):
             if not os.path.isdir(value):
                 msg = M(self, 'invalid_path', state)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(paths_root_path=msg)
+                )
     return _validator
 def UniqSystemEmail(old_data={}):
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'email_taken': _(u'This e-mail address is already taken')
+        }
         def _to_python(self, value, state):
             return value.lower()
         def validate_python(self, value, state):
             if (old_data.get('email') or '').lower() != value:
                 user = User.get_by_email(value, case_insensitive=True)
                 if user:
                     msg = M(self, 'email_taken', state)
                     raise formencode.Invalid(msg, value, state,
                         error_dict=dict(email=msg)
+                    )
     return _validator
 def ValidSystemEmail():
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'non_existing_email': _(u'e-mail "%(email)s" does not exist.')
+        }
         def _to_python(self, value, state):
             return value.lower()
         def validate_python(self, value, state):
             user = User.get_by_email(value, case_insensitive=True)
             if user is None:
                 msg = M(self, 'non_existing_email', state, email=value)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(email=msg)
+                )
     return _validator
 def LdapLibValidator():
     class _validator(formencode.validators.FancyValidator):
         messages = {
+        }
         def validate_python(self, value, state):
             try:
                 import ldap
                 ldap  # pyflakes silence !
             except ImportError:
                 raise LdapImportError()
     return _validator
 def AttrLoginValidator():
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'invalid_cn':
                   _(u'The LDAP Login attribute of the CN must be specified - '
                     'this is the name of the attribute that is equivalent '
                     'to "username"')
+        }
         def validate_python(self, value, state):
             if not value or not isinstance(value, (str, unicode)):
                 msg = M(self, 'invalid_cn', state)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(ldap_attr_login=msg)
+                )
     return _validator
 def NotReviewedRevisions(repo_id):
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'rev_already_reviewed':
                   _(u'Revisions %(revs)s are already part of pull request '
                     'or have set status')
+        }
         def validate_python(self, value, state):
             # check revisions if they are not reviewed, or a part of another
             # pull request
             statuses = ChangesetStatus.query()\
                 .filter(ChangesetStatus.revision.in_(value))\
                 .filter(ChangesetStatus.repo_id == repo_id)\
                 .all()
             errors = []
             for cs in statuses:
                 if cs.pull_request_id:
                     errors.append(['pull_req', cs.revision[:12]])
                 elif cs.status:
                     errors.append(['status', cs.revision[:12]])
             if errors:
                 revs = ','.join([x[1] for x in errors])
                 msg = M(self, 'rev_already_reviewed', state, revs=revs)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(revisions=revs)
+                )
     return _validator
 def ValidIp():
     class _validator(CIDR):
         messages = dict(
             badFormat=_('Please enter a valid IP address (a.b.c.d)'),
             illegalOctets=_('The octets must be within the range of 0-255'
                 ' (not %(octet)r)'),
             illegalBits=_('The network size (bits) must be within the range'
                 ' of 0-32 (not %(bits)r)'))
         def validate_python(self, value, state):
             try:
                 # Split into octets and bits
                 if '/' in value:  # a.b.c.d/e
                     addr, bits = value.split('/')
                 else:  # a.b.c.d
                     addr, bits = value, 32
                 # Use IPAddress validator to validate the IP part
                 IPAddress.validate_python(self, addr, state)
                 # Bits (netmask) correct?
                 if not 0 <= int(bits) <= 32:
                     raise formencode.Invalid(
                         self.message('illegalBits', state, bits=bits),
                         value, state)
             # Splitting faild: wrong syntax
             except ValueError:
                 raise formencode.Invalid(self.message('badFormat', state),
                                          value, state)
         def to_python(self, value, state):
             v = super(_validator, self).to_python(value, state)
             #if IP doesn't end with a mask, add /32
             if '/' not in value:
                 v += '/32'
             return v
     return _validator

rhodecode/public/css/style.css

➞

Show inline comments

 html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,center,dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td
+	{
 	border: 0;
 	outline: 0;
 	font-size: 100%;
 	vertical-align: baseline;
 	background: transparent;
 	margin: 0;
 	padding: 0;
+}
 body {
 	line-height: 1;
 	height: 100%;
 	background: url("../images/background.png") repeat scroll 0 0 #B0B0B0;
 	font-family: Lucida Grande, Verdana, Lucida Sans Regular,
 		Lucida Sans Unicode, Arial, sans-serif; font-size : 12px;
 	color: #000;
 	margin: 0;
 	padding: 0;
 	font-size: 12px;
+}
 ol,ul {
 	list-style: none;
+}
 blockquote,q {
 	quotes: none;
+}
 blockquote:before,blockquote:after,q:before,q:after {
 	content: none;
+}
 :focus {
 	outline: 0;
+}
 del {
 	text-decoration: line-through;
+}
 table {
 	border-collapse: collapse;
 	border-spacing: 0;
+}
 html {
 	height: 100%;
+}
 a {
 	color: #003367;
 	text-decoration: none;
 	cursor: pointer;
+}
 a:hover {
 	color: #316293;
 	text-decoration: underline;
+}
 h1,h2,h3,h4,h5,h6,
 div.h1,div.h2,div.h3,div.h4,div.h5,div.h6 {
 	color: #292929;
 	font-weight: 700;
+}
 h1,div.h1 {
 	font-size: 22px;
+}
 h2,div.h2 {
 	font-size: 20px;
+}
 h3,div.h3 {
 	font-size: 18px;
+}
 h4,div.h4 {
 	font-size: 16px;
+}
 h5,div.h5 {
 	font-size: 14px;
+}
 h6,div.h6 {
 	font-size: 11px;
+}
 ul.circle {
 	list-style-type: circle;
+}
 ul.disc {
 	list-style-type: disc;
+}
 ul.square {
 	list-style-type: square;
+}
 ol.lower-roman {
 	list-style-type: lower-roman;
+}
 ol.upper-roman {
 	list-style-type: upper-roman;
+}
 ol.lower-alpha {
 	list-style-type: lower-alpha;
+}
 ol.upper-alpha {
 	list-style-type: upper-alpha;
+}
 ol.decimal {
 	list-style-type: decimal;
+}
 div.color {
 	clear: both;
 	overflow: hidden;
 	position: absolute;
 	background: #FFF;
 	margin: 7px 0 0 60px;
 	padding: 1px 1px 1px 0;
+}
 div.color a {
 	width: 15px;
 	height: 15px;
 	display: block;
 	float: left;
 	margin: 0 0 0 1px;
 	padding: 0;
+}
 div.options {
 	clear: both;
 	overflow: hidden;
 	position: absolute;
 	background: #FFF;
 	margin: 7px 0 0 162px;
 	padding: 0;
+}
 div.options a {
 	height: 1%;
 	display: block;
 	text-decoration: none;
 	margin: 0;
 	padding: 3px 8px;
+}
 .top-left-rounded-corner {
 	-webkit-border-top-left-radius: 8px;
 	-khtml-border-radius-topleft: 8px;
 	-moz-border-radius-topleft: 8px;
 	border-top-left-radius: 8px;
+}
 .top-right-rounded-corner {
 	-webkit-border-top-right-radius: 8px;
 	-khtml-border-radius-topright: 8px;
 	-moz-border-radius-topright: 8px;
 	border-top-right-radius: 8px;
+}
 .bottom-left-rounded-corner {
 	-webkit-border-bottom-left-radius: 8px;
 	-khtml-border-radius-bottomleft: 8px;
 	-moz-border-radius-bottomleft: 8px;
 	border-bottom-left-radius: 8px;
+}
 .bottom-right-rounded-corner {
 	-webkit-border-bottom-right-radius: 8px;
 	-khtml-border-radius-bottomright: 8px;
 	-moz-border-radius-bottomright: 8px;
 	border-bottom-right-radius: 8px;
+}
 .top-left-rounded-corner-mid {
     -webkit-border-top-left-radius: 4px;
     -khtml-border-radius-topleft: 4px;
     -moz-border-radius-topleft: 4px;
     border-top-left-radius: 4px;
+}
 .top-right-rounded-corner-mid {
     -webkit-border-top-right-radius: 4px;
     -khtml-border-radius-topright: 4px;
     -moz-border-radius-topright: 4px;
     border-top-right-radius: 4px;
+}
 .bottom-left-rounded-corner-mid {
     -webkit-border-bottom-left-radius: 4px;
     -khtml-border-radius-bottomleft: 4px;
     -moz-border-radius-bottomleft: 4px;
     border-bottom-left-radius: 4px;
+}
 .bottom-right-rounded-corner-mid {
     -webkit-border-bottom-right-radius: 4px;
     -khtml-border-radius-bottomright: 4px;
     -moz-border-radius-bottomright: 4px;
     border-bottom-right-radius: 4px;
+}
 .help-block {
     color: #999999;
     display: block;
     margin-bottom: 0;
     margin-top: 5px;
+}
 .empty_data{
     color:#B9B9B9;
+}
 a.permalink{
 	visibility: hidden;
+}
 a.permalink:hover{
 	text-decoration: none;
+}
 h1:hover > a.permalink,
 h2:hover > a.permalink,
 h3:hover > a.permalink,
 h4:hover > a.permalink,
 h5:hover > a.permalink,
 h6:hover > a.permalink,
 div:hover > a.permalink {
     visibility: visible;
+}
 #header {
 	margin: 0;
 	padding: 0 10px;
+}
 #header ul#logged-user {
 	margin-bottom: 5px !important;
 	-webkit-border-radius: 0px 0px 8px 8px;
 	-khtml-border-radius: 0px 0px 8px 8px;
 	-moz-border-radius: 0px 0px 8px 8px;
 	border-radius: 0px 0px 8px 8px;
 	height: 37px;
     background-color: #003B76;
     background-repeat: repeat-x;
     background-image: -khtml-gradient(linear, left top, left bottom, from(#003B76), to(#00376E) );
     background-image: -moz-linear-gradient(top, #003b76, #00376e);
     background-image: -ms-linear-gradient(top, #003b76, #00376e);
     background-image: -webkit-gradient(linear, left top, left bottom, color-stop(0%, #003b76), color-stop(100%, #00376e) );
     background-image: -webkit-linear-gradient(top, #003b76, #00376e);
     background-image: -o-linear-gradient(top, #003b76, #00376e);
     background-image: linear-gradient(top, #003b76, #00376e);
     filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#003b76',endColorstr='#00376e', GradientType=0 );
 	box-shadow: 0 2px 2px rgba(0, 0, 0, 0.6);
+}
 #header ul#logged-user li {
 	list-style: none;
 	float: left;
 	margin: 8px 0 0;
 	padding: 4px 12px;
 	border-left: 1px solid #316293;
+}
 #header ul#logged-user li.first {
 	border-left: none;
 	margin: 4px;
+}
 #header ul#logged-user li.first div.gravatar {
 	margin-top: -2px;
+}
 #header ul#logged-user li.first div.account {
 	padding-top: 4px;
 	float: left;
+}
 #header ul#logged-user li.last {
 	border-right: none;
+}
 #header ul#logged-user li a {
 	color: #fff;
 	font-weight: 700;
 	text-decoration: none;
+}
 #header ul#logged-user li a:hover {
 	text-decoration: underline;
+}
 #header ul#logged-user li.highlight a {
 	color: #fff;
+}
 #header ul#logged-user li.highlight a:hover {
 	color: #FFF;
+}
 #header #header-inner {
 	min-height: 44px;
 	clear: both;
 	position: relative;
     background-color: #003B76;
     background-repeat: repeat-x;
     background-image: -khtml-gradient(linear, left top, left bottom, from(#003B76), to(#00376E) );
     background-image: -moz-linear-gradient(top, #003b76, #00376e);
     background-image: -ms-linear-gradient(top, #003b76, #00376e);
     background-image: -webkit-gradient(linear, left top, left bottom, color-stop(0%, #003b76),color-stop(100%, #00376e) );
     background-image: -webkit-linear-gradient(top, #003b76, #00376e);
     background-image: -o-linear-gradient(top, #003b76, #00376e);
     background-image: linear-gradient(top, #003b76, #00376e);
     filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#003b76',endColorstr='#00376e', GradientType=0 );
 	margin: 0;
 	padding: 0;
 	display: block;
 	box-shadow: 0 2px 2px rgba(0, 0, 0, 0.6);
 	-webkit-border-radius: 4px 4px 4px 4px;
 	-khtml-border-radius: 4px 4px 4px 4px;
 	-moz-border-radius: 4px 4px 4px 4px;
 	border-radius: 4px 4px 4px 4px;
+}
 #header #header-inner.hover{
 	position: fixed !important;
 	width: 100% !important;
 	margin-left: -10px !important;
 	z-index: 10000;
     -webkit-border-radius: 0px 0px 0px 0px;
     -khtml-border-radius: 0px 0px 0px 0px;
     -moz-border-radius: 0px 0px 0px 0px;
     border-radius: 0px 0px 0px 0px;
+}
 .ie7 #header #header-inner.hover,
 .ie8 #header #header-inner.hover,
 .ie9 #header #header-inner.hover
+{
     z-index: auto !important;
+}
 .header-pos-fix, .anchor{
 	margin-top: -46px;
 	padding-top: 46px;
+}
 #header #header-inner #home a {
 	height: 40px;
 	width: 46px;
 	display: block;
 	background: url("../images/button_home.png");
 	background-position: 0 0;
 	margin: 0;
 	padding: 0;
+}
 #header #header-inner #home a:hover {
 	background-position: 0 -40px;
+}
 #header #header-inner #logo {
 	float: left;
 	position: absolute;
+}
 #header #header-inner #logo h1 {
 	color: #FFF;
 	font-size: 20px;
 	margin: 12px 0 0 13px;
 	padding: 0;
+}
 #header #header-inner #logo a {
 	color: #fff;
 	text-decoration: none;
+}
 #header #header-inner #logo a:hover {
 	color: #bfe3ff;
+}
 #header #header-inner #quick,#header #header-inner #quick ul {
 	position: relative;
 	float: right;
 	list-style-type: none;
 	list-style-position: outside;
 	margin: 8px 8px 0 0;
 	padding: 0;
+}
 #header #header-inner #quick li {
 	position: relative;
 	float: left;
 	margin: 0 5px 0 0;
 	padding: 0;
+}
 #header #header-inner #quick li a.menu_link {
 	top: 0;
 	left: 0;
 	height: 1%;
 	display: block;
 	clear: both;
 	overflow: hidden;
 	color: #FFF;
 	font-weight: 700;
 	text-decoration: none;
 	background: #369;
 	padding: 0;
 	-webkit-border-radius: 4px 4px 4px 4px;
 	-khtml-border-radius: 4px 4px 4px 4px;
 	-moz-border-radius: 4px 4px 4px 4px;
 	border-radius: 4px 4px 4px 4px;
+}
 #header #header-inner #quick li span.short {
 	padding: 9px 6px 8px 6px;
+}
 #header #header-inner #quick li span {
 	top: 0;
 	right: 0;
 	height: 1%;
 	display: block;
 	float: left;
 	border-left: 1px solid #3f6f9f;
 	margin: 0;
 	padding: 10px 12px 8px 10px;
+}
 #header #header-inner #quick li span.normal {
 	border: none;
 	padding: 10px 12px 8px;
+}
 #header #header-inner #quick li span.icon {
 	top: 0;
 	left: 0;
 	border-left: none;
 	border-right: 1px solid #2e5c89;
 	padding: 8px 6px 4px;
+}
 #header #header-inner #quick li span.icon_short {
 	top: 0;
 	left: 0;
 	border-left: none;
 	border-right: 1px solid #2e5c89;
 	padding: 8px 6px 4px;
+}
 #header #header-inner #quick li span.icon img,#header #header-inner #quick li span.icon_short img
+	{
 	margin: 0px -2px 0px 0px;
+}
 #header #header-inner #quick li a:hover {
 	background: #4e4e4e no-repeat top left;
+}
 #header #header-inner #quick li a:hover span {
 	border-left: 1px solid #545454;
+}
 #header #header-inner #quick li a:hover span.icon,#header #header-inner #quick li a:hover span.icon_short
+	{
 	border-left: none;
 	border-right: 1px solid #464646;
+}
 #header #header-inner #quick ul {
 	top: 29px;
 	right: 0;
 	min-width: 200px;
 	display: none;
 	position: absolute;
 	background: #FFF;
 	border: 1px solid #666;
 	border-top: 1px solid #003367;
 	z-index: 100;
 	margin: 0px 0px 0px 0px;
 	padding: 0;
+}
 #header #header-inner #quick ul.repo_switcher {
 	max-height: 275px;
 	overflow-x: hidden;
 	overflow-y: auto;
+}
 #header #header-inner #quick ul.repo_switcher li.qfilter_rs {
 	float: none;
 	margin: 0;
 	border-bottom: 2px solid #003367;
+}
 #header #header-inner #quick .repo_switcher_type {
 	position: absolute;
 	left: 0;
 	top: 9px;
+}
 #header #header-inner #quick li ul li {
 	border-bottom: 1px solid #ddd;
+}
 #header #header-inner #quick li ul li a {
 	width: 182px;
 	height: auto;
 	display: block;
 	float: left;
 	background: #FFF;
 	color: #003367;
 	font-weight: 400;
 	margin: 0;
 	padding: 7px 9px;
+}
 #header #header-inner #quick li ul li a:hover {
 	color: #000;
 	background: #FFF;
+}
 #header #header-inner #quick ul ul {
 	top: auto;
+}
 #header #header-inner #quick li ul ul {
 	right: 200px;
 	max-height: 290px;
 	overflow: auto;
 	overflow-x: hidden;
 	white-space: normal;
+}
 #header #header-inner #quick li ul li a.journal,#header #header-inner #quick li ul li a.journal:hover
+	{
 	background: url("../images/icons/book.png") no-repeat scroll 4px 9px
 		#FFF;
 	width: 167px;
 	margin: 0;
 	padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.private_repo,#header #header-inner #quick li ul li a.private_repo:hover
+	{
 	background: url("../images/icons/lock.png") no-repeat scroll 4px 9px
 		#FFF;
 	min-width: 167px;
 	margin: 0;
 	padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.public_repo,#header #header-inner #quick li ul li a.public_repo:hover
+	{
 	background: url("../images/icons/lock_open.png") no-repeat scroll 4px
 px #FFF;
 	min-width: 167px;
 	margin: 0;
 	padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.hg,#header #header-inner #quick li ul li a.hg:hover
+	{
 	background: url("../images/icons/hgicon.png") no-repeat scroll 4px 9px
 		#FFF;
 	min-width: 167px;
 	margin: 0 0 0 14px;
 	padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.git,#header #header-inner #quick li ul li a.git:hover
+	{
 	background: url("../images/icons/giticon.png") no-repeat scroll 4px 9px
 		#FFF;
 	min-width: 167px;
 	margin: 0 0 0 14px;
 	padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.repos,#header #header-inner #quick li ul li a.repos:hover
+	{
 	background: url("../images/icons/database_edit.png") no-repeat scroll
 px 9px #FFF;
 	width: 167px;
 	margin: 0;
 	padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.repos_groups,#header #header-inner #quick li ul li a.repos_groups:hover
+	{
 	background: url("../images/icons/database_link.png") no-repeat scroll
 px 9px #FFF;
 	width: 167px;
 	margin: 0;
 	padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.users,#header #header-inner #quick li ul li a.users:hover
+	{
 	background: #FFF url("../images/icons/user_edit.png") no-repeat 4px 9px;
 	width: 167px;
 	margin: 0;
 	padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.groups,#header #header-inner #quick li ul li a.groups:hover
+	{
 	background: #FFF url("../images/icons/group_edit.png") no-repeat 4px 9px;
 	width: 167px;
 	margin: 0;
 	padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.defaults,#header #header-inner #quick li ul li a.defaults:hover
+    {
     background: #FFF url("../images/icons/wrench.png") no-repeat 4px 9px;
     width: 167px;
     margin: 0;
     padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.settings,#header #header-inner #quick li ul li a.settings:hover
+	{
 	background: #FFF url("../images/icons/cog.png") no-repeat 4px 9px;
 	width: 167px;
 	margin: 0;
 	padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.permissions,#header #header-inner #quick li ul li a.permissions:hover
+	{
 	background: #FFF url("../images/icons/key.png") no-repeat 4px 9px;
 	width: 167px;
 	margin: 0;
 	padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.ldap,#header #header-inner #quick li ul li a.ldap:hover
+	{
 	background: #FFF url("../images/icons/server_key.png") no-repeat 4px 9px;
 	width: 167px;
 	margin: 0;
 	padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.fork,#header #header-inner #quick li ul li a.fork:hover
+	{
 	background: #FFF url("../images/icons/arrow_divide.png") no-repeat 4px
 px;
 	width: 167px;
 	margin: 0;
 	padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.locking_add,#header #header-inner #quick li ul li a.locking_add:hover
+    {
     background: #FFF url("../images/icons/lock_add.png") no-repeat 4px
 px;
     width: 167px;
     margin: 0;
     padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.locking_del,#header #header-inner #quick li ul li a.locking_del:hover
+    {
     background: #FFF url("../images/icons/lock_delete.png") no-repeat 4px
 px;
     width: 167px;
     margin: 0;
     padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.pull_request,#header #header-inner #quick li ul li a.pull_request:hover
+    {
     background: #FFF url("../images/icons/arrow_join.png") no-repeat 4px
 px;
     width: 167px;
     margin: 0;
     padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.compare_request,#header #header-inner #quick li ul li a.compare_request:hover
+    {
     background: #FFF url("../images/icons/arrow_inout.png") no-repeat 4px
 px;
     width: 167px;
     margin: 0;
     padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.search,#header #header-inner #quick li ul li a.search:hover
+	{
 	background: #FFF url("../images/icons/search_16.png") no-repeat 4px 9px;
 	width: 167px;
 	margin: 0;
 	padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.delete,#header #header-inner #quick li ul li a.delete:hover
+	{
 	background: #FFF url("../images/icons/delete.png") no-repeat 4px 9px;
 	width: 167px;
 	margin: 0;
 	padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.branches,#header #header-inner #quick li ul li a.branches:hover
+	{
 	background: #FFF url("../images/icons/arrow_branch.png") no-repeat 4px
 px;
 	width: 167px;
 	margin: 0;
 	padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.tags,
 #header #header-inner #quick li ul li a.tags:hover{
 	background: #FFF url("../images/icons/tag_blue.png") no-repeat 4px 9px;
 	width: 167px;
 	margin: 0;
 	padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.bookmarks,
 #header #header-inner #quick li ul li a.bookmarks:hover{
     background: #FFF url("../images/icons/tag_green.png") no-repeat 4px 9px;
     width: 167px;
     margin: 0;
     padding: 12px 9px 7px 24px;
+}
 #header #header-inner #quick li ul li a.admin,
 #header #header-inner #quick li ul li a.admin:hover{
 	background: #FFF url("../images/icons/cog_edit.png") no-repeat 4px 9px;
 	width: 167px;
 	margin: 0;
 	padding: 12px 9px 7px 24px;
+}
 .groups_breadcrumbs a {
 	color: #fff;
+}
 .groups_breadcrumbs a:hover {
 	color: #bfe3ff;
 	text-decoration: none;
+}
 td.quick_repo_menu {
 	background: #FFF url("../images/vertical-indicator.png") 8px 50% no-repeat !important;
 	cursor: pointer;
 	width: 8px;
 	border: 1px solid transparent;
+}
 td.quick_repo_menu.active {
     background: url("../images/dt-arrow-dn.png") no-repeat scroll 5px 50% #FFFFFF !important;
     border: 1px solid #003367;
     box-shadow: 0 2px 4px rgba(0, 0, 0, 0.2);
     cursor: pointer;
+}
 td.quick_repo_menu .menu_items {
 	margin-top: 10px;
 	margin-left:-6px;
 	width: 150px;
 	position: absolute;
 	background-color: #FFF;
 	background: none repeat scroll 0 0 #FFFFFF;
 	border-color: #003367 #666666 #666666;
 	border-right: 1px solid #666666;
 	border-style: solid;
 	border-width: 1px;
 	box-shadow: 2px 8px 4px rgba(0, 0, 0, 0.2);
 	border-top-style: none;
+}
 td.quick_repo_menu .menu_items li {
 	padding: 0 !important;
+}
 td.quick_repo_menu .menu_items a {
 	display: block;
 	padding: 4px 12px 4px 8px;
+}
 td.quick_repo_menu .menu_items a:hover {
 	background-color: #EEE;
 	text-decoration: none;
+}
 td.quick_repo_menu .menu_items .icon img {
 	margin-bottom: -2px;
+}
 td.quick_repo_menu .menu_items.hidden {
 	display: none;
+}
 .yui-dt-first th {
 	text-align: left;
+}
 /*
 Copyright (c) 2011, Yahoo! Inc. All rights reserved.
 Code licensed under the BSD License:
 http://developer.yahoo.com/yui/license.html
 version: 2.9.0
 */
 .yui-skin-sam .yui-dt-mask {
     position: absolute;
     z-index: 9500;
+}
 .yui-dt-tmp {
     position: absolute;
     left: -9000px;
+}
 .yui-dt-scrollable .yui-dt-bd { overflow: auto }
 .yui-dt-scrollable .yui-dt-hd {
     overflow: hidden;
     position: relative;
+}
 .yui-dt-scrollable .yui-dt-bd thead tr,
 .yui-dt-scrollable .yui-dt-bd thead th {
     position: absolute;
     left: -1500px;
+}
 .yui-dt-scrollable tbody { -moz-outline: 0 }
 .yui-skin-sam thead .yui-dt-sortable { cursor: pointer }
 .yui-skin-sam thead .yui-dt-draggable { cursor: move }
 .yui-dt-coltarget {
     position: absolute;
     z-index: 999;
+}
 .yui-dt-hd { zoom: 1 }
 th.yui-dt-resizeable .yui-dt-resizerliner { position: relative }
 .yui-dt-resizer {
     position: absolute;
     right: 0;
     bottom: 0;
     height: 100%;
     cursor: e-resize;
     cursor: col-resize;
     background-color: #CCC;
     opacity: 0;
     filter: alpha(opacity=0);
+}
 .yui-dt-resizerproxy {
     visibility: hidden;
     position: absolute;
     z-index: 9000;
     background-color: #CCC;
     opacity: 0;
     filter: alpha(opacity=0);
+}
 th.yui-dt-hidden .yui-dt-liner,
 td.yui-dt-hidden .yui-dt-liner,
 th.yui-dt-hidden .yui-dt-resizer { display: none }
 .yui-dt-editor,
 .yui-dt-editor-shim {
     position: absolute;
     z-index: 9000;
+}
 .yui-skin-sam .yui-dt table {
     margin: 0;
     padding: 0;
     font-family: arial;
     font-size: inherit;
     border-collapse: separate;
     *border-collapse: collapse;
     border-spacing: 0;
     border: 1px solid #7f7f7f;
+}
 .yui-skin-sam .yui-dt thead { border-spacing: 0 }
 .yui-skin-sam .yui-dt caption {
     color: #000;
     font-size: 85%;
     font-weight: normal;
     font-style: italic;
     line-height: 1;
     padding: 1em 0;
     text-align: center;
+}
 .yui-skin-sam .yui-dt th { background: #d8d8da url(../images/sprite.png) repeat-x 0 0 }
 .yui-skin-sam .yui-dt th,
 .yui-skin-sam .yui-dt th a {
     font-weight: normal;
     text-decoration: none;
     color: #000;
     vertical-align: bottom;
+}
 .yui-skin-sam .yui-dt th {
     margin: 0;
     padding: 0;
     border: 0;
     border-right: 1px solid #cbcbcb;
+}
 .yui-skin-sam .yui-dt tr.yui-dt-first td { border-top: 1px solid #7f7f7f }
 .yui-skin-sam .yui-dt th .yui-dt-liner { white-space: nowrap }
 .yui-skin-sam .yui-dt-liner {
     margin: 0;
     padding: 0;
+}
 .yui-skin-sam .yui-dt-coltarget {
     width: 5px;
     background-color: red;
+}
 .yui-skin-sam .yui-dt td {
     margin: 0;
     padding: 0;
     border: 0;
     border-right: 1px solid #cbcbcb;
     text-align: left;
+}
 .yui-skin-sam .yui-dt-list td { border-right: 0 }
 .yui-skin-sam .yui-dt-resizer { width: 6px }
 .yui-skin-sam .yui-dt-mask {
     background-color: #000;
     opacity: .25;
     filter: alpha(opacity=25);
+}
 .yui-skin-sam .yui-dt-message { background-color: #FFF }
 .yui-skin-sam .yui-dt-scrollable table { border: 0 }
 .yui-skin-sam .yui-dt-scrollable .yui-dt-hd {
     border-left: 1px solid #7f7f7f;
     border-top: 1px solid #7f7f7f;
     border-right: 1px solid #7f7f7f;
+}
 .yui-skin-sam .yui-dt-scrollable .yui-dt-bd {
     border-left: 1px solid #7f7f7f;
     border-bottom: 1px solid #7f7f7f;
     border-right: 1px solid #7f7f7f;
     background-color: #FFF;
+}
 .yui-skin-sam .yui-dt-scrollable .yui-dt-data tr.yui-dt-last td { border-bottom: 1px solid #7f7f7f }
 .yui-skin-sam th.yui-dt-asc,
 .yui-skin-sam th.yui-dt-desc { background: url(../images/sprite.png) repeat-x 0 -100px }
 .yui-skin-sam th.yui-dt-sortable .yui-dt-label { margin-right: 10px }
 .yui-skin-sam th.yui-dt-asc .yui-dt-liner { background: url(../images/dt-arrow-up.png) no-repeat right }
 .yui-skin-sam th.yui-dt-desc .yui-dt-liner { background: url(../images/dt-arrow-dn.png) no-repeat right }
 tbody .yui-dt-editable { cursor: pointer }
 .yui-dt-editor {
     text-align: left;
     background-color: #f2f2f2;
     border: 1px solid #808080;
     padding: 6px;
+}
 .yui-dt-editor label {
     padding-left: 4px;
     padding-right: 6px;
+}
 .yui-dt-editor .yui-dt-button {
     padding-top: 6px;
     text-align: right;
+}
 .yui-dt-editor .yui-dt-button button {
     background: url(../images/sprite.png) repeat-x 0 0;
     border: 1px solid #999;
     width: 4em;
     height: 1.8em;
     margin-left: 6px;
+}
 .yui-dt-editor .yui-dt-button button.yui-dt-default {
     background: url(../images/sprite.png) repeat-x 0 -1400px;
     background-color: #5584e0;
     border: 1px solid #304369;
     color: #FFF;
+}
 .yui-dt-editor .yui-dt-button button:hover {
     background: url(../images/sprite.png) repeat-x 0 -1300px;
     color: #000;
+}
 .yui-dt-editor .yui-dt-button button:active {
     background: url(../images/sprite.png) repeat-x 0 -1700px;
     color: #000;
+}
 .yui-skin-sam tr.yui-dt-even { background-color: #FFF }
 .yui-skin-sam tr.yui-dt-odd { background-color: #edf5ff }
 .yui-skin-sam tr.yui-dt-even td.yui-dt-asc,
 .yui-skin-sam tr.yui-dt-even td.yui-dt-desc { background-color: #edf5ff }
 .yui-skin-sam tr.yui-dt-odd td.yui-dt-asc,
 .yui-skin-sam tr.yui-dt-odd td.yui-dt-desc { background-color: #dbeaff }
 .yui-skin-sam .yui-dt-list tr.yui-dt-even { background-color: #FFF }
 .yui-skin-sam .yui-dt-list tr.yui-dt-odd { background-color: #FFF }
 .yui-skin-sam .yui-dt-list tr.yui-dt-even td.yui-dt-asc,
 .yui-skin-sam .yui-dt-list tr.yui-dt-even td.yui-dt-desc { background-color: #edf5ff }
 .yui-skin-sam .yui-dt-list tr.yui-dt-odd td.yui-dt-asc,
 .yui-skin-sam .yui-dt-list tr.yui-dt-odd td.yui-dt-desc { background-color: #edf5ff }
 .yui-skin-sam th.yui-dt-highlighted,
 .yui-skin-sam th.yui-dt-highlighted a { background-color: #b2d2ff }
 .yui-skin-sam tr.yui-dt-highlighted,
 .yui-skin-sam tr.yui-dt-highlighted td.yui-dt-asc,
 .yui-skin-sam tr.yui-dt-highlighted td.yui-dt-desc,
 .yui-skin-sam tr.yui-dt-even td.yui-dt-highlighted,
 .yui-skin-sam tr.yui-dt-odd td.yui-dt-highlighted {
     cursor: pointer;
     background-color: #b2d2ff;
+}
 .yui-skin-sam .yui-dt-list th.yui-dt-highlighted,
 .yui-skin-sam .yui-dt-list th.yui-dt-highlighted a { background-color: #b2d2ff }
 .yui-skin-sam .yui-dt-list tr.yui-dt-highlighted,
 .yui-skin-sam .yui-dt-list tr.yui-dt-highlighted td.yui-dt-asc,
 .yui-skin-sam .yui-dt-list tr.yui-dt-highlighted td.yui-dt-desc,
 .yui-skin-sam .yui-dt-list tr.yui-dt-even td.yui-dt-highlighted,
 .yui-skin-sam .yui-dt-list tr.yui-dt-odd td.yui-dt-highlighted {
     cursor: pointer;
     background-color: #b2d2ff;
+}
 .yui-skin-sam th.yui-dt-selected,
 .yui-skin-sam th.yui-dt-selected a { background-color: #446cd7 }
 .yui-skin-sam tr.yui-dt-selected td,
 .yui-skin-sam tr.yui-dt-selected td.yui-dt-asc,
 .yui-skin-sam tr.yui-dt-selected td.yui-dt-desc {
     background-color: #426fd9;
     color: #FFF;
+}
 .yui-skin-sam tr.yui-dt-even td.yui-dt-selected,
 .yui-skin-sam tr.yui-dt-odd td.yui-dt-selected {
     background-color: #446cd7;
     color: #FFF;
+}
 .yui-skin-sam .yui-dt-list th.yui-dt-selected,
 .yui-skin-sam .yui-dt-list th.yui-dt-selected a { background-color: #446cd7 }
 .yui-skin-sam .yui-dt-list tr.yui-dt-selected td,
 .yui-skin-sam .yui-dt-list tr.yui-dt-selected td.yui-dt-asc,
 .yui-skin-sam .yui-dt-list tr.yui-dt-selected td.yui-dt-desc {
     background-color: #426fd9;
     color: #FFF;
+}
 .yui-skin-sam .yui-dt-list tr.yui-dt-even td.yui-dt-selected,
 .yui-skin-sam .yui-dt-list tr.yui-dt-odd td.yui-dt-selected {
     background-color: #446cd7;
     color: #FFF;
+}
 .yui-skin-sam .yui-dt-paginator {
     display: block;
     margin: 6px 0;
     white-space: nowrap;
+}
 .yui-skin-sam .yui-dt-paginator .yui-dt-first,
 .yui-skin-sam .yui-dt-paginator .yui-dt-last,
 .yui-skin-sam .yui-dt-paginator .yui-dt-selected { padding: 2px 6px }
 .yui-skin-sam .yui-dt-paginator a.yui-dt-first,
 .yui-skin-sam .yui-dt-paginator a.yui-dt-last { text-decoration: none }
 .yui-skin-sam .yui-dt-paginator .yui-dt-previous,
 .yui-skin-sam .yui-dt-paginator .yui-dt-next { display: none }
 .yui-skin-sam a.yui-dt-page {
     border: 1px solid #cbcbcb;
     padding: 2px 6px;
     text-decoration: none;
     background-color: #fff;
+}
 .yui-skin-sam .yui-dt-selected {
     border: 1px solid #fff;
     background-color: #fff;
+}
 #content #left {
 	left: 0;
 	width: 280px;
 	position: absolute;
+}
 #content #right {
 	margin: 0 60px 10px 290px;
+}
 #content div.box {
 	clear: both;
 	overflow: hidden;
 	background: #fff;
 	margin: 0 0 10px;
 	padding: 0 0 10px;
 	-webkit-border-radius: 4px 4px 4px 4px;
 	-khtml-border-radius: 4px 4px 4px 4px;
 	-moz-border-radius: 4px 4px 4px 4px;
 	border-radius: 4px 4px 4px 4px;
 	box-shadow: 0 2px 2px rgba(0, 0, 0, 0.6);
+}
 #content div.box-left {
 	width: 49%;
 	clear: none;
 	float: left;
 	margin: 0 0 10px;
+}
 #content div.box-right {
 	width: 49%;
 	clear: none;
 	float: right;
 	margin: 0 0 10px;
+}
 #content div.box div.title {
 	clear: both;
 	overflow: hidden;
 	background-color: #003B76;
 	background-repeat: repeat-x;
 	background-image: -khtml-gradient(linear, left top, left bottom, from(#003B76), to(#00376E) );
 	background-image: -moz-linear-gradient(top, #003b76, #00376e);
 	background-image: -ms-linear-gradient(top, #003b76, #00376e);
 	background-image: -webkit-gradient(linear, left top, left bottom, color-stop(0%, #003b76), color-stop(100%, #00376e) );
 	background-image: -webkit-linear-gradient(top, #003b76, #00376e);
 	background-image: -o-linear-gradient(top, #003b76, #00376e);
 	background-image: linear-gradient(top, #003b76, #00376e);
 	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#003b76', endColorstr='#00376e', GradientType=0 );
 	margin: 0 0 20px;
 	padding: 0;
+}
 #content div.box div.title h5 {
 	float: left;
 	border: none;
 	color: #fff;
 	text-transform: uppercase;
 	margin: 0;
 	padding: 11px 0 11px 10px;
+}
 #content div.box div.title .link-white{
 	color: #FFFFFF;
+}
 #content div.box div.title .link-white.current{
     color: #BFE3FF;
+}
 #content div.box div.title ul.links li {
 	list-style: none;
 	float: left;
 	margin: 0;
 	padding: 0;
+}
 #content div.box div.title ul.links li a {
 	border-left: 1px solid #316293;
 	color: #FFFFFF;
 	display: block;
 	float: left;
 	font-size: 13px;
 	font-weight: 700;
 	height: 1%;
 	margin: 0;
 	padding: 11px 22px 12px;
 	text-decoration: none;
+}
 #content div.box h1,#content div.box h2,#content div.box h3,#content div.box h4,#content div.box h5,#content div.box h6,
 #content div.box div.h1,#content div.box div.h2,#content div.box div.h3,#content div.box div.h4,#content div.box div.h5,#content div.box div.h6
+	{
 	clear: both;
 	overflow: hidden;
 	border-bottom: 1px solid #DDD;
 	margin: 10px 20px;
 	padding: 0 0 15px;
+}
 #content div.box p {
 	color: #5f5f5f;
 	font-size: 12px;
 	line-height: 150%;
 	margin: 0 24px 10px;
 	padding: 0;
+}
 #content div.box blockquote {
 	border-left: 4px solid #DDD;
 	color: #5f5f5f;
 	font-size: 11px;
 	line-height: 150%;
 	margin: 0 34px;
 	padding: 0 0 0 14px;
+}
 #content div.box blockquote p {
 	margin: 10px 0;
 	padding: 0;
+}
 #content div.box dl {
 	margin: 10px 0px;
+}
 #content div.box dt {
 	font-size: 12px;
 	margin: 0;
+}
 #content div.box dd {
 	font-size: 12px;
 	margin: 0;
 	padding: 8px 0 8px 15px;
+}
 #content div.box li {
 	font-size: 12px;
 	padding: 4px 0;
+}
 #content div.box ul.disc,#content div.box ul.circle {
 	margin: 10px 24px 10px 38px;
+}
 #content div.box ul.square {
 	margin: 10px 24px 10px 40px;
+}
 #content div.box img.left {
 	border: none;
 	float: left;
 	margin: 10px 10px 10px 0;
+}
 #content div.box img.right {
 	border: none;
 	float: right;
 	margin: 10px 0 10px 10px;
+}
 #content div.box div.messages {
 	clear: both;
 	overflow: hidden;
 	margin: 0 20px;
 	padding: 0;
+}
 #content div.box div.message {
 	clear: both;
 	overflow: hidden;
 	margin: 0;
 	padding: 5px 0;
     white-space: pre-wrap;
+}
 #content div.box div.expand {
 	width: 110%;
 	height:14px;
 	font-size:10px;
 	text-align:center;
 	cursor: pointer;
 	color:#666;
 	background:-webkit-gradient(linear,0% 50%,100% 50%,color-stop(0%,rgba(255,255,255,0)),color-stop(100%,rgba(64,96,128,0.1)));
 	background:-webkit-linear-gradient(top,rgba(255,255,255,0),rgba(64,96,128,0.1));
 	background:-moz-linear-gradient(top,rgba(255,255,255,0),rgba(64,96,128,0.1));
 	background:-o-linear-gradient(top,rgba(255,255,255,0),rgba(64,96,128,0.1));
 	background:-ms-linear-gradient(top,rgba(255,255,255,0),rgba(64,96,128,0.1));
 	background:linear-gradient(top,rgba(255,255,255,0),rgba(64,96,128,0.1));
 	display: none;
+}
 #content div.box div.expand .expandtext {
 	background-color: #ffffff;
 	padding: 2px;
 	border-radius: 2px;
+}
 #content div.box div.message a {
 	font-weight: 400 !important;
+}
 #content div.box div.message div.image {
 	float: left;
 	margin: 9px 0 0 5px;
 	padding: 6px;
+}
 #content div.box div.message div.image img {
 	vertical-align: middle;
 	margin: 0;
+}
 #content div.box div.message div.text {
 	float: left;
 	margin: 0;
 	padding: 9px 6px;
+}
 #content div.box div.message div.dismiss a {
 	height: 16px;
 	width: 16px;
 	display: block;
 	background: url("../images/icons/cross.png") no-repeat;
 	margin: 15px 14px 0 0;
 	padding: 0;
+}
 #content div.box div.message div.text h1,#content div.box div.message div.text h2,#content div.box div.message div.text h3,#content div.box div.message div.text h4,#content div.box div.message div.text h5,#content div.box div.message div.text h6
+	{
 	border: none;
 	margin: 0;
 	padding: 0;
+}
 #content div.box div.message div.text span {
 	height: 1%;
 	display: block;
 	margin: 0;
 	padding: 5px 0 0;
+}
 #content div.box div.message-error {
 	height: 1%;
 	clear: both;
 	overflow: hidden;
 	background: #FBE3E4;
 	border: 1px solid #FBC2C4;
 	color: #860006;
+}
 #content div.box div.message-error h6 {
 	color: #860006;
+}
 #content div.box div.message-warning {
 	height: 1%;
 	clear: both;
 	overflow: hidden;
 	background: #FFF6BF;
 	border: 1px solid #FFD324;
 	color: #5f5200;
+}
 #content div.box div.message-warning h6 {
 	color: #5f5200;
+}
 #content div.box div.message-notice {
 	height: 1%;
 	clear: both;
 	overflow: hidden;
 	background: #8FBDE0;
 	border: 1px solid #6BACDE;
 	color: #003863;
+}
 #content div.box div.message-notice h6 {
 	color: #003863;
+}
 #content div.box div.message-success {
 	height: 1%;
 	clear: both;
 	overflow: hidden;
 	background: #E6EFC2;
 	border: 1px solid #C6D880;
 	color: #4e6100;
+}
 #content div.box div.message-success h6 {
 	color: #4e6100;
+}
 #content div.box div.form div.fields div.field {
 	height: 1%;
 	border-bottom: 1px solid #DDD;
 	clear: both;
 	margin: 0;
 	padding: 10px 0;
+}
 #content div.box div.form div.fields div.field-first {
 	padding: 0 0 10px;
+}
 #content div.box div.form div.fields div.field-noborder {
 	border-bottom: 0 !important;
+}
 #content div.box div.form div.fields div.field span.error-message {
 	height: 1%;
 	display: inline-block;
 	color: red;
 	margin: 8px 0 0 4px;
 	padding: 0;
+}
 #content div.box div.form div.fields div.field span.success {
 	height: 1%;
 	display: block;
 	color: #316309;
 	margin: 8px 0 0;
 	padding: 0;
+}
 #content div.box div.form div.fields div.field div.label {
 	left: 70px;
 	width: 155px;
 	position: absolute;
 	margin: 0;
 	padding: 5px 0 0 0px;
+}
 #content div.box div.form div.fields div.field div.label-summary {
     left: 30px;
     width: 155px;
     position: absolute;
     margin: 0;
     padding: 0px 0 0 0px;
+}
 #content div.box-left div.form div.fields div.field div.label,
 #content div.box-right div.form div.fields div.field div.label,
 #content div.box-left div.form div.fields div.field div.label,
 #content div.box-left div.form div.fields div.field div.label-summary,
 #content div.box-right div.form div.fields div.field div.label-summary,
 #content div.box-left div.form div.fields div.field div.label-summary
+	{
 	clear: both;
 	overflow: hidden;
 	left: 0;
 	width: auto;
 	position: relative;
 	margin: 0;
 	padding: 0 0 8px;
+}
 #content div.box div.form div.fields div.field div.label-select {
 	padding: 5px 0 0 5px;
+}
 #content div.box-left div.form div.fields div.field div.label-select,
 #content div.box-right div.form div.fields div.field div.label-select
+	{
 	padding: 0 0 8px;
+}
 #content div.box-left div.form div.fields div.field div.label-textarea,
 #content div.box-right div.form div.fields div.field div.label-textarea
+	{
 	padding: 0 0 8px !important;
+}
 #content div.box div.form div.fields div.field div.label label,div.label label
+	{
 	color: #393939;
 	font-weight: 700;
+}
 #content div.box div.form div.fields div.field div.label label,div.label-summary label
+    {
     color: #393939;
     font-weight: 700;
+}
 #content div.box div.form div.fields div.field div.input {
 	margin: 0 0 0 200px;
+}
 #content div.box div.form div.fields div.field div.input.summary {
     margin: 0 0 0 110px;
+}
 #content div.box div.form div.fields div.field div.input.summary-short {
     margin: 0 0 0 110px;
+}
 #content div.box div.form div.fields div.field div.file {
 	margin: 0 0 0 200px;
+}
 #content div.box-left div.form div.fields div.field div.input,#content div.box-right div.form div.fields div.field div.input
+	{
 	margin: 0 0 0 0px;
+}
 #content div.box div.form div.fields div.field div.input input,
 .reviewer_ac input {
 	background: #FFF;
 	border-top: 1px solid #b3b3b3;
 	border-left: 1px solid #b3b3b3;
 	border-right: 1px solid #eaeaea;
 	border-bottom: 1px solid #eaeaea;
 	color: #000;
 	font-size: 11px;
 	margin: 0;
 	padding: 7px 7px 6px;
+}
 #content div.box div.form div.fields div.field div.input input#clone_url,
 #content div.box div.form div.fields div.field div.input input#clone_url_id
+{
     font-size: 16px;
     padding: 2px;
+}
 #content div.box div.form div.fields div.field div.file input {
 	background: none repeat scroll 0 0 #FFFFFF;
 	border-color: #B3B3B3 #EAEAEA #EAEAEA #B3B3B3;
 	border-style: solid;
 	border-width: 1px;
 	color: #000000;
 	font-size: 11px;
 	margin: 0;
 	padding: 7px 7px 6px;
+}
 input.disabled {
     background-color: #F5F5F5 !important;
+}
 #content div.box div.form div.fields div.field div.input input.small {
 	width: 30%;
+}
 #content div.box div.form div.fields div.field div.input input.medium {
 	width: 55%;
+}
 #content div.box div.form div.fields div.field div.input input.large {
 	width: 85%;
+}
 #content div.box div.form div.fields div.field div.input input.date {
 	width: 177px;
+}
 #content div.box div.form div.fields div.field div.input input.button {
 	background: #D4D0C8;
 	border-top: 1px solid #FFF;
 	border-left: 1px solid #FFF;
 	border-right: 1px solid #404040;
 	border-bottom: 1px solid #404040;
 	color: #000;
 	margin: 0;
 	padding: 4px 8px;
+}
 #content div.box div.form div.fields div.field div.textarea {
 	border-top: 1px solid #b3b3b3;
 	border-left: 1px solid #b3b3b3;
 	border-right: 1px solid #eaeaea;
 	border-bottom: 1px solid #eaeaea;
 	margin: 0 0 0 200px;
 	padding: 10px;
+}
 #content div.box div.form div.fields div.field div.textarea-editor {
 	border: 1px solid #ddd;
 	padding: 0;
+}
 #content div.box div.form div.fields div.field div.textarea textarea {
 	width: 100%;
 	height: 220px;
 	overflow: hidden;
 	background: #FFF;
 	color: #000;
 	font-size: 11px;
 	outline: none;
 	border-width: 0;
 	margin: 0;
 	padding: 0;
+}
 #content div.box-left div.form div.fields div.field div.textarea textarea,#content div.box-right div.form div.fields div.field div.textarea textarea
+	{
 	width: 100%;
 	height: 100px;
+}
 #content div.box div.form div.fields div.field div.textarea table {
 	width: 100%;
 	border: none;
 	margin: 0;
 	padding: 0;
+}
 #content div.box div.form div.fields div.field div.textarea table td {
 	background: #DDD;
 	border: none;
 	padding: 0;
+}
 #content div.box div.form div.fields div.field div.textarea table td table
+	{
 	width: auto;
 	border: none;
 	margin: 0;
 	padding: 0;
+}
 #content div.box div.form div.fields div.field div.textarea table td table td
+	{
 	font-size: 11px;
 	padding: 5px 5px 5px 0;
+}
 #content div.box div.form div.fields div.field input[type=text]:focus,
 #content div.box div.form div.fields div.field input[type=password]:focus,
 #content div.box div.form div.fields div.field input[type=file]:focus,
 #content div.box div.form div.fields div.field textarea:focus,
 #content div.box div.form div.fields div.field select:focus,
 .reviewer_ac input:focus
+	{
 	background: #f6f6f6;
 	border-color: #666;
+}
 .reviewer_ac {
 	padding:10px
+}
 div.form div.fields div.field div.button {
 	margin: 0;
 	padding: 0 0 0 8px;
+}
 #content div.box table.noborder {
 	border: 1px solid transparent;
+}
 #content div.box table {
 	width: 100%;
 	border-collapse: separate;
 	margin: 0;
 	padding: 0;
 	border: 1px solid #eee;
     -webkit-border-radius: 4px;
     -moz-border-radius: 4px;
     border-radius: 4px;
+}
 #content div.box table th {
 	background: #eee;
 	border-bottom: 1px solid #ddd;
 	padding: 5px 0px 5px 5px;
 	text-align: left;
+}
 #content div.box table th.left {
 	text-align: left;
+}
 #content div.box table th.right {
 	text-align: right;
+}
 #content div.box table th.center {
 	text-align: center;
+}
 #content div.box table th.selected {
 	vertical-align: middle;
 	padding: 0;
+}
 #content div.box table td {
 	background: #fff;
 	border-bottom: 1px solid #cdcdcd;
 	vertical-align: middle;
 	padding: 5px;
+}
 #content div.box table tr.selected td {
 	background: #FFC;
+}
 #content div.box table td.selected {
 	width: 3%;
 	text-align: center;
 	vertical-align: middle;
 	padding: 0;
+}
 #content div.box table td.action {
 	width: 45%;
 	text-align: left;
+}
 #content div.box table td.date {
 	width: 33%;
 	text-align: center;
+}
 #content div.box div.action {
 	float: right;
 	background: #FFF;
 	text-align: right;
 	margin: 10px 0 0;
 	padding: 0;
+}
 #content div.box div.action select {
 	font-size: 11px;
 	margin: 0;
+}
 #content div.box div.action .ui-selectmenu {
 	margin: 0;
 	padding: 0;
+}
 #content div.box div.pagination {
 	height: 1%;
 	clear: both;
 	overflow: hidden;
 	margin: 10px 0 0;
 	padding: 0;
+}
 #content div.box div.pagination ul.pager {
 	float: right;
 	text-align: right;
 	margin: 0;
 	padding: 0;
+}
 #content div.box div.pagination ul.pager li {
 	height: 1%;
 	float: left;
 	list-style: none;
 	background: #ebebeb url("../images/pager.png") repeat-x;
 	border-top: 1px solid #dedede;
 	border-left: 1px solid #cfcfcf;
 	border-right: 1px solid #c4c4c4;
 	border-bottom: 1px solid #c4c4c4;
 	color: #4A4A4A;
 	font-weight: 700;
 	margin: 0 0 0 4px;
 	padding: 0;
+}
 #content div.box div.pagination ul.pager li.separator {
 	padding: 6px;
+}
 #content div.box div.pagination ul.pager li.current {
 	background: #b4b4b4 url("../images/pager_selected.png") repeat-x;
 	border-top: 1px solid #ccc;
 	border-left: 1px solid #bebebe;
 	border-right: 1px solid #b1b1b1;
 	border-bottom: 1px solid #afafaf;
 	color: #515151;
 	padding: 6px;
+}
 #content div.box div.pagination ul.pager li a {
 	height: 1%;
 	display: block;
 	float: left;
 	color: #515151;
 	text-decoration: none;
 	margin: 0;
 	padding: 6px;
+}
 #content div.box div.pagination ul.pager li a:hover,#content div.box div.pagination ul.pager li a:active
+	{
 	background: #b4b4b4 url("../images/pager_selected.png") repeat-x;
 	border-top: 1px solid #ccc;
 	border-left: 1px solid #bebebe;
 	border-right: 1px solid #b1b1b1;
 	border-bottom: 1px solid #afafaf;
 	margin: -1px;
+}
 #content div.box div.pagination-wh {
 	height: 1%;
 	clear: both;
 	overflow: hidden;
 	text-align: right;
 	margin: 10px 0 0;
 	padding: 0;
+}
 #content div.box div.pagination-right {
 	float: right;
+}
 #content div.box div.pagination-wh a,
 #content div.box div.pagination-wh span.pager_dotdot,
 #content div.box div.pagination-wh span.yui-pg-previous,
 #content div.box div.pagination-wh span.yui-pg-last,
 #content div.box div.pagination-wh span.yui-pg-next,
 #content div.box div.pagination-wh span.yui-pg-first
+	{
 	height: 1%;
 	float: left;
 	background: #ebebeb url("../images/pager.png") repeat-x;
 	border-top: 1px solid #dedede;
 	border-left: 1px solid #cfcfcf;
 	border-right: 1px solid #c4c4c4;
 	border-bottom: 1px solid #c4c4c4;
 	color: #4A4A4A;
 	font-weight: 700;
 	margin: 0 0 0 4px;
 	padding: 6px;
+}
 #content div.box div.pagination-wh span.pager_curpage {
 	height: 1%;
 	float: left;
 	background: #b4b4b4 url("../images/pager_selected.png") repeat-x;
 	border-top: 1px solid #ccc;
 	border-left: 1px solid #bebebe;
 	border-right: 1px solid #b1b1b1;
 	border-bottom: 1px solid #afafaf;
 	color: #515151;
 	font-weight: 700;
 	margin: 0 0 0 4px;
 	padding: 6px;
+}
 #content div.box div.pagination-wh a:hover,#content div.box div.pagination-wh a:active
+	{
 	background: #b4b4b4 url("../images/pager_selected.png") repeat-x;
 	border-top: 1px solid #ccc;
 	border-left: 1px solid #bebebe;
 	border-right: 1px solid #b1b1b1;
 	border-bottom: 1px solid #afafaf;
 	text-decoration: none;
+}
 #content div.box div.traffic div.legend {
 	clear: both;
 	overflow: hidden;
 	border-bottom: 1px solid #ddd;
 	margin: 0 0 10px;
 	padding: 0 0 10px;
+}
 #content div.box div.traffic div.legend h6 {
 	float: left;
 	border: none;
 	margin: 0;
 	padding: 0;
+}
 #content div.box div.traffic div.legend li {
 	list-style: none;
 	float: left;
 	font-size: 11px;
 	margin: 0;
 	padding: 0 8px 0 4px;
+}
 #content div.box div.traffic div.legend li.visits {
 	border-left: 12px solid #edc240;
+}
 #content div.box div.traffic div.legend li.pageviews {
 	border-left: 12px solid #afd8f8;
+}
 #content div.box div.traffic table {
 	width: auto;
+}
 #content div.box div.traffic table td {
 	background: transparent;
 	border: none;
 	padding: 2px 3px 3px;
+}
 #content div.box div.traffic table td.legendLabel {
 	padding: 0 3px 2px;
+}
 #summary {
+}
 #summary .metatag {
     display: inline-block;
     padding: 3px 5px;
     margin-bottom: 3px;
     margin-right: 1px;
     border-radius: 5px;
+}
 #content div.box #summary p {
     margin-bottom: -5px;
         width: 600px;
         white-space: pre-wrap;
+}
 #content div.box #summary p:last-child {
     margin-bottom: 9px;
+}
 #content div.box #summary p:first-of-type {
     margin-top: 9px;
+}
  .metatag {
     display: inline-block;
     margin-right: 1px;
     -webkit-border-radius: 4px 4px 4px 4px;
     -khtml-border-radius: 4px 4px 4px 4px;
     -moz-border-radius: 4px 4px 4px 4px;
     border-radius: 4px 4px 4px 4px;
     border: solid 1px #9CF;
     padding: 2px 3px 2px 3px !important;
     background-color: #DEF;
+}
 .metatag[tag="dead"] {
 	background-color: #E44;
+}
 .metatag[tag="stale"] {
     background-color: #EA4;
+}
 .metatag[tag="featured"] {
 	background-color: #AEA;
+}
 .metatag[tag="requires"] {
 	background-color: #9CF;
+}
 .metatag[tag="recommends"] {
 	background-color: #BDF;
+}
 .metatag[tag="lang"] {
     background-color: #FAF474;
+}
 .metatag[tag="license"] {
     border: solid 1px #9CF;
     background-color: #DEF;
     target-new: tab !important;
+}
 .metatag[tag="see"] {
     border: solid 1px #CBD;
     background-color: #EDF;
+}
 a.metatag[tag="license"]:hover {
     background-color: #003367;
     color: #FFF;
     text-decoration: none;
+}
 #summary .desc {
 	white-space: pre;
 	width: 100%;
+}
 #summary .repo_name {
 	font-size: 1.6em;
 	font-weight: bold;
 	vertical-align: baseline;
 	clear: right
+}
 #footer {
 	clear: both;
 	overflow: hidden;
 	text-align: right;
 	margin: 0;
 	padding: 0 10px 4px;
 	margin: -10px 0 0;
+}
 #footer div#footer-inner {
 	background-color: #003B76;
 	background-repeat : repeat-x;
 	background-image : -khtml-gradient( linear, left top, left bottom, from(#003B76), to(#00376E));
 	background-image : -moz-linear-gradient(top, #003b76, #00376e);
 	background-image : -ms-linear-gradient( top, #003b76, #00376e);
 	background-image : -webkit-gradient( linear, left top, left bottom, color-stop( 0%, #003b76), color-stop( 100%, #00376e));
 	background-image : -webkit-linear-gradient( top, #003b76, #00376e));
 	background-image : -o-linear-gradient( top, #003b76, #00376e));
 	background-image : linear-gradient( top, #003b76, #00376e);
 	filter :progid : DXImageTransform.Microsoft.gradient ( startColorstr = '#003b76', endColorstr = '#00376e', GradientType = 0);
 	box-shadow: 0 2px 2px rgba(0, 0, 0, 0.6);
 	-webkit-border-radius: 4px 4px 4px 4px;
 	-khtml-border-radius: 4px 4px 4px 4px;
 	-moz-border-radius: 4px 4px 4px 4px;
 	border-radius: 4px 4px 4px 4px;
+}
 #footer div#footer-inner p {
 	padding: 15px 25px 15px 0;
 	color: #FFF;
 	font-weight: 700;
+}
 #footer div#footer-inner .footer-link {
 	float: left;
 	padding-left: 10px;
+}
 #footer div#footer-inner .footer-link a,#footer div#footer-inner .footer-link-right a
+	{
 	color: #FFF;
+}
 #login div.title {
 	width: 420px;
 	clear: both;
 	overflow: hidden;
 	position: relative;
 	background-color: #003B76;
 	background-repeat : repeat-x;
 	background-image : -khtml-gradient( linear, left top, left bottom, from(#003B76), to(#00376E));
 	background-image : -moz-linear-gradient( top, #003b76, #00376e);
 	background-image : -ms-linear-gradient( top, #003b76, #00376e);
 	background-image : -webkit-gradient( linear, left top, left bottom, color-stop( 0%, #003b76), color-stop( 100%, #00376e));
 	background-image : -webkit-linear-gradient( top, #003b76, #00376e));
 	background-image : -o-linear-gradient( top, #003b76, #00376e));
 	background-image : linear-gradient( top, #003b76, #00376e);
 	filter : progid : DXImageTransform.Microsoft.gradient ( startColorstr = '#003b76', endColorstr = '#00376e', GradientType = 0);
 	margin: 0 auto;
 	padding: 0;
+}
 #login div.inner {
 	width: 380px;
 	background: #FFF url("../images/login.png") no-repeat top left;
 	border-top: none;
 	border-bottom: none;
 	margin: 0 auto;
 	padding: 20px;
+}
 #login div.form div.fields div.field div.label {
 	width: 173px;
 	float: left;
 	text-align: right;
 	margin: 2px 10px 0 0;
 	padding: 5px 0 0 5px;
+}
 #login div.form div.fields div.field div.input input {
 	width: 176px;
 	background: #FFF;
 	border-top: 1px solid #b3b3b3;
 	border-left: 1px solid #b3b3b3;
 	border-right: 1px solid #eaeaea;
 	border-bottom: 1px solid #eaeaea;
 	color: #000;
 	font-size: 11px;
 	margin: 0;
 	padding: 7px 7px 6px;
+}
 #login div.form div.fields div.buttons {
 	clear: both;
 	overflow: hidden;
 	border-top: 1px solid #DDD;
 	text-align: right;
 	margin: 0;
 	padding: 10px 0 0;
+}
 #login div.form div.links {
 	clear: both;
 	overflow: hidden;
 	margin: 10px 0 0;
 	padding: 0 0 2px;
+}
 .user-menu{
     margin: 0px !important;
     float: left;
+}
 .user-menu .container{
     padding:0px 4px 0px 4px;
     margin: 0px 0px 0px 0px;
+}
 .user-menu .gravatar{
     margin: 0px 0px 0px 0px;
     cursor: pointer;
+}
 .user-menu .gravatar.enabled{
 	background-color: #FDF784 !important;
+}
 .user-menu .gravatar:hover{
     background-color: #FDF784 !important;
+}
 #quick_login{
     min-height: 80px;
     margin: 37px 0 0 -251px;
     padding: 4px;
     position: absolute;
     width: 278px;
     background-color: #003B76;
     background-repeat: repeat-x;
     background-image: -khtml-gradient(linear, left top, left bottom, from(#003B76), to(#00376E) );
     background-image: -moz-linear-gradient(top, #003b76, #00376e);
     background-image: -ms-linear-gradient(top, #003b76, #00376e);
     background-image: -webkit-gradient(linear, left top, left bottom, color-stop(0%, #003b76), color-stop(100%, #00376e) );
     background-image: -webkit-linear-gradient(top, #003b76, #00376e);
     background-image: -o-linear-gradient(top, #003b76, #00376e);
     background-image: linear-gradient(top, #003b76, #00376e);
     filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#003b76', endColorstr='#00376e', GradientType=0 );
 	z-index: 999;
 	-webkit-border-radius: 0px 0px 4px 4px;
 	-khtml-border-radius: 0px 0px 4px 4px;
 	-moz-border-radius: 0px 0px 4px 4px;
 	border-radius: 0px 0px 4px 4px;
 	box-shadow: 0 2px 2px rgba(0, 0, 0, 0.6);
+}
 #quick_login h4{
     color: #fff;
     padding: 5px 0px 5px 14px;
+}
 #quick_login .password_forgoten {
 	padding-right: 10px;
 	padding-top: 0px;
 	text-align: left;
+}
 #quick_login .password_forgoten a {
 	font-size: 10px;
 	color: #fff;
+}
 #quick_login .register {
 	padding-right: 10px;
 	padding-top: 5px;
 	text-align: left;
+}
 #quick_login .register a {
 	font-size: 10px;
 	color: #fff;
+}
 #quick_login .submit {
     margin: -20px 0 0 0px;
     position: absolute;
     right: 15px;
+}
 #quick_login .links_left{
 	float: left;
+}
 #quick_login .links_right{
     float: right;
+}
 #quick_login .full_name{
     color: #FFFFFF;
     font-weight: bold;
     padding: 3px;
+}
 #quick_login .big_gravatar{
 	padding:4px 0px 0px 6px;
+}
 #quick_login .inbox{
     padding:4px 0px 0px 6px;
     color: #FFFFFF;
     font-weight: bold;
+}
 #quick_login .inbox a{
 	color: #FFFFFF;
+}
 #quick_login .email,#quick_login .email a{
     color: #FFFFFF;
     padding: 3px;
+}
 #quick_login .links .logout{
+}
 #quick_login div.form div.fields {
 	padding-top: 2px;
 	padding-left: 10px;
+}
 #quick_login div.form div.fields div.field {
 	padding: 5px;
+}
 #quick_login div.form div.fields div.field div.label label {
 	color: #fff;
 	padding-bottom: 3px;
+}
 #quick_login div.form div.fields div.field div.input input {
 	width: 236px;
 	background: #FFF;
 	border-top: 1px solid #b3b3b3;
 	border-left: 1px solid #b3b3b3;
 	border-right: 1px solid #eaeaea;
 	border-bottom: 1px solid #eaeaea;
 	color: #000;
 	font-size: 11px;
 	margin: 0;
 	padding: 5px 7px 4px;
+}
 #quick_login div.form div.fields div.buttons {
 	clear: both;
 	overflow: hidden;
 	text-align: right;
 	margin: 0;
 	padding: 5px 14px 0px 5px;
+}
 #quick_login div.form div.links {
 	clear: both;
 	overflow: hidden;
 	margin: 10px 0 0;
 	padding: 0 0 2px;
+}
 #quick_login ol.links{
     display: block;
     font-weight: bold;
     list-style: none outside none;
     text-align: right;
+}
 #quick_login ol.links li{
     line-height: 27px;
     margin: 0;
     padding: 0;
     color: #fff;
     display: block;
     float:none !important;
+}
 #quick_login ol.links li a{
     color: #fff;
     display: block;
     padding: 2px;
+}
 #quick_login ol.links li a:HOVER{
     background-color: inherit !important;
+}
 #register div.title {
 	clear: both;
 	overflow: hidden;
 	position: relative;
     background-color: #003B76;
     background-repeat: repeat-x;
     background-image: -khtml-gradient(linear, left top, left bottom, from(#003B76), to(#00376E) );
     background-image: -moz-linear-gradient(top, #003b76, #00376e);
     background-image: -ms-linear-gradient(top, #003b76, #00376e);
     background-image: -webkit-gradient(linear, left top, left bottom, color-stop(0%, #003b76), color-stop(100%, #00376e) );
     background-image: -webkit-linear-gradient(top, #003b76, #00376e);
     background-image: -o-linear-gradient(top, #003b76, #00376e);
     background-image: linear-gradient(top, #003b76, #00376e);
     filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#003b76',
         endColorstr='#00376e', GradientType=0 );
 	margin: 0 auto;
 	padding: 0;
+}
 #register div.inner {
 	background: #FFF;
 	border-top: none;
 	border-bottom: none;
 	margin: 0 auto;
 	padding: 20px;
+}
 #register div.form div.fields div.field div.label {
 	width: 135px;
 	float: left;
 	text-align: right;
 	margin: 2px 10px 0 0;
 	padding: 5px 0 0 5px;
+}
 #register div.form div.fields div.field div.input input {
 	width: 300px;
 	background: #FFF;
 	border-top: 1px solid #b3b3b3;
 	border-left: 1px solid #b3b3b3;
 	border-right: 1px solid #eaeaea;
 	border-bottom: 1px solid #eaeaea;
 	color: #000;
 	font-size: 11px;
 	margin: 0;
 	padding: 7px 7px 6px;
+}
 #register div.form div.fields div.buttons {
 	clear: both;
 	overflow: hidden;
 	border-top: 1px solid #DDD;
 	text-align: left;
 	margin: 0;
 	padding: 10px 0 0 150px;
+}
 #register div.form div.activation_msg {
 	padding-top: 4px;
 	padding-bottom: 4px;
+}
 #journal .journal_day {
 	font-size: 20px;
 	padding: 10px 0px;
 	border-bottom: 2px solid #DDD;
 	margin-left: 10px;
 	margin-right: 10px;
+}
 #journal .journal_container {
 	padding: 5px;
 	clear: both;
 	margin: 0px 5px 0px 10px;
+}
 #journal .journal_action_container {
 	padding-left: 38px;
+}
 #journal .journal_user {
 	color: #747474;
 	font-size: 14px;
 	font-weight: bold;
 	height: 30px;
+}
 #journal .journal_user.deleted {
     color: #747474;
     font-size: 14px;
     font-weight: normal;
     height: 30px;
     font-style: italic;
+}
 #journal .journal_icon {
 	clear: both;
 	float: left;
 	padding-right: 4px;
 	padding-top: 3px;
+}
 #journal .journal_action {
 	padding-top: 4px;
 	min-height: 2px;
 	float: left
+}
 #journal .journal_action_params {
 	clear: left;
 	padding-left: 22px;
+}
 #journal .journal_repo {
 	float: left;
 	margin-left: 6px;
 	padding-top: 3px;
+}
 #journal .date {
 	clear: both;
 	color: #777777;
 	font-size: 11px;
 	padding-left: 22px;
+}
 #journal .journal_repo .journal_repo_name {
 	font-weight: bold;
 	font-size: 1.1em;
+}
 #journal .compare_view {
 	padding: 5px 0px 5px 0px;
 	width: 95px;
+}
 .journal_highlight {
 	font-weight: bold;
 	padding: 0 2px;
 	vertical-align: bottom;
+}
 .trending_language_tbl,.trending_language_tbl td {
 	border: 0 !important;
 	margin: 0 !important;
 	padding: 0 !important;
+}
 .trending_language_tbl,.trending_language_tbl tr {
     border-spacing: 1px;
+}
 .trending_language {
 	background-color: #003367;
 	color: #FFF;
 	display: block;
 	min-width: 20px;
 	text-decoration: none;
 	height: 12px;
 	margin-bottom: 0px;
 	margin-left: 5px;
 	white-space: pre;
 	padding: 3px;
+}
 h3.files_location {
 	font-size: 1.8em;
 	font-weight: 700;
 	border-bottom: none !important;
 	margin: 10px 0 !important;
+}
 #files_data dl dt {
 	float: left;
 	width: 60px;
 	margin: 0 !important;
 	padding: 5px;
+}
 #files_data dl dd {
 	margin: 0 !important;
 	padding: 5px !important;
+}
 .file_history{
 	padding-top:10px;
 	font-size:16px;
+}
 .file_author{
 	float: left;
+}
 .file_author .item{
 	float:left;
 	padding:5px;
 	color: #888;
+}
 .tablerow0 {
 	background-color: #F8F8F8;
+}
 .tablerow1 {
     background-color: #FFFFFF;
+}
 .changeset_id {
 	font-family: monospace;
 	color: #666666;
+}
 .changeset_hash {
 	color: #000000;
+}
 #changeset_content {
 	border-left: 1px solid #CCC;
 	border-right: 1px solid #CCC;
 	border-bottom: 1px solid #CCC;
 	padding: 5px;
+}
 #changeset_compare_view_content {
 	border: 1px solid #CCC;
 	padding: 5px;
+}
 #changeset_content .container {
 	min-height: 100px;
 	font-size: 1.2em;
 	overflow: hidden;
+}
 #changeset_compare_view_content .compare_view_commits {
 	width: auto !important;
+}
 #changeset_compare_view_content .compare_view_commits td {
 	padding: 0px 0px 0px 12px !important;
+}
 #changeset_content .container .right {
 	float: right;
 	width: 20%;
 	text-align: right;
+}
 #changeset_content .container .left .message {
 	white-space: pre-wrap;
+}
 #changeset_content .container .left .message a:hover {
 	text-decoration: none;
+}
 .cs_files .cur_cs {
 	margin: 10px 2px;
 	font-weight: bold;
+}
 .cs_files .node {
 	float: left;
+}
 .cs_files .changes {
 	float: right;
 	color:#003367;
+}
 .cs_files .changes .added {
 	background-color: #BBFFBB;
 	float: left;
 	text-align: center;
 	font-size: 9px;
     padding: 2px 0px 2px 0px;
+}
 .cs_files .changes .deleted {
 	background-color: #FF8888;
 	float: left;
 	text-align: center;
 	font-size: 9px;
     padding: 2px 0px 2px 0px;
+}
 /*new binary*/
 .cs_files .changes .bin1 {
     background-color: #BBFFBB;
     float: left;
     text-align: center;
     font-size: 9px;
     padding: 2px 0px 2px 0px;
+}
 /*deleted binary*/
 .cs_files .changes .bin2 {
     background-color: #FF8888;
     float: left;
     text-align: center;
     font-size: 9px;
     padding: 2px 0px 2px 0px;
+}
 /*mod binary*/
 .cs_files .changes .bin3 {
     background-color: #DDDDDD;
     float: left;
     text-align: center;
     font-size: 9px;
     padding: 2px 0px 2px 0px;
+}
 /*rename file*/
 .cs_files .changes .bin4 {
     background-color: #6D99FF;
     float: left;
     text-align: center;
     font-size: 9px;
     padding: 2px 0px 2px 0px;
+}
 .cs_files .cs_added,.cs_files .cs_A {
 	background: url("../images/icons/page_white_add.png") no-repeat scroll
 px;
 	height: 16px;
 	padding-left: 20px;
 	margin-top: 7px;
 	text-align: left;
+}
 .cs_files .cs_changed,.cs_files .cs_M {
 	background: url("../images/icons/page_white_edit.png") no-repeat scroll
 px;
 	height: 16px;
 	padding-left: 20px;
 	margin-top: 7px;
 	text-align: left;
+}
 .cs_files .cs_removed,.cs_files .cs_D {
 	background: url("../images/icons/page_white_delete.png") no-repeat
 		scroll 3px;
 	height: 16px;
 	padding-left: 20px;
 	margin-top: 7px;
 	text-align: left;
+}
 #graph {
 	overflow: hidden;
+}
 #graph_nodes {
 	float: left;
 	margin-right: 0px;
 	margin-top: 0px;
+}
 #graph_content {
 	width: 80%;
 	float: left;
+}
 #graph_content .container_header {
 	border-bottom: 1px solid #DDD;
 	padding: 10px;
 	height: 25px;
+}
 #graph_content #rev_range_container {
 	float: left;
 	margin: 0px 0px 0px 3px;
+}
 #graph_content #rev_range_clear {
     float: left;
     margin: 0px 0px 0px 3px;
+}
 #graph_content .container {
 	border-bottom: 1px solid #DDD;
 	height: 56px;
 	overflow: hidden;
+}
 #graph_content .container .right {
 	float: right;
 	width: 23%;
 	text-align: right;
+}
 #graph_content .container .left {
 	float: left;
 	width: 25%;
 	padding-left: 5px;
+}
 #graph_content .container .mid {
 	float: left;
 	width: 49%;
+}
 #graph_content .container .left .date {
 	color: #666;
 	padding-left: 22px;
 	font-size: 10px;
+}
 #graph_content .container .left .author {
 	height: 22px;
+}
 #graph_content .container .left .author .user {
 	color: #444444;
 	float: left;
 	margin-left: -4px;
 	margin-top: 4px;
+}
 #graph_content .container .mid .message {
 	white-space: pre-wrap;
+}
 #graph_content .container .mid .message a:hover{
 	text-decoration: none;
+}
 .revision-link
+ {
 	color:#3F6F9F;
     font-weight: bold !important;
+}
 .issue-tracker-link{
     color:#3F6F9F;
     font-weight: bold !important;
+}
 .changeset-status-container{
     padding-right: 5px;
     margin-top:1px;
     float:right;
     height:14px;
+}
 .code-header .changeset-status-container{
 	float:left;
 	padding:2px 0px 0px 2px;
+}
 .changeset-status-container .changeset-status-lbl{
 	color: rgb(136, 136, 136);
     float: left;
     padding: 3px 4px 0px 0px
+}
 .code-header .changeset-status-container .changeset-status-lbl{
     float: left;
     padding: 0px 4px 0px 0px;
+}
 .changeset-status-container .changeset-status-ico{
     float: left;
+}
 .code-header .changeset-status-container .changeset-status-ico, .container .changeset-status-ico{
     float: left;
+}
 .right .comments-container{
 	padding-right: 5px;
 	margin-top:1px;
 	float:right;
 	height:14px;
+}
 .right .comments-cnt{
     float: left;
     color: rgb(136, 136, 136);
     padding-right: 2px;
+}
 .right .changes{
 	clear: both;
+}
 .right .changes .changed_total {
 	display: block;
 	float: right;
 	text-align: center;
 	min-width: 45px;
 	cursor: pointer;
 	color: #444444;
 	background: #FEA;
 	-webkit-border-radius: 0px 0px 0px 6px;
 	-moz-border-radius: 0px 0px 0px 6px;
 	border-radius: 0px 0px 0px 6px;
 	padding: 1px;
+}
 .right .changes .added,.changed,.removed {
 	display: block;
 	padding: 1px;
 	color: #444444;
 	float: right;
 	text-align: center;
 	min-width: 15px;
+}
 .right .changes .added {
 	background: #CFC;
+}
 .right .changes .changed {
 	background: #FEA;
+}
 .right .changes .removed {
 	background: #FAA;
+}
 .right .merge {
   padding: 1px 3px 1px 3px;
   background-color: #fca062;
   font-size: 10px;
   font-weight: bold;
   color: #ffffff;
   text-transform: uppercase;
   white-space: nowrap;
   -webkit-border-radius: 3px;
   -moz-border-radius: 3px;
   border-radius: 3px;
   margin-right: 2px;
+}
 .right .parent {
 	color: #666666;
 	clear:both;
+}
 .right .logtags{
 	padding: 2px 2px 2px 2px;
+}
 .right .logtags .branchtag,.right .logtags .tagtag,.right .logtags .booktag{
     margin: 0px 2px;
+}
 .right .logtags .branchtag,.logtags .branchtag {
   padding: 1px 3px 1px 3px;
   background-color: #bfbfbf;
   font-size: 10px;
   font-weight: bold;
   color: #ffffff;
   text-transform: uppercase;
   white-space: nowrap;
   -webkit-border-radius: 3px;
   -moz-border-radius: 3px;
   border-radius: 3px;
+}
 .right .logtags .branchtag a:hover,.logtags .branchtag a{
 	color: #ffffff;
+}
 .right .logtags .branchtag a:hover,.logtags .branchtag a:hover{
 	text-decoration: none;
 	color: #ffffff;
+}
 .right .logtags .tagtag,.logtags .tagtag {
   padding: 1px 3px 1px 3px;
   background-color: #62cffc;
   font-size: 10px;
   font-weight: bold;
   color: #ffffff;
   text-transform: uppercase;
   white-space: nowrap;
   -webkit-border-radius: 3px;
   -moz-border-radius: 3px;
   border-radius: 3px;
+}
 .right .logtags .tagtag a:hover,.logtags .tagtag a{
 	color: #ffffff;
+}
 .right .logtags .tagtag a:hover,.logtags .tagtag a:hover{
     text-decoration: none;
     color: #ffffff;
+}
 .right .logbooks .bookbook,.logbooks .bookbook,.right .logtags .bookbook,.logtags .bookbook {
   padding: 1px 3px 1px 3px;
   background-color: #46A546;
   font-size: 10px;
   font-weight: bold;
   color: #ffffff;
   text-transform: uppercase;
   white-space: nowrap;
   -webkit-border-radius: 3px;
   -moz-border-radius: 3px;
   border-radius: 3px;
+}
 .right .logbooks .bookbook,.logbooks .bookbook a,.right .logtags .bookbook,.logtags .bookbook a{
 	color: #ffffff;
+}
 .right .logbooks .bookbook,.logbooks .bookbook a:hover,.right .logtags .bookbook,.logtags .bookbook a:hover{
     text-decoration: none;
     color: #ffffff;
+}
 div.browserblock {
 	overflow: hidden;
 	border: 1px solid #ccc;
 	background: #f8f8f8;
 	font-size: 100%;
 	line-height: 125%;
 	padding: 0;
     -webkit-border-radius: 6px 6px 0px 0px;
     -moz-border-radius: 6px 6px 0px 0px;
     border-radius: 6px 6px 0px 0px;
+}
 div.browserblock .browser-header {
 	background: #FFF;
 	padding: 10px 0px 15px 0px;
 	width: 100%;
+}
 div.browserblock .browser-nav {
 	float: left
+}
 div.browserblock .browser-branch {
 	float: left;
+}
 div.browserblock .browser-branch label {
 	color: #4A4A4A;
 	vertical-align: text-top;
+}
 div.browserblock .browser-header span {
 	margin-left: 5px;
 	font-weight: 700;
+}
 div.browserblock .browser-search {
 	clear: both;
 	padding: 8px 8px 0px 5px;
 	height: 20px;
+}
 div.browserblock #node_filter_box {
+}
 div.browserblock .search_activate {
 	float: left
+}
 div.browserblock .add_node {
 	float: left;
 	padding-left: 5px;
+}
 div.browserblock .search_activate a:hover,div.browserblock .add_node a:hover
+	{
 	text-decoration: none !important;
+}
 div.browserblock .browser-body {
 	background: #EEE;
 	border-top: 1px solid #CCC;
+}
 table.code-browser {
 	border-collapse: collapse;
 	width: 100%;
+}
 table.code-browser tr {
 	margin: 3px;
+}
 table.code-browser thead th {
 	background-color: #EEE;
 	height: 20px;
 	font-size: 1.1em;
 	font-weight: 700;
 	text-align: left;
 	padding-left: 10px;
+}
 table.code-browser tbody td {
 	padding-left: 10px;
 	height: 20px;
+}
 table.code-browser .browser-file {
 	background: url("../images/icons/document_16.png") no-repeat scroll 3px;
 	height: 16px;
 	padding-left: 20px;
 	text-align: left;
+}
 .diffblock .changeset_header {
     height: 16px;
+}
 .diffblock .changeset_file {
 	background: url("../images/icons/file.png") no-repeat scroll 3px;
 	text-align: left;
 	float: left;
 	padding: 2px 0px 2px 22px;
+}
 .diffblock .diff-menu-wrapper{
 	float: left;
+}
 .diffblock .diff-menu{
     position: absolute;
     background: none repeat scroll 0 0 #FFFFFF;
     border-color: #003367 #666666 #666666;
     border-right: 1px solid #666666;
     border-style: solid solid solid;
     border-width: 1px;
     box-shadow: 2px 8px 4px rgba(0, 0, 0, 0.2);
     margin-top:5px;
     margin-left:1px;
+}
 .diffblock .diff-actions {
     padding: 2px 0px 0px 2px;
     float: left;
+}
 .diffblock  .diff-menu ul li {
 	padding: 0px 0px 0px 0px !important;
+}
 .diffblock  .diff-menu ul li a{
 	display: block;
 	padding: 3px 8px 3px 8px !important;
+}
 .diffblock  .diff-menu ul li a:hover{
     text-decoration: none;
     background-color: #EEEEEE;
+}
 table.code-browser .browser-dir {
 	background: url("../images/icons/folder_16.png") no-repeat scroll 3px;
 	height: 16px;
 	padding-left: 20px;
 	text-align: left;
+}
 table.code-browser .submodule-dir {
     background: url("../images/icons/disconnect.png") no-repeat scroll 3px;
     height: 16px;
     padding-left: 20px;
     text-align: left;
+}
 .box .search {
 	clear: both;
 	overflow: hidden;
 	margin: 0;
 	padding: 0 20px 10px;
+}
 .box .search div.search_path {
 	background: none repeat scroll 0 0 #EEE;
 	border: 1px solid #CCC;
 	color: blue;
 	margin-bottom: 10px;
 	padding: 10px 0;
+}
 .box .search div.search_path div.link {
 	font-weight: 700;
 	margin-left: 25px;
+}
 .box .search div.search_path div.link a {
 	color: #003367;
 	cursor: pointer;
 	text-decoration: none;
+}
 #path_unlock {
 	color: red;
 	font-size: 1.2em;
 	padding-left: 4px;
+}
 .info_box span {
 	margin-left: 3px;
 	margin-right: 3px;
+}
 .info_box .rev {
 	color: #003367;
 	font-size: 1.6em;
 	font-weight: bold;
 	vertical-align: sub;
+}
 .info_box input#at_rev,.info_box input#size {
 	background: #FFF;
 	border-top: 1px solid #b3b3b3;
 	border-left: 1px solid #b3b3b3;
 	border-right: 1px solid #eaeaea;
 	border-bottom: 1px solid #eaeaea;
 	color: #000;
 	font-size: 12px;
 	margin: 0;
 	padding: 1px 5px 1px;
+}
 .info_box input#view {
 	text-align: center;
 	padding: 4px 3px 2px 2px;
+}
 .yui-overlay,.yui-panel-container {
 	visibility: hidden;
 	position: absolute;
 	z-index: 2;
+}
 #tip-box {
 	position: absolute;
 	background-color: #FFF;
 	border: 2px solid #003367;
 	font: 100% sans-serif;
 	width: auto;
 	opacity: 1px;
 	padding: 8px;
 	white-space: pre-wrap;
 	-webkit-border-radius: 8px 8px 8px 8px;
 	-khtml-border-radius: 8px 8px 8px 8px;
 	-moz-border-radius: 8px 8px 8px 8px;
 	border-radius: 8px 8px 8px 8px;
 	box-shadow: 0 2px 2px rgba(0, 0, 0, 0.6);
 	-moz-box-shadow: 0 2px 2px rgba(0, 0, 0, 0.6);
 	-webkit-box-shadow: 0 2px 2px rgba(0, 0, 0, 0.6);
+}
 .hl-tip-box {
     visibility: hidden;
     position: absolute;
     color: #666;
     background-color: #FFF;
     border: 2px solid #003367;
     font: 100% sans-serif;
     width: auto;
     opacity: 1px;
     padding: 8px;
     white-space: pre-wrap;
     -webkit-border-radius: 8px 8px 8px 8px;
     -khtml-border-radius: 8px 8px 8px 8px;
     -moz-border-radius: 8px 8px 8px 8px;
     border-radius: 8px 8px 8px 8px;
     box-shadow: 0 2px 2px rgba(0, 0, 0, 0.6);
+}
 .mentions-container{
 	width: 90% !important;
+}
 .mentions-container .yui-ac-content{
 	width: 100% !important;
+}
 .ac {
 	vertical-align: top;
+}
 .ac .yui-ac {
 	position: inherit;
 	font-size: 100%;
+}
 .ac .perm_ac {
 	width: 20em;
+}
 .ac .yui-ac-input {
 	width: 100%;
+}
 .ac .yui-ac-container {
 	position: absolute;
 	top: 1.6em;
 	width: auto;
+}
 .ac .yui-ac-content {
 	position: absolute;
 	border: 1px solid gray;
 	background: #fff;
 	z-index: 9050;
+}
 .ac .yui-ac-shadow {
 	position: absolute;
 	width: 100%;
 	background: #000;
 	-moz-opacity: 0.1px;
 	opacity: .10;
 	filter: alpha(opacity = 10);
 	z-index: 9049;
 	margin: .3em;
+}
 .ac .yui-ac-content ul {
 	width: 100%;
 	margin: 0;
 	padding: 0;
 	z-index: 9050;
+}
 .ac .yui-ac-content li {
 	cursor: default;
 	white-space: nowrap;
 	margin: 0;
 	padding: 2px 5px;
 	height: 18px;
 	z-index: 9050;
 	display: block;
 	width: auto !important;
+}
 .ac .yui-ac-content li .ac-container-wrap{
     width: auto;
+}
 .ac .yui-ac-content li.yui-ac-prehighlight {
 	background: #B3D4FF;
 	z-index: 9050;
+}
 .ac .yui-ac-content li.yui-ac-highlight {
 	background: #556CB5;
 	color: #FFF;
 	z-index: 9050;
+}
 .ac .yui-ac-bd{
 	z-index: 9050;
+}
 .follow {
 	background: url("../images/icons/heart_add.png") no-repeat scroll 3px;
 	height: 16px;
 	width: 20px;
 	cursor: pointer;
 	display: block;
 	float: right;
 	margin-top: 2px;
+}
 .following {
 	background: url("../images/icons/heart_delete.png") no-repeat scroll 3px;
 	height: 16px;
 	width: 20px;
 	cursor: pointer;
 	display: block;
 	float: right;
 	margin-top: 2px;
+}
 .locking_locked{
     background: #FFF url("../images/icons/block_16.png") no-repeat scroll 3px;
     height: 16px;
     width: 20px;
     cursor: pointer;
     display: block;
     float: right;
     margin-top: 2px;
+}
 .locking_unlocked{
     background: #FFF url("../images/icons/accept.png") no-repeat scroll 3px;
     height: 16px;
     width: 20px;
     cursor: pointer;
     display: block;
     float: right;
     margin-top: 2px;
+}
 .currently_following {
 	padding-left: 10px;
 	padding-bottom: 5px;
+}
 .add_icon {
 	background: url("../images/icons/add.png") no-repeat scroll 3px;
 	padding-left: 20px;
 	padding-top: 0px;
 	text-align: left;
+}
 .accept_icon {
     background: url("../images/icons/accept.png") no-repeat scroll 3px;
     padding-left: 20px;
     padding-top: 0px;
     text-align: left;
+}
 .edit_icon {
 	background: url("../images/icons/folder_edit.png") no-repeat scroll 3px;
 	padding-left: 20px;
 	padding-top: 0px;
 	text-align: left;
+}
 .delete_icon {
 	background: url("../images/icons/delete.png") no-repeat scroll 3px;
 	padding-left: 20px;
 	padding-top: 0px;
 	text-align: left;
+}
 .refresh_icon {
 	background: url("../images/icons/arrow_refresh.png") no-repeat scroll
 px;
 	padding-left: 20px;
 	padding-top: 0px;
 	text-align: left;
+}
 .pull_icon {
 	background: url("../images/icons/connect.png") no-repeat scroll 3px;
 	padding-left: 20px;
 	padding-top: 0px;
 	text-align: left;
+}
 .rss_icon {
 	background: url("../images/icons/rss_16.png") no-repeat scroll 3px;
 	padding-left: 20px;
 	padding-top: 4px;
 	text-align: left;
 	font-size: 8px
+}
 .atom_icon {
 	background: url("../images/icons/atom.png") no-repeat scroll 3px;
 	padding-left: 20px;
 	padding-top: 4px;
 	text-align: left;
 	font-size: 8px
+}
 .archive_icon {
 	background: url("../images/icons/compress.png") no-repeat scroll 3px;
 	padding-left: 20px;
 	text-align: left;
 	padding-top: 1px;
+}
 .start_following_icon {
 	background: url("../images/icons/heart_add.png") no-repeat scroll 3px;
 	padding-left: 20px;
 	text-align: left;
 	padding-top: 0px;
+}
 .stop_following_icon {
 	background: url("../images/icons/heart_delete.png") no-repeat scroll 3px;
 	padding-left: 20px;
 	text-align: left;
 	padding-top: 0px;
+}
 .action_button {
 	border: 0;
 	display: inline;
+}
 .action_button:hover {
 	border: 0;
 	text-decoration: underline;
 	cursor: pointer;
+}
 #switch_repos {
 	position: absolute;
 	height: 25px;
 	z-index: 1;
+}
 #switch_repos select {
 	min-width: 150px;
 	max-height: 250px;
 	z-index: 1;
+}
 .breadcrumbs {
 	border: medium none;
 	color: #FFF;
 	float: left;
 	text-transform: uppercase;
 	font-weight: 700;
 	font-size: 14px;
 	margin: 0;
 	padding: 11px 0 11px 10px;
+}
 .breadcrumbs .hash {
 	text-transform: none;
 	color: #fff;
+}
 .breadcrumbs a {
 	color: #FFF;
+}
 .flash_msg {
+}
 .flash_msg ul {
+}
 .error_red {
 	color:red;
+}
 .error_msg {
 	background-color: #c43c35;
 	background-repeat: repeat-x;
 	background-image: -khtml-gradient(linear, left top, left bottom, from(#ee5f5b), to(#c43c35) );
 	background-image: -moz-linear-gradient(top, #ee5f5b, #c43c35);
 	background-image: -ms-linear-gradient(top, #ee5f5b, #c43c35);
 	background-image: -webkit-gradient(linear, left top, left bottom, color-stop(0%, #ee5f5b), color-stop(100%, #c43c35) );
 	background-image: -webkit-linear-gradient(top, #ee5f5b, #c43c35);
 	background-image: -o-linear-gradient(top, #ee5f5b, #c43c35);
 	background-image: linear-gradient(top, #ee5f5b, #c43c35);
 	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ee5f5b',endColorstr='#c43c35', GradientType=0 );
 	border-color: #c43c35 #c43c35 #882a25;
+}
 .warning_msg {
 	color: #404040 !important;
 	background-color: #eedc94;
 	background-repeat: repeat-x;
 	background-image: -khtml-gradient(linear, left top, left bottom, from(#fceec1), to(#eedc94) );
 	background-image: -moz-linear-gradient(top, #fceec1, #eedc94);
 	background-image: -ms-linear-gradient(top, #fceec1, #eedc94);
 	background-image: -webkit-gradient(linear, left top, left bottom, color-stop(0%, #fceec1), color-stop(100%, #eedc94) );
 	background-image: -webkit-linear-gradient(top, #fceec1, #eedc94);
 	background-image: -o-linear-gradient(top, #fceec1, #eedc94);
 	background-image: linear-gradient(top, #fceec1, #eedc94);
 	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fceec1', endColorstr='#eedc94', GradientType=0 );
 	border-color: #eedc94 #eedc94 #e4c652;
+}
 .success_msg {
 	background-color: #57a957;
 	background-repeat: repeat-x !important;
 	background-image: -khtml-gradient(linear, left top, left bottom, from(#62c462), to(#57a957) );
 	background-image: -moz-linear-gradient(top, #62c462, #57a957);
 	background-image: -ms-linear-gradient(top, #62c462, #57a957);
 	background-image: -webkit-gradient(linear, left top, left bottom, color-stop(0%, #62c462), color-stop(100%, #57a957) );
 	background-image: -webkit-linear-gradient(top, #62c462, #57a957);
 	background-image: -o-linear-gradient(top, #62c462, #57a957);
 	background-image: linear-gradient(top, #62c462, #57a957);
 	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#62c462', endColorstr='#57a957', GradientType=0 );
 	border-color: #57a957 #57a957 #3d773d;
+}
 .notice_msg {
 	background-color: #339bb9;
 	background-repeat: repeat-x;
 	background-image: -khtml-gradient(linear, left top, left bottom, from(#5bc0de), to(#339bb9) );
 	background-image: -moz-linear-gradient(top, #5bc0de, #339bb9);
 	background-image: -ms-linear-gradient(top, #5bc0de, #339bb9);
 	background-image: -webkit-gradient(linear, left top, left bottom, color-stop(0%, #5bc0de), color-stop(100%, #339bb9) );
 	background-image: -webkit-linear-gradient(top, #5bc0de, #339bb9);
 	background-image: -o-linear-gradient(top, #5bc0de, #339bb9);
 	background-image: linear-gradient(top, #5bc0de, #339bb9);
 	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#5bc0de', endColorstr='#339bb9', GradientType=0 );
 	border-color: #339bb9 #339bb9 #22697d;
+}
 .success_msg,.error_msg,.notice_msg,.warning_msg {
 	font-size: 12px;
 	font-weight: 700;
 	min-height: 14px;
 	line-height: 14px;
 	margin-bottom: 10px;
 	margin-top: 0;
 	display: block;
 	overflow: auto;
 	padding: 6px 10px 6px 10px;
 	border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);
 	position: relative;
 	color: #FFF;
 	border-width: 1px;
 	border-style: solid;
 	-webkit-border-radius: 4px;
 	-moz-border-radius: 4px;
 	border-radius: 4px;
 	-webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.25);
 	-moz-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.25);
 	box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.25);
+}
 #msg_close {
 	background: transparent url("../icons/cross_grey_small.png") no-repeat scroll 0 0;
 	cursor: pointer;
 	height: 16px;
 	position: absolute;
 	right: 5px;
 	top: 5px;
 	width: 16px;
+}
 div#legend_data{
 	padding-left:10px;
+}
 div#legend_container table{
 	border: none !important;
+}
 div#legend_container table,div#legend_choices table {
 	width: auto !important;
+}
 table#permissions_manage {
 	width: 0 !important;
+}
 table#permissions_manage span.private_repo_msg {
 	font-size: 0.8em;
 	opacity: 0.6px;
+}
 table#permissions_manage td.private_repo_msg {
 	font-size: 0.8em;
+}
 table#permissions_manage tr#add_perm_input td {
 	vertical-align: middle;
+}
 div.gravatar {
 	background-color: #FFF;
 	float: left;
 	margin-right: 0.7em;
 	padding: 1px 1px 1px 1px;
     line-height:0;
 	-webkit-border-radius: 3px;
 	-khtml-border-radius: 3px;
 	-moz-border-radius: 3px;
 	border-radius: 3px;
+}
 div.gravatar img {
 	-webkit-border-radius: 2px;
 	-khtml-border-radius: 2px;
 	-moz-border-radius: 2px;
 	border-radius: 2px;
+}
 #header,#content,#footer {
 	min-width: 978px;
+}
 #content {
 	clear: both;
 	overflow: hidden;
 	padding: 54px 10px 14px 10px;
+}
 #content div.box div.title div.search {
 	border-left: 1px solid #316293;
+}
 #content div.box div.title div.search div.input input {
 	border: 1px solid #316293;
+}
 .ui-btn{
     color: #515151;
     background-color: #DADADA;
     background-repeat: repeat-x;
     background-image: -khtml-gradient(linear, left top, left bottom, from(#F4F4F4),to(#DADADA) );
     background-image: -moz-linear-gradient(top, #F4F4F4, #DADADA);
     background-image: -ms-linear-gradient(top, #F4F4F4, #DADADA);
     background-image: -webkit-gradient(linear, left top, left bottom, color-stop(0%, #F4F4F4),color-stop(100%, #DADADA) );
     background-image: -webkit-linear-gradient(top, #F4F4F4, #DADADA) );
     background-image: -o-linear-gradient(top, #F4F4F4, #DADADA) );
     background-image: linear-gradient(top, #F4F4F4, #DADADA);
     filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#F4F4F4', endColorstr='#DADADA', GradientType=0);
     border-top: 1px solid #DDD;
     border-left: 1px solid #c6c6c6;
     border-right: 1px solid #DDD;
     border-bottom: 1px solid #c6c6c6;
     color: #515151;
     outline: none;
     margin: 0px 3px 3px 0px;
     -webkit-border-radius: 4px 4px 4px 4px !important;
     -khtml-border-radius: 4px 4px 4px 4px !important;
     -moz-border-radius: 4px 4px 4px 4px !important;
     border-radius: 4px 4px 4px 4px !important;
     cursor: pointer !important;
 	padding: 3px 3px 3px 3px;
 	background-position: 0 -15px;
+}
 .ui-btn.xsmall{
     padding: 1px 2px 1px 1px;
+}
 .ui-btn.large{
 	padding: 6px 12px;
+}
 .ui-btn.clone{
 	padding: 5px 2px 6px 1px;
 	margin: 0px -4px 3px 0px;
     -webkit-border-radius: 4px 0px 0px 4px !important;
     -khtml-border-radius: 4px 0px 0px 4px !important;
     -moz-border-radius: 4px 0px 0px 4px !important;
     border-radius: 4px 0px 0px 4px !important;
     width: 100px;
     text-align: center;
     float: left;
     position: absolute;
+}
 .ui-btn:focus {
   outline: none;
+}
 .ui-btn:hover{
     background-position: 0 0px;
     text-decoration: none;
     color: #515151;
     box-shadow: 0 1px 2px rgba(0, 0, 0, 0.25), 0 0 3px #FFFFFF !important;
+}
 .ui-btn.red{
   color:#fff;
   background-color: #c43c35;
   background-repeat: repeat-x;
   background-image: -khtml-gradient(linear, left top, left bottom, from(#ee5f5b), to(#c43c35));
   background-image: -moz-linear-gradient(top, #ee5f5b, #c43c35);
   background-image: -ms-linear-gradient(top, #ee5f5b, #c43c35);
   background-image: -webkit-gradient(linear, left top, left bottom, color-stop(0%, #ee5f5b), color-stop(100%, #c43c35));
   background-image: -webkit-linear-gradient(top, #ee5f5b, #c43c35);
   background-image: -o-linear-gradient(top, #ee5f5b, #c43c35);
   background-image: linear-gradient(top, #ee5f5b, #c43c35);
   filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ee5f5b', endColorstr='#c43c35', GradientType=0);
   border-color: #c43c35 #c43c35 #882a25;
   border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);
+}
 .ui-btn.blue{
   color:#fff;
   background-color: #339bb9;
   background-repeat: repeat-x;
   background-image: -khtml-gradient(linear, left top, left bottom, from(#5bc0de), to(#339bb9));
   background-image: -moz-linear-gradient(top, #5bc0de, #339bb9);
   background-image: -ms-linear-gradient(top, #5bc0de, #339bb9);
   background-image: -webkit-gradient(linear, left top, left bottom, color-stop(0%, #5bc0de), color-stop(100%, #339bb9));
   background-image: -webkit-linear-gradient(top, #5bc0de, #339bb9);
   background-image: -o-linear-gradient(top, #5bc0de, #339bb9);
   background-image: linear-gradient(top, #5bc0de, #339bb9);
   filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#5bc0de', endColorstr='#339bb9', GradientType=0);
   border-color: #339bb9 #339bb9 #22697d;
   border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);
+}
 .ui-btn.green{
   background-color: #57a957;
   background-repeat: repeat-x;
   background-image: -khtml-gradient(linear, left top, left bottom, from(#62c462), to(#57a957));
   background-image: -moz-linear-gradient(top, #62c462, #57a957);
   background-image: -ms-linear-gradient(top, #62c462, #57a957);
   background-image: -webkit-gradient(linear, left top, left bottom, color-stop(0%, #62c462), color-stop(100%, #57a957));
   background-image: -webkit-linear-gradient(top, #62c462, #57a957);
   background-image: -o-linear-gradient(top, #62c462, #57a957);
   background-image: linear-gradient(top, #62c462, #57a957);
   filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#62c462', endColorstr='#57a957', GradientType=0);
   border-color: #57a957 #57a957 #3d773d;
   border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25);
+}
 .ui-btn.blue.hidden{
 	display: none;
+}
 .ui-btn.active{
     font-weight: bold;
+}
 ins,div.options a:hover {
 	text-decoration: none;
+}
 img,
 #header #header-inner #quick li a:hover span.normal,
 #header #header-inner #quick li ul li.last,
 #content div.box div.form div.fields div.field div.textarea table td table td a,
 #clone_url,
 #clone_url_id
+{
 	border: none;
+}
 img.icon,.right .merge img {
 	vertical-align: bottom;
+}
 #header ul#logged-user,#content div.box div.title ul.links,
 #content div.box div.message div.dismiss,
 #content div.box div.traffic div.legend ul
+	{
 	float: right;
 	margin: 0;
 	padding: 0;
+}
 #header #header-inner #home,#header #header-inner #logo,
 #content div.box ul.left,#content div.box ol.left,
 #content div.box div.pagination-left,div#commit_history,
 div#legend_data,div#legend_container,div#legend_choices
+	{
 	float: left;
+}
 #header #header-inner #quick li:hover ul ul,
 #header #header-inner #quick li:hover ul ul ul,
 #header #header-inner #quick li:hover ul ul ul ul,
 #content #left #menu ul.closed,#content #left #menu li ul.collapsed,.yui-tt-shadow
+	{
 	display: none;
+}
 #header #header-inner #quick li:hover ul,#header #header-inner #quick li li:hover ul,#header #header-inner #quick li li li:hover ul,#header #header-inner #quick li li li li:hover ul,#content #left #menu ul.opened,#content #left #menu li ul.expanded
+	{
 	display: block;
+}
 #content div.graph {
 	padding: 0 10px 10px;
+}
 #content div.box div.title ul.links li a:hover,#content div.box div.title ul.links li.ui-tabs-selected a
+	{
 	color: #bfe3ff;
+}
 #content div.box ol.lower-roman,#content div.box ol.upper-roman,#content div.box ol.lower-alpha,#content div.box ol.upper-alpha,#content div.box ol.decimal
+	{
 	margin: 10px 24px 10px 44px;
+}
 #content div.box div.form,#content div.box div.table,#content div.box div.traffic
+	{
 	clear: both;
 	overflow: hidden;
 	margin: 0;
 	padding: 0 20px 10px;
+}
 #content div.box div.form div.fields,#login div.form,#login div.form div.fields,#register div.form,#register div.form div.fields
+	{
 	clear: both;
 	overflow: hidden;
 	margin: 0;
 	padding: 0;
+}
 #content div.box div.form div.fields div.field div.label span,#login div.form div.fields div.field div.label span,#register div.form div.fields div.field div.label span
+	{
 	height: 1%;
 	display: block;
 	color: #363636;
 	margin: 0;
 	padding: 2px 0 0;
+}
 #content div.box div.form div.fields div.field div.input input.error,#login div.form div.fields div.field div.input input.error,#register div.form div.fields div.field div.input input.error
+	{
 	background: #FBE3E4;
 	border-top: 1px solid #e1b2b3;
 	border-left: 1px solid #e1b2b3;
 	border-right: 1px solid #FBC2C4;
 	border-bottom: 1px solid #FBC2C4;
+}
 #content div.box div.form div.fields div.field div.input input.success,#login div.form div.fields div.field div.input input.success,#register div.form div.fields div.field div.input input.success
+	{
 	background: #E6EFC2;
 	border-top: 1px solid #cebb98;
 	border-left: 1px solid #cebb98;
 	border-right: 1px solid #c6d880;
 	border-bottom: 1px solid #c6d880;
+}
 #content div.box-left div.form div.fields div.field div.textarea,#content div.box-right div.form div.fields div.field div.textarea,#content div.box div.form div.fields div.field div.select select,#content div.box table th.selected input,#content div.box table td.selected input
+	{
 	margin: 0;
+}
 #content div.box-left div.form div.fields div.field div.select,#content div.box-left div.form div.fields div.field div.checkboxes,#content div.box-left div.form div.fields div.field div.radios,#content div.box-right div.form div.fields div.field div.select,#content div.box-right div.form div.fields div.field div.checkboxes,#content div.box-right div.form div.fields div.field div.radios
+	{
 	margin: 0 0 0 0px !important;
 	padding: 0;
+}
 #content div.box div.form div.fields div.field div.select,#content div.box div.form div.fields div.field div.checkboxes,#content div.box div.form div.fields div.field div.radios
+	{
 	margin: 0 0 0 200px;
 	padding: 0;
+}
 #content div.box div.form div.fields div.field div.select a:hover,#content div.box div.form div.fields div.field div.select a.ui-selectmenu:hover,#content div.box div.action a:hover
+	{
 	color: #000;
 	text-decoration: none;
+}
 #content div.box div.form div.fields div.field div.select a.ui-selectmenu-focus,#content div.box div.action a.ui-selectmenu-focus
+	{
 	border: 1px solid #666;
+}
 #content div.box div.form div.fields div.field div.checkboxes div.checkbox,#content div.box div.form div.fields div.field div.radios div.radio
+	{
 	clear: both;
 	overflow: hidden;
 	margin: 0;
 	padding: 8px 0 2px;
+}
 #content div.box div.form div.fields div.field div.checkboxes div.checkbox input,#content div.box div.form div.fields div.field div.radios div.radio input
+	{
 	float: left;
 	margin: 0;
+}
 #content div.box div.form div.fields div.field div.checkboxes div.checkbox label,#content div.box div.form div.fields div.field div.radios div.radio label
+	{
 	height: 1%;
 	display: block;
 	float: left;
 	margin: 2px 0 0 4px;
+}
 div.form div.fields div.field div.button input,
 #content div.box div.form div.fields div.buttons input
 div.form div.fields div.buttons input,
 #content div.box div.action div.button input {
 	/*color: #000;*/
     font-size: 11px;
     font-weight: 700;
     margin: 0;
+}
 input.ui-button {
 	background: #e5e3e3 url("../images/button.png") repeat-x;
 	border-top: 1px solid #DDD;
 	border-left: 1px solid #c6c6c6;
 	border-right: 1px solid #DDD;
 	border-bottom: 1px solid #c6c6c6;
 	color: #515151 !important;
 	outline: none;
 	margin: 0;
 	padding: 6px 12px;
 	-webkit-border-radius: 4px 4px 4px 4px;
 	-khtml-border-radius: 4px 4px 4px 4px;
 	-moz-border-radius: 4px 4px 4px 4px;
 	border-radius: 4px 4px 4px 4px;
 	box-shadow: 0 1px 0 #ececec;
 	cursor: pointer;
+}
 input.ui-button:hover {
 	background: #b4b4b4 url("../images/button_selected.png") repeat-x;
 	border-top: 1px solid #ccc;
 	border-left: 1px solid #bebebe;
 	border-right: 1px solid #b1b1b1;
 	border-bottom: 1px solid #afafaf;
+}
 div.form div.fields div.field div.highlight,#content div.box div.form div.fields div.buttons div.highlight
+	{
 	display: inline;
+}
 #content div.box div.form div.fields div.buttons,div.form div.fields div.buttons
+	{
 	margin: 10px 0 0 200px;
 	padding: 0;
+}
 #content div.box-left div.form div.fields div.buttons,#content div.box-right div.form div.fields div.buttons,div.box-left div.form div.fields div.buttons,div.box-right div.form div.fields div.buttons
+	{
 	margin: 10px 0 0;
+}
 #content div.box table td.user,#content div.box table td.address {
 	width: 10%;
 	text-align: center;
+}
 #content div.box div.action div.button,#login div.form div.fields div.field div.input div.link,#register div.form div.fields div.field div.input div.link
+	{
 	text-align: right;
 	margin: 6px 0 0;
 	padding: 0;
+}
 #content div.box div.action div.button input.ui-state-hover,#login div.form div.fields div.buttons input.ui-state-hover,#register div.form div.fields div.buttons input.ui-state-hover
+	{
 	background: #b4b4b4 url("../images/button_selected.png") repeat-x;
 	border-top: 1px solid #ccc;
 	border-left: 1px solid #bebebe;
 	border-right: 1px solid #b1b1b1;
 	border-bottom: 1px solid #afafaf;
 	color: #515151;
 	margin: 0;
 	padding: 6px 12px;
+}
 #content div.box div.pagination div.results,#content div.box div.pagination-wh div.results
+	{
 	text-align: left;
 	float: left;
 	margin: 0;
 	padding: 0;
+}
 #content div.box div.pagination div.results span,#content div.box div.pagination-wh div.results span
+	{
 	height: 1%;
 	display: block;
 	float: left;
 	background: #ebebeb url("../images/pager.png") repeat-x;
 	border-top: 1px solid #dedede;
 	border-left: 1px solid #cfcfcf;
 	border-right: 1px solid #c4c4c4;
 	border-bottom: 1px solid #c4c4c4;
 	color: #4A4A4A;
 	font-weight: 700;
 	margin: 0;
 	padding: 6px 8px;
+}
 #content div.box div.pagination ul.pager li.disabled,#content div.box div.pagination-wh a.disabled
+	{
 	color: #B4B4B4;
 	padding: 6px;
+}
 #login,#register {
 	width: 520px;
 	margin: 10% auto 0;
 	padding: 0;
+}
 #login div.color,#register div.color {
 	clear: both;
 	overflow: hidden;
 	background: #FFF;
 	margin: 10px auto 0;
 	padding: 3px 3px 3px 0;
+}
 #login div.color a,#register div.color a {
 	width: 20px;
 	height: 20px;
 	display: block;
 	float: left;
 	margin: 0 0 0 3px;
 	padding: 0;
+}
 #login div.title h5,#register div.title h5 {
 	color: #fff;
 	margin: 10px;
 	padding: 0;
+}
 #login div.form div.fields div.field,#register div.form div.fields div.field
+	{
 	clear: both;
 	overflow: hidden;
 	margin: 0;
 	padding: 0 0 10px;
+}
 #login div.form div.fields div.field span.error-message,#register div.form div.fields div.field span.error-message
+	{
 	height: 1%;
 	display: block;
 	color: red;
 	margin: 8px 0 0;
 	padding: 0;
 	max-width: 320px;
+}
 #login div.form div.fields div.field div.label label,#register div.form div.fields div.field div.label label
+	{
 	color: #000;
 	font-weight: 700;
+}
 #login div.form div.fields div.field div.input,#register div.form div.fields div.field div.input
+	{
 	float: left;
 	margin: 0;
 	padding: 0;
+}
 #login div.form div.fields div.field div.checkbox,#register div.form div.fields div.field div.checkbox
+	{
 	margin: 0 0 0 184px;
 	padding: 0;
+}
 #login div.form div.fields div.field div.checkbox label,#register div.form div.fields div.field div.checkbox label
+	{
 	color: #565656;
 	font-weight: 700;
+}
 #login div.form div.fields div.buttons input,#register div.form div.fields div.buttons input
+	{
 	color: #000;
 	font-size: 1em;
 	font-weight: 700;
 	margin: 0;
+}
 #changeset_content .container .wrapper,#graph_content .container .wrapper
+	{
 	width: 600px;
+}
 #changeset_content .container .left {
 	float: left;
 	width: 75%;
 	padding-left: 5px;
+}
 #changeset_content .container .left .date,.ac .match {
 	font-weight: 700;
 	padding-top: 5px;
 	padding-bottom: 5px;
+}
 div#legend_container table td,div#legend_choices table td {
 	border: none !important;
 	height: 20px !important;
 	padding: 0 !important;
+}
 .q_filter_box {
 	-webkit-box-shadow: rgba(0,0,0,0.07) 0 1px 2px inset;
 	-webkit-border-radius: 4px;
 	-moz-border-radius: 4px;
 	border-radius: 4px;
     border: 0 none;
     color: #AAAAAA;
     margin-bottom: -4px;
     margin-top: -4px;
     padding-left: 3px;
+}
 #node_filter {
 	border: 0px solid #545454;
 	color: #AAAAAA;
 	padding-left: 3px;
+}
 .group_members_wrap{
 	min-height: 85px;
 	padding-left: 20px;
+}
 .group_members .group_member{
 	height: 30px;
 	padding:0px 0px 0px 0px;
+}
 .reviewers_member{
     height: 15px;
     padding:0px 0px 0px 10px;
+}
 .emails_wrap{
 	padding: 0px 20px;
+}
 .emails_wrap .email_entry{
     height: 30px;
     padding:0px 0px 0px 10px;
+}
 .emails_wrap .email_entry .email{
 	float: left
+}
 .emails_wrap .email_entry .email_action{
 	float: left
+}
 .ips_wrap{
     padding: 0px 20px;
+}
 .ips_wrap .ip_entry{
     height: 30px;
     padding:0px 0px 0px 10px;
+}
 .ips_wrap .ip_entry .ip{
     float: left
+}
 .ips_wrap .ip_entry .ip_action{
     float: left
+}
 /*README STYLE*/
 div.readme {
 	padding:0px;
+}
 div.readme h2 {
     font-weight: normal;
+}
 div.readme .readme_box {
     background-color: #fafafa;
+}
 div.readme .readme_box {
 clear:both;
 overflow:hidden;
 margin:0;
 padding:0 20px 10px;
+}
 div.readme .readme_box h1, div.readme .readme_box h2, div.readme .readme_box h3, div.readme .readme_box h4, div.readme .readme_box h5, div.readme .readme_box h6 {
 border-bottom: 0 !important;
 margin: 0 !important;
 padding: 0 !important;
 line-height: 1.5em !important;
+}
 div.readme .readme_box h1:first-child {
 padding-top: .25em !important;
+}
 div.readme .readme_box h2, div.readme .readme_box h3 {
 margin: 1em 0 !important;
+}
 div.readme .readme_box h2 {
 margin-top: 1.5em !important;
 border-top: 4px solid #e0e0e0 !important;
 padding-top: .5em !important;
+}
 div.readme .readme_box p {
 color: black !important;
 margin: 1em 0 !important;
 line-height: 1.5em !important;
+}
 div.readme .readme_box ul {
 list-style: disc !important;
 margin: 1em 0 1em 2em !important;
+}
 div.readme .readme_box ol {
 list-style: decimal;
 margin: 1em 0 1em 2em !important;
+}
 div.readme .readme_box pre, code {
 font: 12px "Bitstream Vera Sans Mono","Courier",monospace;
+}
 div.readme .readme_box code {
     font-size: 12px !important;
     background-color: ghostWhite !important;
     color: #444 !important;
     padding: 0 .2em !important;
     border: 1px solid #dedede !important;
+}
 div.readme .readme_box pre code {
 	padding: 0 !important;
 	font-size: 12px !important;
 	background-color: #eee !important;
 	border: none !important;
+}
 div.readme .readme_box pre {
 	margin: 1em 0;
 	font-size: 12px;
 	background-color: #eee;
 	border: 1px solid #ddd;
 	padding: 5px;
 	color: #444;
 	overflow: auto;
 	-webkit-box-shadow: rgba(0,0,0,0.07) 0 1px 2px inset;
 	-webkit-border-radius: 3px;
 	-moz-border-radius: 3px;
 	border-radius: 3px;
+}
 div.readme .readme_box table {
     display: table;
 	border-collapse: separate;
 	border-spacing: 2px;
 	border-color: gray;
 	width: auto !important;
+}
 /** RST STYLE **/
 div.rst-block {
     padding:0px;
+}
 div.rst-block h2 {
     font-weight: normal;
+}
 div.rst-block  {
     background-color: #fafafa;
+}
 div.rst-block  {
 clear:both;
 overflow:hidden;
 margin:0;
 padding:0 20px 10px;
+}
 div.rst-block  h1, div.rst-block  h2, div.rst-block  h3, div.rst-block  h4, div.rst-block  h5, div.rst-block  h6 {
 border-bottom: 0 !important;
 margin: 0 !important;
 padding: 0 !important;
 line-height: 1.5em !important;
+}
 div.rst-block  h1:first-child {
 padding-top: .25em !important;
+}
 div.rst-block  h2, div.rst-block  h3 {
 margin: 1em 0 !important;
+}
 div.rst-block  h2 {
 margin-top: 1.5em !important;
 border-top: 4px solid #e0e0e0 !important;
 padding-top: .5em !important;
+}
 div.rst-block  p {
 color: black !important;
 margin: 1em 0 !important;
 line-height: 1.5em !important;
+}
 div.rst-block  ul {
 list-style: disc !important;
 margin: 1em 0 1em 2em !important;
+}
 div.rst-block  ol {
 list-style: decimal;
 margin: 1em 0 1em 2em !important;
+}
 div.rst-block  pre, code {
 font: 12px "Bitstream Vera Sans Mono","Courier",monospace;
+}
 div.rst-block  code {
     font-size: 12px !important;
     background-color: ghostWhite !important;
     color: #444 !important;
     padding: 0 .2em !important;
     border: 1px solid #dedede !important;
+}
 div.rst-block  pre code {
     padding: 0 !important;
     font-size: 12px !important;
     background-color: #eee !important;
     border: none !important;
+}
 div.rst-block  pre {
     margin: 1em 0;
     font-size: 12px;
     background-color: #eee;
     border: 1px solid #ddd;
     padding: 5px;
     color: #444;
     overflow: auto;
     -webkit-box-shadow: rgba(0,0,0,0.07) 0 1px 2px inset;
     -webkit-border-radius: 3px;
     -moz-border-radius: 3px;
     border-radius: 3px;
+}
 /** comment main **/
 .comments {
     padding:10px 20px;
+}
 .comments .comment {
     border: 1px solid #ddd;
     margin-top: 10px;
     -webkit-border-radius: 4px;
     -moz-border-radius: 4px;
     border-radius: 4px;
+}
 .comments .comment .meta {
     background: #f8f8f8;
     padding: 4px;
     border-bottom: 1px solid #ddd;
     height: 18px;
+}
 .comments .comment .meta img {
     vertical-align: middle;
+}
 .comments .comment .meta .user {
     font-weight: bold;
     float: left;
     padding: 4px 2px 2px 2px;
+}
 .comments .comment .meta .date {
 	float: left;
 	padding:4px 4px 0px 4px;
+}
 .comments .comment .text {
     background-color: #FAFAFA;
+}
 .comment .text div.rst-block p {
 	margin: 0.5em 0px !important;
+}
 .comments .comments-number{
 	padding:0px 0px 10px 0px;
 	font-weight: bold;
 	color: #666;
 	font-size: 16px;
+}
 /** comment form **/
 .status-block{
     height:80px;
     clear:both
+}
 .comment-form .clearfix{
 	background: #EEE;
     -webkit-border-radius: 4px;
     -moz-border-radius: 4px;
     border-radius: 4px;
     padding: 10px;
+}
 div.comment-form {
     margin-top: 20px;
+}
 .comment-form strong {
     display: block;
     margin-bottom: 15px;
+}
 .comment-form textarea {
     width: 100%;
     height: 100px;
     font-family: 'Monaco', 'Courier', 'Courier New', monospace;
+}
 form.comment-form {
     margin-top: 10px;
     margin-left: 10px;
+}
 .comment-form-submit {
     margin-top: 5px;
     margin-left: 525px;
+}
 .file-comments {
     display: none;
+}
 .comment-form .comment {
     margin-left: 10px;
+}
 .comment-form .comment-help{
     padding: 0px 0px 5px 0px;
     color: #666;
+}
 .comment-form .comment-button{
 	padding-top:5px;
+}
 .add-another-button {
     margin-left: 10px;
     margin-top: 10px;
     margin-bottom: 10px;
+}
 .comment .buttons {
 	float: right;
 	padding:2px 2px 0px 0px;
+}
 .show-inline-comments{
 	position: relative;
 	top:1px
+}
 /** comment inline form **/
 .comment-inline-form .overlay{
 	display: none;
+}
 .comment-inline-form .overlay.submitting{
 	display:block;
     background: none repeat scroll 0 0 white;
     font-size: 16px;
     opacity: 0.5;
     position: absolute;
     text-align: center;
     vertical-align: top;
+}
 .comment-inline-form .overlay.submitting .overlay-text{
 	width:100%;
 	margin-top:5%;
+}
 .comment-inline-form .clearfix{
     background: #EEE;
     -webkit-border-radius: 4px;
     -moz-border-radius: 4px;
     border-radius: 4px;
     padding: 5px;
+}
 div.comment-inline-form {
     padding:4px 0px 6px 0px;
+}
 tr.hl-comment{
 /*
 	background-color: #FFFFCC !important;
 */
+}
 /*
 tr.hl-comment pre {
 	border-top: 2px solid #FFEE33;
 	border-left: 2px solid #FFEE33;
 	border-right: 2px solid #FFEE33;
+}
 */
 .comment-inline-form strong {
     display: block;
     margin-bottom: 15px;
+}
 .comment-inline-form textarea {
     width: 100%;
     height: 100px;
     font-family: 'Monaco', 'Courier', 'Courier New', monospace;
+}
 form.comment-inline-form {
     margin-top: 10px;
     margin-left: 10px;
+}
 .comment-inline-form-submit {
     margin-top: 5px;
     margin-left: 525px;
+}
 .file-comments {
     display: none;
+}
 .comment-inline-form .comment {
     margin-left: 10px;
+}
 .comment-inline-form .comment-help{
     padding: 0px 0px 2px 0px;
     color: #666666;
     font-size: 10px;
+}
 .comment-inline-form .comment-button{
     padding-top:5px;
+}
 /** comment inline **/
 .inline-comments {
     padding:10px 20px;
+}
 .inline-comments div.rst-block  {
 	clear:both;
 	overflow:hidden;
 	margin:0;
 	padding:0 20px 0px;
+}
 .inline-comments .comment {
     border: 1px solid #ddd;
     -webkit-border-radius: 4px;
     -moz-border-radius: 4px;
     border-radius: 4px;
     margin: 3px 3px 5px 5px;
     background-color: #FAFAFA;
+}
 .inline-comments .add-comment {
 	padding: 2px 4px 8px 5px;
+}
 .inline-comments .comment-wrapp{
 	padding:1px;
+}
 .inline-comments .comment .meta {
     background: #f8f8f8;
     padding: 4px;
     border-bottom: 1px solid #ddd;
     height: 20px;
+}
 .inline-comments .comment .meta img {
     vertical-align: middle;
+}
 .inline-comments .comment .meta .user {
     font-weight: bold;
     float:left;
     padding: 3px;
+}
 .inline-comments .comment .meta .date {
     float:left;
     padding: 3px;
+}
 .inline-comments .comment .text {
     background-color: #FAFAFA;
+}
 .inline-comments .comments-number{
     padding:0px 0px 10px 0px;
     font-weight: bold;
     color: #666;
     font-size: 16px;
+}
 .inline-comments-button .add-comment{
 	margin:2px 0px 8px 5px !important
+}
 .notification-paginator{
     padding: 0px 0px 4px 16px;
     float: left;
+}
 .notifications{
     border-radius: 4px 4px 4px 4px;
     -webkit-border-radius: 4px;
     -moz-border-radius: 4px;
     float: right;
     margin: 20px 0px 0px 0px;
     position: absolute;
     text-align: center;
     width: 26px;
     z-index: 1000;
+}
 .notifications a{
 	color:#888 !important;
 	display: block;
 	font-size: 10px;
 	background-color: #DEDEDE !important;
     border-radius: 2px !important;
     -webkit-border-radius: 2px !important;
     -moz-border-radius: 2px !important;
+}
 .notifications a:hover{
 	text-decoration: none !important;
 	background-color: #EEEFFF !important;
+}
 .notification-header{
 	padding-top:6px;
+}
 .notification-header .desc{
 	font-size: 16px;
     height: 24px;
     float: left
+}
 .notification-list .container.unread{
 	background: none repeat scroll 0 0 rgba(255, 255, 180, 0.6);
+}
 .notification-header .gravatar{
     background: none repeat scroll 0 0 transparent;
     padding: 0px 0px 0px 8px;
+}
 .notification-list .container .notification-header .desc{
     font-weight: bold;
     font-size: 17px;
+}
 .notification-table{
 	border: 1px solid #ccc;
     -webkit-border-radius: 6px 6px 6px 6px;
     -moz-border-radius: 6px 6px 6px 6px;
     border-radius: 6px 6px 6px 6px;
     clear: both;
     margin: 0px 20px 0px 20px;
+}
 .notification-header .delete-notifications{
     float: right;
     padding-top: 8px;
     cursor: pointer;
+}
 .notification-header .read-notifications{
     float: right;
     padding-top: 8px;
     cursor: pointer;
+}
 .notification-subject{
     clear:both;
     border-bottom: 1px solid #eee;
     padding:5px 0px 5px 38px;
+}
 .notification-body{
 	clear:both;
 	margin: 34px 2px 2px 8px
+}
 /****
 PULL REQUESTS
 *****/
 .pullrequests_section_head {
    padding:10px 10px 10px 0px;
    font-size:16px;
    font-weight: bold;
+}
 /****
   PERMS
 *****/
 #perms .perms_section_head {
    padding:10px 10px 10px 0px;
    font-size:16px;
    font-weight: bold;
+}
 #perms .perm_tag{
   padding: 1px 3px 1px 3px;
   font-size: 10px;
   font-weight: bold;
   text-transform: uppercase;
   white-space: nowrap;
   -webkit-border-radius: 3px;
   -moz-border-radius: 3px;
   border-radius: 3px;
+}
 #perms .perm_tag.admin{
   background-color: #B94A48;
   color: #ffffff;
+}
 #perms .perm_tag.write{
   background-color: #B94A48;
   color: #ffffff;
+}
 #perms .perm_tag.read{
   background-color: #468847;
   color: #ffffff;
+}
 #perms .perm_tag.none{
   background-color: #bfbfbf;
   color: #ffffff;
+}
 .perm-gravatar{
 	vertical-align:middle;
 	padding:2px;
+}
 .perm-gravatar-ac{
     vertical-align:middle;
     padding:2px;
     width: 14px;
     height: 14px;
+}
 /*****************************************************************************
                                   DIFFS CSS
 ******************************************************************************/
 div.diffblock {
     overflow: auto;
     padding: 0px;
     border: 1px solid #ccc;
     background: #f8f8f8;
     font-size: 100%;
     line-height: 100%;
     /* new */
     line-height: 125%;
     -webkit-border-radius: 6px 6px 0px 0px;
     -moz-border-radius: 6px 6px 0px 0px;
     border-radius: 6px 6px 0px 0px;
+}
 div.diffblock.margined{
     margin: 0px 20px 0px 20px;
+}
 div.diffblock .code-header{
     border-bottom: 1px solid #CCCCCC;
     background: #EEEEEE;
     padding:10px 0 10px 0;
     height: 14px;
+}
 div.diffblock .code-header.banner{
     border-bottom: 1px solid #CCCCCC;
     background: #EEEEEE;
     height: 14px;
     margin: 0px 95px 0px 95px;
     padding: 3px 3px 11px 3px;
+}
 div.diffblock .code-header.cv{
     height: 34px;
+}
 div.diffblock .code-header-title{
 	padding: 0px 0px 10px 5px !important;
 	margin: 0 !important;
+}
 div.diffblock .code-header .hash{
     float: left;
     padding: 2px 0 0 2px;
+}
 div.diffblock .code-header .date{
     float:left;
     text-transform: uppercase;
     padding: 2px 0px 0px 2px;
+}
 div.diffblock .code-header div{
     margin-left:4px;
     font-weight: bold;
     font-size: 14px;
+}
 div.diffblock .parents {
     float: left;
     height: 26px;
     width:100px;
     font-size: 10px;
     font-weight: 400;
     vertical-align: middle;
     padding: 0px 2px 2px 2px;
     background-color:#eeeeee;
     border-bottom: 1px solid #CCCCCC;
+}
 div.diffblock .children {
     float: right;
     height: 26px;
     width:100px;
     font-size: 10px;
     font-weight: 400;
     vertical-align: middle;
     text-align: right;
     padding: 0px 2px 2px 2px;
     background-color:#eeeeee;
     border-bottom: 1px solid #CCCCCC;
+}
 div.diffblock .code-body{
     background: #FFFFFF;
+}
 div.diffblock pre.raw{
     background: #FFFFFF;
     color:#000000;
+}
 table.code-difftable{
     border-collapse: collapse;
     width: 99%;
+}
 table.code-difftable td {
     padding: 0 !important;
     background: none !important;
     border:0 !important;
     vertical-align: none !important;
+}
 table.code-difftable .context{
     background:none repeat scroll 0 0 #DDE7EF;
+}
 table.code-difftable .add{
     background:none repeat scroll 0 0 #DDFFDD;
+}
 table.code-difftable .add ins{
     background:none repeat scroll 0 0 #AAFFAA;
     text-decoration:none;
+}
 table.code-difftable .del{
     background:none repeat scroll 0 0 #FFDDDD;
+}
 table.code-difftable .del del{
     background:none repeat scroll 0 0 #FFAAAA;
     text-decoration:none;
+}
 /** LINE NUMBERS **/
 table.code-difftable .lineno{
     padding-left:2px;
     padding-right:2px;
     text-align:right;
     width:32px;
     -moz-user-select:none;
     -webkit-user-select: none;
     border-right: 1px solid #CCC !important;
     border-left: 0px solid #CCC !important;
     border-top: 0px solid #CCC !important;
     border-bottom: none !important;
     vertical-align: middle !important;
+}
 table.code-difftable .lineno.new {
+}
 table.code-difftable .lineno.old {
+}
 table.code-difftable .lineno a{
     color:#747474 !important;
     font:11px "Bitstream Vera Sans Mono",Monaco,"Courier New",Courier,monospace !important;
     letter-spacing:-1px;
     text-align:right;
     padding-right: 2px;
     cursor: pointer;
     display: block;
     width: 32px;
+}
 table.code-difftable .lineno-inline{
     background:none repeat scroll 0 0 #FFF !important;
     padding-left:2px;
     padding-right:2px;
     text-align:right;
     width:30px;
     -moz-user-select:none;
     -webkit-user-select: none;
+}
 /** CODE **/
 table.code-difftable .code {
     display: block;
     width: 100%;
+}
 table.code-difftable .code td{
     margin:0;
     padding:0;
+}
 table.code-difftable .code pre{
     margin:0;
     padding:0;
     height: 17px;
     line-height: 17px;
+}
 .diffblock.margined.comm .line .code:hover{
     background-color:#FFFFCC !important;
     cursor: pointer !important;
     background-image:url("../images/icons/comment_add.png") !important;
     background-repeat:no-repeat !important;
     background-position: right !important;
     background-position: 0% 50% !important;
+}
 .diffblock.margined.comm .line .code.no-comment:hover{
 	background-image: none !important;
 	cursor: auto !important;
 	background-color: inherit !important;
+}

rhodecode/templates/admin/permissions/permissions.html

➞

Show inline comments

 ## -*- coding: utf-8 -*-
 <%inherit file="/base/base.html"/>
 <%def name="title()">
     ${_('Permissions administration')} - ${c.rhodecode_name}
 </%def>
 <%def name="breadcrumbs_links()">
     ${h.link_to(_('Admin'),h.url('admin_home'))}
     &raquo;
     ${_('Permissions')}
 </%def>
 <%def name="page_nav()">
 	${self.menu('admin')}
 </%def>
 <%def name="main()">
 <div class="box">
+<div class="box box-left">
     <!-- box / title -->
     <div class="title">
         ${self.breadcrumbs()}
     </div>
     <h3>${_('Default permissions')}</h3>
     ${h.form(url('permission', id='default'),method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
             <div class="field">
                 <div class="label label-checkbox">
                     <label for="anonymous">${_('Anonymous access')}:</label>
                 </div>
                 <div class="checkboxes">
                     <div class="checkbox">
                         ${h.checkbox('anonymous',True)}
                     </div>
                 </div>
             </div>
 			<div class="field">
 				<div class="label">
 					<label for="default_repo_perm">${_('Repository')}:</label>
 				</div>
 				<div class="select">
 					${h.select('default_repo_perm','',c.repo_perms_choices)}
 	                ${h.checkbox('overwrite_default_repo','true')}
 	                <label for="overwrite_default_repo">
 	                <span class="tooltip"
 	                title="${h.tooltip(_('All default permissions on each repository will be reset to choosen permission, note that all custom default permission on repositories will be lost'))}">
 	                ${_('overwrite existing settings')}</span> </label>
 				</div>
 			</div>
 			<div class="field">
 				<div class="label">
 					<label for="default_group_perm">${_('Repository group')}:</label>
 				</div>
 				<div class="select">
 					${h.select('default_group_perm','',c.group_perms_choices)}
                     ${h.checkbox('overwrite_default_group','true')}
                     <label for="overwrite_default_group">
                     <span class="tooltip"
                     title="${h.tooltip(_('All default permissions on each repository group will be reset to choosen permission, note that all custom default permission on repositories group will be lost'))}">
                     ${_('overwrite existing settings')}</span> </label>
 				</div>
 			</div>
 			<div class="field">
 		        <div class="label">
 		            <label for="default_register">${_('Registration')}:</label>
 		        </div>
 				<div class="select">
 					${h.select('default_register','',c.register_choices)}
 				</div>
 			</div>
              <div class="field">
                 <div class="label">
                     <label for="default_create">${_('Repository creation')}:</label>
                 </div>
 				<div class="select">
 					${h.select('default_create','',c.create_choices)}
 				</div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="default_fork">${_('Repository forking')}:</label>
                 </div>
                 <div class="select">
                     ${h.select('default_fork','',c.fork_choices)}
                 </div>
              </div>
 	        <div class="buttons">
 	        ${h.submit('set',_('set'),class_="ui-btn large")}
               ${h.submit('save',_('Save'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
 	        </div>
         </div>
     </div>
     ${h.end_form()}
 </div>
 <div style="min-height:780px" class="box box-right">
     <!-- box / title -->
     <div class="title">
         <h5>${_('Default User Permissions')}</h5>
     </div>
     ## permissions overview
     <div id="perms" class="table">
            %for section in sorted(c.perm_user.permissions.keys()):
               <div class="perms_section_head">${section.replace("_"," ").capitalize()}</div>
               %if not c.perm_user.permissions[section]:
                   <span class="empty_data">${_('Nothing here yet')}</span>
               %else:
               <div id='tbl_list_wrap_${section}' class="yui-skin-sam">
                <table id="tbl_list_${section}">
                 <thead>
                     <tr>
                     <th class="left">${_('Name')}</th>
                     <th class="left">${_('Permission')}</th>
                     <th class="left">${_('Edit Permission')}</th>
                 </thead>
                 <tbody>
                 %for k in c.perm_user.permissions[section]:
                      <%
                      if section != 'global':
                          section_perm = c.perm_user.permissions[section].get(k)
                          _perm = section_perm.split('.')[-1]
                      else:
                          _perm = section_perm = None
                      %>
                     <tr>
                         <td>
                             %if section == 'repositories':
                                 <a href="${h.url('summary_home',repo_name=k)}">${k}</a>
                             %elif section == 'repositories_groups':
                                 <a href="${h.url('repos_group_home',group_name=k)}">${k}</a>
                             %else:
                                 ${h.get_permission_name(k)}
                             %endif
                         </td>
                         <td>
                             %if section == 'global':
                              ${h.bool2icon(k.split('.')[-1] != 'none')}
                             %else:
                              <span class="perm_tag ${_perm}">${section_perm}</span>
                             %endif
                         </td>
                         <td>
                             %if section == 'repositories':
                                 <a href="${h.url('edit_repo',repo_name=k,anchor='permissions_manage')}">${_('edit')}</a>
                             %elif section == 'repositories_groups':
                                 <a href="${h.url('edit_repos_group',id=k,anchor='permissions_manage')}">${_('edit')}</a>
                             %else:
                                 --
                             %endif
                         </td>
                     </tr>
                 %endfor
                 </tbody>
                </table>
               </div>
               %endif
            %endfor
     </div>
 </div>
 <div class="box box-left" style="clear:left">
     <!-- box / title -->
     <div class="title">
         <h5>${_('Allowed IP addresses')}</h5>
     </div>
     <div class="ips_wrap">
       <table class="noborder">
       %if c.user_ip_map:
         %for ip in c.user_ip_map:
           <tr>
               <td><div class="ip">${ip.ip_addr}</div></td>
               <td><div class="ip">${h.ip_range(ip.ip_addr)}</div></td>
               <td>
                 ${h.form(url('user_ips_delete', id=c.user.user_id),method='delete')}
                     ${h.hidden('del_ip',ip.ip_id)}
                     ${h.hidden('default_user', 'True')}
                     ${h.submit('remove_',_('delete'),id="remove_ip_%s" % ip.ip_id,
                     class_="delete_icon action_button", onclick="return  confirm('"+_('Confirm to delete this ip: %s') % ip.ip_addr+"');")}
                 ${h.end_form()}
               </td>
           </tr>
         %endfor
        %else:
         <tr><td><div class="ip">${_('All IP addresses are allowed')}</div></td></tr>
        %endif
       </table>
     </div>
     ${h.form(url('user_ips', id=c.user.user_id),method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
              <div class="field">
                 <div class="label">
                     <label for="new_ip">${_('New ip address')}:</label>
                 </div>
                 <div class="input">
                     ${h.hidden('default_user', 'True')}
                     ${h.text('new_ip', class_='medium')}
                 </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Add'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
 	        </div>
         </div>
     </div>
     ${h.end_form()}
 </div>
 </%def>

rhodecode/templates/admin/users/user_edit.html

➞

Show inline comments

 ## -*- coding: utf-8 -*-
 <%inherit file="/base/base.html"/>
 <%def name="title()">
     ${_('Edit user')} ${c.user.username} - ${c.rhodecode_name}
 </%def>
 <%def name="breadcrumbs_links()">
     ${h.link_to(_('Admin'),h.url('admin_home'))}
     &raquo;
     ${h.link_to(_('Users'),h.url('users'))}
     &raquo;
     ${_('edit')} "${c.user.username}"
 </%def>
 <%def name="page_nav()">
 	${self.menu('admin')}
 </%def>
 <%def name="main()">
 <div class="box box-left">
     <!-- box / title -->
     <div class="title">
         ${self.breadcrumbs()}
     </div>
     <!-- end box / title -->
     ${h.form(url('update_user', id=c.user.user_id),method='put')}
     <div class="form">
         <div class="field">
            <div class="gravatar_box">
                <div class="gravatar"><img alt="gravatar" src="${h.gravatar_url(c.user.email)}"/></div>
                 <p>
                 %if c.use_gravatar:
                 <strong>${_('Change your avatar at')} <a href="http://gravatar.com">gravatar.com</a></strong>
                 <br/>${_('Using')} ${c.user.email}
                 %else:
                 <br/>${c.user.email}
                 %endif
            </div>
         </div>
         <div class="field">
             <div class="label">
                 <label>${_('API key')}</label> ${c.user.api_key}
             </div>
         </div>
         <div class="field">
             <div class="label">
                 <label>${_('Your IP')}</label> ${c.perm_user.ip_addr or "?"}
             </div>
         </div>
         <div class="fields">
              <div class="field">
                 <div class="label">
                     <label for="username">${_('Username')}:</label>
                 </div>
                 <div class="input">
                     %if c.ldap_dn:
                         ${h.text('username',class_='medium disabled', readonly="readonly")}
                     %else:
                         ${h.text('username',class_='medium')}
                     %endif:
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="ldap_dn">${_('LDAP DN')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('ldap_dn',class_='medium disabled',readonly="readonly")}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="new_password">${_('New password')}:</label>
                 </div>
                 <div class="input">
                     ${h.password('new_password',class_='medium',autocomplete="off")}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="password_confirmation">${_('New password confirmation')}:</label>
                 </div>
                 <div class="input">
                     ${h.password('password_confirmation',class_="medium",autocomplete="off")}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="firstname">${_('First Name')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('firstname',class_='medium')}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="lastname">${_('Last Name')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('lastname',class_='medium')}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="email">${_('Email')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('email',class_='medium')}
                 </div>
              </div>
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="active">${_('Active')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('active',value=True)}
                 </div>
              </div>
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="admin">${_('Admin')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('admin',value=True)}
                 </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
     	</div>
     </div>
     ${h.end_form()}
 </div>
 <div style="min-height:780px" class="box box-right">
     <!-- box / title -->
     <div class="title">
         <h5>${_('Permissions')}</h5>
     </div>
     ${h.form(url('user_perm', id=c.user.user_id),method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="inherit_permissions">${_('Inherit default permissions')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('inherit_default_permissions',value=True)}
                 </div>
                 <span class="help-block">${h.literal(_('Select to inherit permissions from %s settings. '
                                              'With this selected below options does not have any action') % h.link_to('default', url('edit_permission', id='default')))}</span>
              </div>
              <div id="inherit_overlay" style="${'opacity:0.3' if c.user.inherit_default_permissions else ''}" >
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="create_repo_perm">${_('Create repositories')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('create_repo_perm',value=True)}
                 </div>
              </div>
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="fork_repo_perm">${_('Fork repositories')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('fork_repo_perm',value=True)}
                 </div>
              </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
         </div>
     </div>
     ${h.end_form()}
     ## permissions overview
     <div id="perms" class="table">
            %for section in sorted(c.perm_user.permissions.keys()):
               <div class="perms_section_head">${section.replace("_"," ").capitalize()}</div>
               %if not c.perm_user.permissions[section]:
                   <span class="empty_data">${_('Nothing here yet')}</span>
               %else:
               <div id='tbl_list_wrap_${section}' class="yui-skin-sam">
                <table id="tbl_list_${section}">
                 <thead>
                     <tr>
                     <th class="left">${_('Name')}</th>
                     <th class="left">${_('Permission')}</th>
                     <th class="left">${_('Edit Permission')}</th>
                 </thead>
                 <tbody>
                 %for k in c.perm_user.permissions[section]:
                      <%
                      if section != 'global':
                          section_perm = c.perm_user.permissions[section].get(k)
                          _perm = section_perm.split('.')[-1]
                      else:
                          _perm = section_perm = None
                      %>
                     <tr>
                         <td>
                             %if section == 'repositories':
                                 <a href="${h.url('summary_home',repo_name=k)}">${k}</a>
                             %elif section == 'repositories_groups':
                                 <a href="${h.url('repos_group_home',group_name=k)}">${k}</a>
                             %else:
                                 ${h.get_permission_name(k)}
                             %endif
                         </td>
                         <td>
                             %if section == 'global':
                              ${h.bool2icon(k.split('.')[-1] != 'none')}
                             %else:
                              <span class="perm_tag ${_perm}">${section_perm}</span>
                             %endif
                         </td>
                         <td>
                             %if section == 'repositories':
                                 <a href="${h.url('edit_repo',repo_name=k,anchor='permissions_manage')}">${_('edit')}</a>
                             %elif section == 'repositories_groups':
                                 <a href="${h.url('edit_repos_group',id=k,anchor='permissions_manage')}">${_('edit')}</a>
                             %else:
                                 --
                             %endif
                         </td>
                     </tr>
                 %endfor
                 </tbody>
                </table>
               </div>
               %endif
            %endfor
     </div>
 </div>
 <div class="box box-left">
     <!-- box / title -->
     <div class="title">
         <h5>${_('Email addresses')}</h5>
     </div>
     <div class="emails_wrap">
       <table class="noborder">
       %for em in c.user_email_map:
         <tr>
             <td><div class="gravatar"><img alt="gravatar" src="${h.gravatar_url(em.user.email,16)}"/> </div></td>
             <td><div class="email">${em.email}</div></td>
             <td>
               ${h.form(url('user_emails_delete', id=c.user.user_id),method='delete')}
                   ${h.hidden('del_email',em.email_id)}
                   ${h.submit('remove_',_('delete'),id="remove_email_%s" % em.email_id,
                   class_="delete_icon action_button", onclick="return  confirm('"+_('Confirm to delete this email: %s') % em.email+"');")}
               ${h.end_form()}
             </td>
         </tr>
       %endfor
       </table>
     </div>
     ${h.form(url('user_emails', id=c.user.user_id),method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
              <div class="field">
                 <div class="label">
-                    <label for="email">${_('New email address')}:</label>
+                    <label for="new_email">${_('New email address')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('new_email', class_='medium')}
                 </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Add'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
         </div>
     </div>
     ${h.end_form()}
 </div>
 <div class="box box-left" style="clear:left">
     <!-- box / title -->
     <div class="title">
         <h5>${_('Allowed IP addresses')}</h5>
     </div>
     <div class="ips_wrap">
       <table class="noborder">
       %if c.user_ip_map:
         %for ip in c.user_ip_map:
           <tr>
               <td><div class="ip">${ip.ip_addr}</div></td>
               <td><div class="ip">${h.ip_range(ip.ip_addr)}</div></td>
               <td>
                 ${h.form(url('user_ips_delete', id=c.user.user_id),method='delete')}
                     ${h.hidden('del_ip',ip.ip_id)}
                     ${h.submit('remove_',_('delete'),id="remove_ip_%s" % ip.ip_id,
                     class_="delete_icon action_button", onclick="return  confirm('"+_('Confirm to delete this ip: %s') % ip.ip_addr+"');")}
                 ${h.end_form()}
               </td>
           </tr>
         %endfor
        %else:
         <tr><td><div class="ip">${_('All IP addresses are allowed')}</div></td></tr>
        %endif
       </table>
     </div>
     ${h.form(url('user_ips', id=c.user.user_id),method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
              <div class="field">
                 <div class="label">
                     <label for="new_ip">${_('New ip address')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('new_ip', class_='medium')}
                 </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Add'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
         </div>
     </div>
     ${h.end_form()}
 </div>
 </%def>

0 comments (0 inline, 0 general)