else:

                r = render('admin/repos/repo_add.html')

            return htmlfill.render(

                r,

                defaults=errors.value,

                errors=errors.error_dict or {},

                prefix_error=False,

                encoding="UTF-8")

        except Exception:

            log.error(traceback.format_exc())

            msg = _('error occurred during creation of repository %s') \

                    % form_result.get('repo_name')

            h.flash(msg, category='error')

        if request.POST.get('user_created'):

            return redirect(url('home'))

        return redirect(url('repos'))

    @HasPermissionAllDecorator('hg.admin')

    def new(self, format='html'):

        """GET /repos/new: Form to create a new item"""

        new_repo = request.GET.get('repo', '')

        c.new_repo = repo_name_slug(new_repo)

        self.__load_defaults()

        return render('admin/repos/repo_add.html')

    @HasPermissionAllDecorator('hg.admin')

    def update(self, repo_name):

        """

        PUT /repos/repo_name: Update an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="PUT" />

        # Or using helpers:

        #    h.form(url('repo', repo_name=ID),

        #           method='put')

        # url('repo', repo_name=ID)

        self.__load_defaults()

        repo_model = RepoModel()

        changed_name = repo_name

        _form = RepoForm(edit=True, old_data={'repo_name': repo_name},

                         repo_groups=c.repo_groups_choices)()

        try:

            form_result = _form.to_python(dict(request.POST))

            repo_model.update(repo_name, form_result)

            invalidate_cache('get_repo_cached_%s' % repo_name)

            h.flash(_('Repository %s updated successfully' % repo_name),

                    category='success')

            action_logger(self.rhodecode_user, 'admin_updated_repo',

                              changed_name, '', self.sa)

        except formencode.Invalid, errors:

            defaults = self.__load_data(repo_name)

            defaults.update(errors.value)

            return htmlfill.render(

                render('admin/repos/repo_edit.html'),

                defaults=defaults,

                errors=errors.error_dict or {},

                prefix_error=False,

                encoding="UTF-8")

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('error occurred during update of repository %s') \

                    % repo_name, category='error')

        return redirect(url('edit_repo', repo_name=changed_name))

    @HasPermissionAllDecorator('hg.admin')

    def delete(self, repo_name):

        """

        DELETE /repos/repo_name: Delete an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="DELETE" />

        # Or using helpers:

        #    h.form(url('repo', repo_name=ID),

        #           method='delete')

        # url('repo', repo_name=ID)

        repo_model = RepoModel()

        repo = repo_model.get_by_repo_name(repo_name)

        if not repo:

            h.flash(_('%s repository is not mapped to db perhaps'

                      ' it was moved or renamed  from the filesystem'

                      ' please run the application again'

                      ' in order to rescan repositories') % repo_name,

                      category='error')

            return redirect(url('repos'))

        try:

            action_logger(self.rhodecode_user, 'admin_deleted_repo',

                              repo_name, '', self.sa)

            repo_model.delete(repo)

            invalidate_cache('get_repo_cached_%s' % repo_name)

            h.flash(_('deleted repository %s') % repo_name, category='success')

        except Exception, e:

        while 1:

            gr = getattr(cur_gr, 'parent_group', None)

            cur_gr = cur_gr.parent_group

            if gr is None:

                break

            groups.insert(0, gr)

        return groups

    @property

    def groups_and_repo(self):

        return self.groups_with_parents, self.just_name

class Group(Base):

    __tablename__ = 'groups'

    __table_args__ = (UniqueConstraint('group_name'), {'useexisting':True},)

    group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    group_name = Column("group_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)

    group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)

    parent_group = relationship('Group', remote_side=group_id)

    def __init__(self, group_name='', parent_group=None):

        self.group_name = group_name

        self.parent_group = parent_group

    def __repr__(self):

        return "<%s('%s:%s')>" % (self.__class__.__name__, self.group_id,

                                  self.group_name)

    @property

    def parents(self):

        groups = []

        if self.parent_group is None:

            return groups

        cur_gr = self.parent_group

        groups.insert(0, cur_gr)

        while 1:

            gr = getattr(cur_gr, 'parent_group', None)

            cur_gr = cur_gr.parent_group

            if gr is None:

                break

            groups.insert(0, gr)

        return groups

    @property

    def repositories(self):

        return Session.query(Repository).filter(Repository.group == self).all()

class Permission(Base):

    __tablename__ = 'permissions'

    __table_args__ = {'useexisting':True}

    permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    permission_name = Column("permission_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    permission_longname = Column("permission_longname", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    def __repr__(self):

        return "<%s('%s:%s')>" % (self.__class__.__name__,

                                  self.permission_id, self.permission_name)

    @classmethod

    def get_by_key(cls, key):

        return Session.query(cls).filter(cls.permission_name == key).scalar()

class RepoToPerm(Base):

    __tablename__ = 'repo_to_perm'

    __table_args__ = (UniqueConstraint('user_id', 'repository_id'), {'useexisting':True})

    repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)

    permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)

    repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)

    user = relationship('User')

    permission = relationship('Permission')

    repository = relationship('Repository')

class UserToPerm(Base):

    __tablename__ = 'user_to_perm'

    __table_args__ = (UniqueConstraint('user_id', 'permission_id'), {'useexisting':True})

    user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)

    permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)

    user = relationship('User')

    permission = relationship('Permission')

    @classmethod

    def has_perm(cls, user_id, perm):

        if not isinstance(perm, Permission):

            raise Exception('perm needs to be an instance of Permission class')

        return Session.query(cls).filter(cls.user_id == user_id)\

            .filter(cls.permission == perm).scalar() is not None

""" this is forms validation classes

http://formencode.org/module-formencode.validators.html

for list off all availible validators

we can create our own validators

The table below outlines the options which can be used in a schema in addition to the validators themselves

pre_validators          []     These validators will be applied before the schema

chained_validators      []     These validators will be applied after the schema

allow_extra_fields      False     If True, then it is not an error when keys that aren't associated with a validator are present

filter_extra_fields     False     If True, then keys that aren't associated with a validator are removed

if_key_missing          NoDefault If this is given, then any keys that aren't available but are expected will be replaced with this value (and then validated). This does not override a present .if_missing attribute on validators. NoDefault is a special FormEncode class to mean that no default values has been specified and therefore missing keys shouldn't take a default value.

ignore_key_missing      False     If True, then missing keys will be missing in the result, if the validator doesn't have .if_missing on it already

<name> = formencode.validators.<name of validator>

<name> must equal form name

list=[1,2,3,4,5]

for SELECT use formencode.All(OneOf(list), Int())

"""

import os

import re

import logging

import traceback

import formencode

from formencode import All

from formencode.validators import UnicodeString, OneOf, Int, Number, Regex, \

    Email, Bool, StringBoolean, Set

from pylons.i18n.translation import _

from webhelpers.pylonslib.secure_form import authentication_token

from rhodecode.lib.utils import repo_name_slug

from rhodecode.lib.auth import authenticate, get_crypt_password

from rhodecode.lib.exceptions import LdapImportError

from rhodecode.model import meta

from rhodecode.model.user import UserModel

from rhodecode.model.repo import RepoModel

from rhodecode import BACKENDS

log = logging.getLogger(__name__)

#this is needed to translate the messages using _() in validators

class State_obj(object):

    _ = staticmethod(_)

#==============================================================================

# VALIDATORS

#==============================================================================

class ValidAuthToken(formencode.validators.FancyValidator):

    messages = {'invalid_token':_('Token mismatch')}

    def validate_python(self, value, state):

        if value != authentication_token():

            raise formencode.Invalid(self.message('invalid_token', state,

                                            search_number=value), value, state)

def ValidUsername(edit, old_data):

    class _ValidUsername(formencode.validators.FancyValidator):

        def validate_python(self, value, state):

            if value in ['default', 'new_user']:

                raise formencode.Invalid(_('Invalid username'), value, state)

            #check if user is unique

            old_un = None

            if edit:

                old_un = UserModel().get(old_data.get('user_id')).username

            if old_un != value or not edit:

                if UserModel().get_by_username(value, cache=False,

                                               case_insensitive=True):

                    raise formencode.Invalid(_('This username already '

                                               'exists') , value, state)

            if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:

                raise formencode.Invalid(_('Username may only contain '

                                           'alphanumeric characters '

                                           'underscores, periods or dashes '

                                           'and must begin with alphanumeric '

                                           'character'), value, state)

    return _ValidUsername

def ValidUsersGroup(edit, old_data):

            raise formencode.Invalid('', value, state, error_dict=e_dict)

class ValidAuth(formencode.validators.FancyValidator):

    messages = {

            'invalid_password':_('invalid password'),

            'invalid_login':_('invalid user name'),

            'disabled_account':_('Your account is disabled')

            }

    #error mapping

    e_dict = {'username':messages['invalid_login'],

              'password':messages['invalid_password']}

    e_dict_disable = {'username':messages['disabled_account']}

    def validate_python(self, value, state):

        password = value['password']

        username = value['username']

        user = UserModel().get_by_username(username)

        if authenticate(username, password):

            return value

        else:

            if user and user.active is False:

                log.warning('user %s is disabled', username)

                raise formencode.Invalid(self.message('disabled_account',

                                         state=State_obj),

                                         value, state,

                                         error_dict=self.e_dict_disable)

            else:

                log.warning('user %s not authenticated', username)

                raise formencode.Invalid(self.message('invalid_password',

                                         state=State_obj), value, state,

                                         error_dict=self.e_dict)

class ValidRepoUser(formencode.validators.FancyValidator):

    def to_python(self, value, state):

        sa = meta.Session()

        try:

            self.user_db = sa.query(User)\

                .filter(User.active == True)\

                .filter(User.username == value).one()

        except Exception:

            raise formencode.Invalid(_('This username is not valid'),

                                     value, state)

        finally:

            meta.Session.remove()

def ValidRepoName(edit, old_data):

    class _ValidRepoName(formencode.validators.FancyValidator):

    return _ValidRepoName

def ValidCloneUri():

    from mercurial.httprepo import httprepository, httpsrepository

    from rhodecode.lib.utils import make_ui

    class _ValidCloneUri(formencode.validators.FancyValidator):

        def to_python(self, value, state):

            if not value:

                pass

            elif value.startswith('https'):

                try:

                    httpsrepository(make_ui('db'), value).capabilities

                except Exception, e:

                    log.error(traceback.format_exc())

                    raise formencode.Invalid(_('invalid clone url'), value,

                                             state)

            elif value.startswith('http'):

                try:

                    httprepository(make_ui('db'), value).capabilities

                except Exception, e:

                    log.error(traceback.format_exc())

                    raise formencode.Invalid(_('invalid clone url'), value,

                                             state)

            else:

                raise formencode.Invalid(_('Invalid clone url, provide a '

                                           'valid clone http\s url'), value,

                                         state)

            return value

    return _ValidCloneUri

def ValidForkType(old_data):

    class _ValidForkType(formencode.validators.FancyValidator):

        def to_python(self, value, state):

            if old_data['repo_type'] != value:

                raise formencode.Invalid(_('Fork have to be the same '

                                           'type as original'), value, state)

            return value

    return _ValidForkType

class ValidPerms(formencode.validators.FancyValidator):

    messages = {'perm_new_member_name':_('This username or users group name'

                                         ' is not valid')}

    def to_python(self, value, state):

        perms_update = []

        perms_new = []

def UsersGroupForm(edit=False, old_data={}, available_members=[]):

    class _UsersGroupForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        users_group_name = All(UnicodeString(strip=True, min=1, not_empty=True),

                       ValidUsersGroup(edit, old_data))

        users_group_active = StringBoolean(if_missing=False)

        if edit:

            users_group_members = OneOf(available_members, hideList=False,

                                        testValueList=True,

                                        if_missing=None, not_empty=False)

    return _UsersGroupForm

def RegisterForm(edit=False, old_data={}):

    class _RegisterForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        username = All(ValidUsername(edit, old_data),

                       UnicodeString(strip=True, min=1, not_empty=True))

        password = All(UnicodeString(strip=True, min=6, not_empty=True))

        password_confirmation = All(UnicodeString(strip=True, min=6, not_empty=True))

        active = StringBoolean(if_missing=False)

        name = UnicodeString(strip=True, min=1, not_empty=True)

        lastname = UnicodeString(strip=True, min=1, not_empty=True)

        email = All(Email(not_empty=True), UniqSystemEmail(old_data))

        chained_validators = [ValidPasswordsMatch, ValidPassword]

    return _RegisterForm

def PasswordResetForm():

    class _PasswordResetForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        email = All(ValidSystemEmail(), Email(not_empty=True))

    return _PasswordResetForm

def RepoForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),

             repo_groups=[]):

    class _RepoForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        repo_name = All(UnicodeString(strip=True, min=1, not_empty=True),

        clone_uri = All(UnicodeString(strip=True, min=1, not_empty=False),

                        ValidCloneUri()())

        repo_group = OneOf(repo_groups, hideList=True)

        repo_type = OneOf(supported_backends)

        description = UnicodeString(strip=True, min=1, not_empty=True)

        private = StringBoolean(if_missing=False)

        enable_statistics = StringBoolean(if_missing=False)

        enable_downloads = StringBoolean(if_missing=False)

        if edit:

            #this is repo owner

    return _RepoForm

def RepoForkForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()):

    class _RepoForkForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        fork_name = All(UnicodeString(strip=True, min=1, not_empty=True),

        description = UnicodeString(strip=True, min=1, not_empty=True)

        private = StringBoolean(if_missing=False)

        repo_type = All(ValidForkType(old_data), OneOf(supported_backends))

    return _RepoForkForm

def RepoSettingsForm(edit=False, old_data={}):

    class _RepoForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        repo_name = All(UnicodeString(strip=True, min=1, not_empty=True),

        description = UnicodeString(strip=True, min=1, not_empty=True)

        private = StringBoolean(if_missing=False)

    return _RepoForm

def ApplicationSettingsForm():

    class _ApplicationSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        rhodecode_title = UnicodeString(strip=True, min=1, not_empty=True)

        rhodecode_realm = UnicodeString(strip=True, min=1, not_empty=True)

        rhodecode_ga_code = UnicodeString(strip=True, min=1, not_empty=False)

    return _ApplicationSettingsForm

def ApplicationUiSettingsForm():

    class _ApplicationUiSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = False

        web_push_ssl = OneOf(['true', 'false'], if_missing='false')

        paths_root_path = All(ValidPath(), UnicodeString(strip=True, min=1, not_empty=True))

        hooks_changegroup_update = OneOf(['True', 'False'], if_missing=False)

        hooks_changegroup_repo_size = OneOf(['True', 'False'], if_missing=False)

        hooks_pretxnchangegroup_push_logger = OneOf(['True', 'False'], if_missing=False)

        hooks_preoutgoing_pull_logger = OneOf(['True', 'False'], if_missing=False)

    return _ApplicationUiSettingsForm

def DefaultPermissionsForm(perms_choices, register_choices, create_choices):

    class _DefaultPermissionsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        overwrite_default = StringBoolean(if_missing=False)

        anonymous = OneOf(['True', 'False'], if_missing=False)

        default_perm = OneOf(perms_choices)

        default_register = OneOf(register_choices)

        default_create = OneOf(create_choices)

    return _DefaultPermissionsForm

def LdapSettingsForm(tls_reqcert_choices, search_scope_choices, tls_kind_choices):

    class _LdapSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        pre_validators = [LdapLibValidator]

        ldap_active = StringBoolean(if_missing=False)

        ldap_host = UnicodeString(strip=True,)

        ldap_port = Number(strip=True,)

        ldap_tls_kind = OneOf(tls_kind_choices)

# -*- coding: utf-8 -*-

"""

    rhodecode.model.repo

    ~~~~~~~~~~~~~~~~~~~~

    Repository model for rhodecode

    :created_on: Jun 5, 2010

    :author: marcink

    :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import os

import shutil

import logging

import traceback

from datetime import datetime

from sqlalchemy.orm import joinedload, make_transient

from vcs.utils.lazy import LazyProperty

from vcs.backends import get_backend

from rhodecode.model import BaseModel

from rhodecode.model.caching_query import FromCache

from rhodecode.model.db import Repository, RepoToPerm, User, Permission, \

from rhodecode.model.user import UserModel

log = logging.getLogger(__name__)

class RepoModel(BaseModel):

    @LazyProperty

    def repos_path(self):

        """Get's the repositories root path from database

        """

        q = self.sa.query(RhodeCodeUi).filter(RhodeCodeUi.ui_key == '/').one()

        return q.ui_value

    def get(self, repo_id, cache=False):

        repo = self.sa.query(Repository)\

            .filter(Repository.repo_id == repo_id)

        if cache:

            repo = repo.options(FromCache("sql_cache_short",

                                          "get_repo_%s" % repo_id))

        return repo.scalar()

    def get_by_repo_name(self, repo_name, cache=False):

        repo = self.sa.query(Repository)\

            .filter(Repository.repo_name == repo_name)

        if cache:

            repo = repo.options(FromCache("sql_cache_short",

                                          "get_repo_%s" % repo_name))

        return repo.scalar()

    def get_full(self, repo_name, cache=False, invalidate=False):

        repo = self.sa.query(Repository)\

            .options(joinedload(Repository.fork))\

            .options(joinedload(Repository.user))\

            .filter(Repository.repo_name == repo_name)\

        if cache:

            repo = repo.options(FromCache("sql_cache_long",

                                          "get_repo_full_%s" % repo_name))

        if invalidate and cache:

            repo.invalidate()

        ret = repo.scalar()

        #make transient for sake of errors

                    r2p = self.sa.query(RepoToPerm)\

                            .filter(RepoToPerm.user == user_model.

                                    get_by_username(member))\

                            .filter(RepoToPerm.repository == cur_repo)\

                            .one()

                    r2p.permission = self.sa.query(Permission)\

                                        .filter(Permission.permission_name ==

                                                perm).scalar()

                    self.sa.add(r2p)

                else:

                    g2p = self.sa.query(UsersGroupRepoToPerm)\

                            .filter(UsersGroupRepoToPerm.users_group ==

                                    UsersGroup.get_by_group_name(member))\

                            .filter(UsersGroupRepoToPerm.repository ==

                                    cur_repo).one()

                    g2p.permission = self.sa.query(Permission)\

                                        .filter(Permission.permission_name ==

                                                perm).scalar()

                    self.sa.add(g2p)

            #set new permissions

            for member, perm, member_type in form_data['perms_new']:

                if member_type == 'user':

                    r2p = RepoToPerm()

                    r2p.repository = cur_repo

                    r2p.user = user_model.get_by_username(member)

                    r2p.permission = self.sa.query(Permission)\

                                        .filter(Permission.

                                                permission_name == perm)\

                                                .scalar()

                    self.sa.add(r2p)

                else:

                    g2p = UsersGroupRepoToPerm()

                    g2p.repository = cur_repo

                    g2p.users_group = UsersGroup.get_by_group_name(member)

                    g2p.permission = self.sa.query(Permission)\

                                        .filter(Permission.

                                                permission_name == perm)\

                                                .scalar()

                    self.sa.add(g2p)

            #update current repo

            for k, v in form_data.items():

                if k == 'user':

                else:

                    setattr(cur_repo, k, v)

            self.sa.add(cur_repo)

            self.sa.commit()

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def create(self, form_data, cur_user, just_db=False, fork=False):

        try:

            if fork:

                #force str since hg doesn't go with unicode

                repo_name = str(form_data['fork_name'])

                org_name = str(form_data['repo_name'])

            else:

                org_name = repo_name = str(form_data['repo_name'])

            new_repo = Repository()

            new_repo.enable_statistics = False

            for k, v in form_data.items():

                if k == 'repo_name':

                    v = repo_name

                setattr(new_repo, k, v)

            if fork:

                parent_repo = self.sa.query(Repository)\

                        .filter(Repository.repo_name == org_name).scalar()

                new_repo.fork = parent_repo

            new_repo.user_id = cur_user.user_id

            self.sa.add(new_repo)

            #create default permission

            repo_to_perm = RepoToPerm()

            default = 'repository.read'

            for p in UserModel(self.sa).get_by_username('default',

                                                    cache=False).user_perms:

                if p.permission.permission_name.startswith('repository.'):

                    default = p.permission.permission_name

                    break

            default_perm = 'repository.none' if form_data['private'] else default

            repo_to_perm.permission_id = self.sa.query(Permission)\

                    .filter(Permission.permission_name == default_perm)\

                    .one().permission_id

            repo_to_perm.repository = new_repo

            repo_to_perm.user_id = UserModel(self.sa)\