"/repos_delete_users_group/{repo_name:.*}",

                  action="delete_perm_users_group",

                  conditions=dict(method=["DELETE"], function=check_repo))

        #settings actions

        m.connect('repo_stats', "/repos_stats/{repo_name:.*}",

             action="repo_stats", conditions=dict(method=["DELETE"],

                                                        function=check_repo))

        m.connect('repo_cache', "/repos_cache/{repo_name:.*}",

             action="repo_cache", conditions=dict(method=["DELETE"],

                                                        function=check_repo))

        m.connect('repo_public_journal',

                  "/repos_public_journal/{repo_name:.*}",

                  action="repo_public_journal", conditions=dict(method=["PUT"],

                  function=check_repo))

        m.connect('repo_pull', "/repo_pull/{repo_name:.*}",

             action="repo_pull", conditions=dict(method=["PUT"],

                                                        function=check_repo))

    #ADMIN REPOS GROUP REST ROUTES

    rmap.resource('repos_group', 'repos_groups',

                  controller='admin/repos_groups', path_prefix='/_admin')

    #ADMIN USER REST ROUTES

    #ADMIN USERS REST ROUTES

    rmap.resource('users_group', 'users_groups',

                  controller='admin/users_groups', path_prefix='/_admin')

    #ADMIN GROUP REST ROUTES

    #ADMIN PERMISSIONS REST ROUTES

    rmap.resource('permission', 'permissions',

                  controller='admin/permissions', path_prefix='/_admin')

    ##ADMIN LDAP SETTINGS

    rmap.connect('ldap_settings', '/_admin/ldap',

                 controller='admin/ldap_settings', action='ldap_settings',

                 conditions=dict(method=["POST"]))

    rmap.connect('ldap_home', '/_admin/ldap',

                 controller='admin/ldap_settings')

    #ADMIN SETTINGS REST ROUTES

    with rmap.submapper(path_prefix='/_admin',

                        controller='admin/settings') as m:

        m.connect("admin_settings", "/settings",

                  action="create", conditions=dict(method=["POST"]))

        m.connect("admin_settings", "/settings",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("formatted_admin_settings", "/settings.{format}",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("admin_new_setting", "/settings/new",

                  action="new", conditions=dict(method=["GET"]))

        m.connect("formatted_admin_new_setting", "/settings/new.{format}",

                  action="new", conditions=dict(method=["GET"]))

        m.connect("/settings/{setting_id}",

                  action="update", conditions=dict(method=["PUT"]))

        m.connect("/settings/{setting_id}",

                  action="delete", conditions=dict(method=["DELETE"]))

        m.connect("admin_edit_setting", "/settings/{setting_id}/edit",

                  action="edit", conditions=dict(method=["GET"]))

        m.connect("formatted_admin_edit_setting",

                  "/settings/{setting_id}.{format}/edit",

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

from formencode import htmlfill

from pylons import request, session, tmpl_context as c, url

from pylons.controllers.util import abort, redirect

from pylons.i18n.translation import _

from rhodecode.lib import helpers as h

from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator

from rhodecode.lib.auth_ldap import LdapImportError

from rhodecode.lib.base import BaseController, render

from rhodecode.model.forms import LdapSettingsForm, DefaultPermissionsForm

from rhodecode.model.permission import PermissionModel

from rhodecode.model.user import UserModel

import formencode

import logging

import traceback

log = logging.getLogger(__name__)

class PermissionsController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    # To properly map this controller, ensure your config/routing.py

    # file has a resource setup:

    #     map.resource('permission', 'permissions')

    @LoginRequired()

    @HasPermissionAllDecorator('hg.admin')

    def __before__(self):

        c.admin_user = session.get('admin_user')

        c.admin_username = session.get('admin_username')

        super(PermissionsController, self).__before__()

        self.perms_choices = [('repository.none', _('None'),),

                              ('repository.read', _('Read'),),

                              ('repository.write', _('Write'),),

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

import traceback

import formencode

from formencode import htmlfill

from pylons import request, session, tmpl_context as c, url, config

from pylons.controllers.util import abort, redirect

from pylons.i18n.translation import _

from rhodecode.lib.exceptions import DefaultUserException, \

    UserOwnsReposException

from rhodecode.lib import helpers as h

from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator

from rhodecode.lib.base import BaseController, render

from rhodecode.model.forms import UserForm

from rhodecode.model.user import UserModel

log = logging.getLogger(__name__)

class UsersController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    # To properly map this controller, ensure your config/routing.py

    # file has a resource setup:

    #     map.resource('user', 'users')

    @LoginRequired()

    @HasPermissionAllDecorator('hg.admin')

    def __before__(self):

        c.admin_user = session.get('admin_user')

        c.admin_username = session.get('admin_username')

        super(UsersController, self).__before__()

        c.available_permissions = config['available_permissions']

    def index(self, format='html'):

        """GET /users: All items in the collection"""

        # url('users')

            #action_logger(self.rhodecode_user, 'new_user', '', '', self.sa)

        except formencode.Invalid, errors:

            return htmlfill.render(

                render('admin/users/user_add.html'),

                defaults=errors.value,

                errors=errors.error_dict or {},

                prefix_error=False,

                encoding="UTF-8")

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('error occurred during creation of user %s') \

                    % request.POST.get('username'), category='error')

        return redirect(url('users'))

    def new(self, format='html'):

        """GET /users/new: Form to create a new item"""

        # url('new_user')

        return render('admin/users/user_add.html')

    def update(self, id):

        """PUT /users/id: Update an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="PUT" />

        # Or using helpers:

        #           method='put')

        # url('user', id=ID)

        user_model = UserModel()

        c.user = user_model.get(id)

        _form = UserForm(edit=True, old_data={'user_id': id,

                                              'email': c.user.email})()

        form_result = {}

        try:

            form_result = _form.to_python(dict(request.POST))

            user_model.update(id, form_result)

        except formencode.Invalid, errors:

            return htmlfill.render(

                render('admin/users/user_edit.html'),

                defaults=errors.value,

                prefix_error=False,

                encoding="UTF-8")

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('error occurred during update of user %s') \

                    % form_result.get('username'), category='error')

        return redirect(url('users'))

    def delete(self, id):

        """DELETE /users/id: Delete an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="DELETE" />

        # Or using helpers:

        #           method='delete')

        # url('user', id=ID)

        user_model = UserModel()

        try:

            user_model.delete(id)

            h.flash(_('successfully deleted user'), category='success')

        except (UserOwnsReposException, DefaultUserException), e:

            h.flash(str(e), category='warning')

        except Exception:

            h.flash(_('An error occurred during deletion of user'),

                    category='error')

        return redirect(url('users'))

    def show(self, id, format='html'):

        """GET /users/id: Show a specific item"""

        # url('user', id=ID)

    def edit(self, id, format='html'):

        """GET /users/id/edit: Form to edit an existing item"""

        # url('edit_user', id=ID)

        user_model = UserModel()

        c.user = user_model.get(id)

        if not c.user:

            return redirect(url('users'))

        if c.user.username == 'default':

            h.flash(_("You can't edit this user"), category='warning')

            return redirect(url('users'))

        c.user.permissions = {}

        c.granted_permissions = user_model.fill_perms(c.user)\

            .permissions['global']

        defaults = c.user.get_dict()

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False

        )

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import os

import sys

import uuid

import logging

from os.path import dirname as dn, join as jn

from rhodecode import __dbversion__

from rhodecode.model import meta

from rhodecode.lib.auth import get_crypt_password, generate_api_key

from rhodecode.lib.utils import ask_ok

from rhodecode.model import init_model

from sqlalchemy.engine import create_engine

log = logging.getLogger(__name__)

class DbManage(object):

    def __init__(self, log_sql, dbconf, root, tests=False):

        self.dbname = dbconf.split('/')[-1]

        self.tests = tests

        self.root = root

        self.dburi = dbconf

        self.log_sql = log_sql

        self.db_exists = False

        self.init_db()

    def init_db(self):

        engine = create_engine(self.dburi, echo=self.log_sql)

        init_model(engine)

        self.sa = meta.Session()

    def create_tables(self, override=False):

        """Create a auth database

        """

        log.info("Any existing database is going to be destroyed")

        if self.tests:

            destroy = True

        else:

            destroy = ask_ok('Are you sure to destroy old database ? [y/n]')

        if not destroy:

            sys.exit()

        if destroy:

            meta.Base.metadata.drop_all()

        checkfirst = not override

        meta.Base.metadata.create_all(checkfirst=checkfirst)

        log.info('Created tables for %s', self.dbname)

    def set_db_version(self):

        try:

            ver = DbMigrateVersion()

            ver.version = __dbversion__

            ver.repository_id = 'rhodecode_db_migrations'

            ver.repository_path = 'versions'

            self.sa.add(ver)

            self.sa.commit()

        except:

            self.sa.rollback()

            raise

        log.info('db version set to: %s', __dbversion__)

    def upgrade(self):

        """Upgrades given database schema to given revision following

        all needed steps, to perform the upgrade

        """

        from rhodecode.lib.dbmigrate.migrate.versioning import api

        from rhodecode.lib.dbmigrate.migrate.exceptions import \

            DatabaseNotControlledError

        upgrade = ask_ok('You are about to perform database upgrade, make '

                         'sure You backed up your database before. '

                         'Continue ? [y/n]')

        if not upgrade:

            sys.exit('Nothing done')

        repository_path = jn(dn(dn(dn(os.path.realpath(__file__)))),

                             'rhodecode/lib/dbmigrate')

        db_uri = self.dburi

        try:

            curr_version = api.db_version(db_uri, repository_path)

            msg = ('Found current database under version'

                 ' control with version %s' % curr_version)

            def step_1(self):

                pass

            def step_2(self):

                print ('Patching repo paths for newer version of RhodeCode')

                self.klass.fix_repo_paths()

                print ('Patching default user of RhodeCode')

                self.klass.fix_default_user()

                log.info('Changing ui settings')

                self.klass.create_ui_settings()

            def step_3(self):

                print ('Adding additional settings into RhodeCode db')

                self.klass.fix_settings()

        upgrade_steps = [0] + range(curr_version + 1, __dbversion__ + 1)

        #CALL THE PROPER ORDER OF STEPS TO PERFORM FULL UPGRADE

        for step in upgrade_steps:

            print ('performing upgrade step %s' % step)

            callable = getattr(UpgradeSteps(self), 'step_%s' % step)()

    def fix_repo_paths(self):

        """Fixes a old rhodecode version path into new one without a '*'

        """

        paths = self.sa.query(RhodeCodeUi)\

                .filter(RhodeCodeUi.ui_key == '/')\

                .scalar()

        paths.ui_value = paths.ui_value.replace('*', '')

        try:

            self.sa.add(paths)

            self.sa.commit()

        except:

            self.sa.rollback()

            raise

    def fix_default_user(self):

        """Fixes a old default user with some 'nicer' default values,

        used mostly for anonymous access

        """

        def_user = self.sa.query(User)\

                .filter(User.username == 'default')\

                .one()

        try:

            self.sa.add(def_user)

            self.sa.commit()

        except:

            self.sa.rollback()

            raise

    def fix_settings(self):

        """Fixes rhodecode settings adds ga_code key for google analytics

        """

        hgsettings3 = RhodeCodeSettings('ga_code', '')

        try:

            self.sa.add(hgsettings3)

            self.sa.commit()

        except:

            self.sa.rollback()

            raise

    def admin_prompt(self, second=False):

        if not self.tests:

            import getpass

            def get_password():

                confirm = getpass.getpass('Confirm password:')

                if password != confirm:

                    log.error('passwords mismatch')

                    return False

                if len(password) < 6:

                    log.error('password is to short use at least 6 characters')

                    return False

                return password

            username = raw_input('Specify admin username:')

            password = get_password()

            if not password:

                #second try

                password = get_password()

                if not password:

                    sys.exit()

            email = raw_input('Specify admin email:')

            self.create_user(username, password, email, True)

        else:

            log.info('creating admin and regular test users')

    def create_ui_settings(self):

        """Creates ui settings, fills out hooks

        and disables dotencode

        """

        #HOOKS

        hooks1_key = 'changegroup.update'

        hooks1_ = self.sa.query(RhodeCodeUi)\

            .filter(RhodeCodeUi.ui_key == hooks1_key).scalar()

        hooks1 = RhodeCodeUi() if hooks1_ is None else hooks1_

        hooks1.ui_section = 'hooks'

        hooks1.ui_key = hooks1_key

        hooks1.ui_value = 'hg update >&2'

        hooks1.ui_active = False

        hooks2_key = 'changegroup.repo_size'

        hooks2_ = self.sa.query(RhodeCodeUi)\

            .filter(RhodeCodeUi.ui_key == hooks2_key).scalar()

        hooks2 = RhodeCodeUi() if hooks2_ is None else hooks2_

        hooks2.ui_section = 'hooks'

        hooks2.ui_key = hooks2_key

        hooks3.ui_value = 'python:rhodecode.lib.hooks.log_push_action'

        hooks4 = RhodeCodeUi()

        hooks4.ui_section = 'hooks'

        hooks4.ui_key = 'preoutgoing.pull_logger'

        hooks4.ui_value = 'python:rhodecode.lib.hooks.log_pull_action'

        #For mercurial 1.7 set backward comapatibility with format

        dotencode_disable = RhodeCodeUi()

        dotencode_disable.ui_section = 'format'

        dotencode_disable.ui_key = 'dotencode'

        dotencode_disable.ui_value = 'false'

        try:

            self.sa.add(hooks1)

            self.sa.add(hooks2)

            self.sa.add(hooks3)

            self.sa.add(hooks4)

            self.sa.add(dotencode_disable)

            self.sa.commit()

        except:

            self.sa.rollback()

            raise

    def create_ldap_options(self):

        """Creates ldap settings"""

        try:

            for k, v in [('ldap_active', 'false'), ('ldap_host', ''),

                        ('ldap_port', '389'), ('ldap_ldaps', 'false'),

                        ('ldap_tls_reqcert', ''), ('ldap_dn_user', ''),

                        ('ldap_dn_pass', ''), ('ldap_base_dn', ''),

                        ('ldap_filter', ''), ('ldap_search_scope', ''),

                        ('ldap_attr_login', ''), ('ldap_attr_firstname', ''),

                        ('ldap_attr_lastname', ''), ('ldap_attr_email', '')]:

                setting = RhodeCodeSettings(k, v)

                self.sa.add(setting)

            self.sa.commit()

        except:

            self.sa.rollback()

            raise

    def config_prompt(self, test_repo_path='', retries=3):

        if retries == 3:

            log.info('Setting up repositories config')

        if not self.tests and not test_repo_path:

            path = raw_input('Specify valid full path to your repositories'

                        ' you can change this later in application settings:')

        else:

            path = test_repo_path

        path_ok = True

        #check proper dir

        if not os.path.isdir(path):

            path_ok = False

            log.error('Entered path is not a valid directory: %s [%s/3]',

                      path, retries)

        #check write access

        if not os.access(path, os.W_OK):

            path_ok = False

            log.error('No write permission to given path: %s [%s/3]',

                      path, retries)

        if retries == 0:

            sys.exit()

        if path_ok is False:

            retries -= 1

            return self.config_prompt(test_repo_path, retries)

        return path

    def create_settings(self, path):

        self.create_ui_settings()

        #HG UI OPTIONS

        web1 = RhodeCodeUi()

        web1.ui_section = 'web'

        web1.ui_key = 'push_ssl'

        web1.ui_value = 'false'

        web2 = RhodeCodeUi()

        web2.ui_section = 'web'

        web2.ui_key = 'allow_archive'

        web2.ui_value = 'gz zip bz2'

        web3 = RhodeCodeUi()

        web3.ui_section = 'web'

        web3.ui_key = 'allow_push'

        web3.ui_value = '*'

        web4 = RhodeCodeUi()

        web4.ui_section = 'web'

        web4.ui_key = 'baseurl'

        web4.ui_value = '/'

        paths = RhodeCodeUi()

        paths.ui_section = 'paths'

        paths.ui_key = '/'

        paths.ui_value = path

        hgsettings1 = RhodeCodeSettings('realm', 'RhodeCode authentication')

        hgsettings2 = RhodeCodeSettings('title', 'RhodeCode')

        hgsettings3 = RhodeCodeSettings('ga_code', '')

        try:

            self.sa.add(web1)

            self.sa.add(web2)

            self.sa.add(web3)

            self.sa.add(web4)

            self.sa.add(paths)

            self.sa.add(hgsettings1)

            self.sa.add(hgsettings2)

            self.sa.add(hgsettings3)

            self.sa.commit()

        except:

            self.sa.rollback()

            raise

        self.create_ldap_options()

        log.info('created ui config')

    def create_user(self, username, password, email='', admin=False):

        log.info('creating administrator user %s', username)

        new_user = User()

        new_user.username = username

        new_user.password = get_crypt_password(password)

        def_user.api_key = generate_api_key('default')

        def_user.name = 'Anonymous'

        def_user.lastname = 'User'

        def_user.email = 'anonymous@rhodecode.org'

        def_user.admin = False

        def_user.active = False

        try:

            self.sa.add(def_user)

            self.sa.commit()

        except:

            self.sa.rollback()

            raise

    def create_permissions(self):

        #module.(access|create|change|delete)_[name]

        #module.(read|write|owner)

        perms = [('repository.none', 'Repository no access'),

                 ('repository.read', 'Repository read access'),

                 ('repository.write', 'Repository write access'),

                 ('repository.admin', 'Repository admin access'),

                 ('hg.admin', 'Hg Administrator'),

                 ('hg.create.repository', 'Repository create'),

                 ('hg.create.none', 'Repository creation disabled'),

                 ('hg.register.none', 'Register disabled'),

                ]

        for p in perms:

            new_perm = Permission()

            new_perm.permission_name = p[0]

            new_perm.permission_longname = p[1]

            try:

                self.sa.add(new_perm)

                self.sa.commit()

            except:

                self.sa.rollback()

                raise

    def populate_default_permissions(self):

        log.info('creating default user permissions')

        default_user = self.sa.query(User)\

        .filter(User.username == 'default').scalar()

        reg_perm = UserToPerm()

        reg_perm.user = default_user

        reg_perm.permission = self.sa.query(Permission)\

        .filter(Permission.permission_name == 'hg.register.manual_activate')\

        .scalar()

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import os

import logging

import datetime

from datetime import date

from sqlalchemy import *

from sqlalchemy.exc import DatabaseError

from sqlalchemy.orm import relationship, backref

from sqlalchemy.orm.interfaces import MapperExtension

from rhodecode.model.meta import Base, Session

log = logging.getLogger(__name__)

#==============================================================================

# MAPPER EXTENSIONS

#==============================================================================

class RepositoryMapper(MapperExtension):

    def after_update(self, mapper, connection, instance):

        pass

class RhodeCodeSettings(Base):

    __tablename__ = 'rhodecode_settings'

    __table_args__ = (UniqueConstraint('app_settings_name'), {'useexisting':True})

    app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    app_settings_name = Column("app_settings_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    app_settings_value = Column("app_settings_value", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    def __init__(self, k='', v=''):

        self.app_settings_name = k

        self.app_settings_value = v

    def __repr__(self):

        return "<%s('%s:%s')>" % (self.__class__.__name__,

                                  self.app_settings_name, self.app_settings_value)

class RhodeCodeUi(Base):