#EXTRAS USER ROUTES

        m.connect("user_perm", "/users_perm/{id}",

                  action="update_perm", conditions=dict(method=["PUT"]))

    #ADMIN USERS REST ROUTES

    #ADMIN GROUP REST ROUTES

    rmap.resource('group', 'groups',

                  controller='admin/groups', path_prefix='/_admin')

    #ADMIN PERMISSIONS REST ROUTES

from pylons.i18n.translation import _

from rhodecode.lib import helpers as h

from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator

from rhodecode.lib.base import BaseController, render

from rhodecode.model.forms import UserForm, UsersGroupForm

from rhodecode.model.users_group import UsersGroupModel

log = logging.getLogger(__name__)

class UsersGroupsController(BaseController):

            users_group_model.update(id, form_result)

            h.flash(_('updated users group %s') \

                        % form_result['users_group_name'],

                    category='success')

            #action_logger(self.rhodecode_user, 'new_user', '', '', self.sa)

        except formencode.Invalid, errors:

            return htmlfill.render(

                render('admin/users_groups/users_group_edit.html'),

                defaults=errors.value,

                prefix_error=False,

                encoding="UTF-8")

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('error occurred during update of users group %s') \

                    % request.POST.get('users_group_name'), category='error')

        c.users_group.permissions = {}

        c.group_members = [(x.user_id, x.user.username) for x in

                           c.users_group.members]

        c.available_members = [(x.user_id, x.username) for x in

                               self.sa.query(User).all()]

        defaults = c.users_group.get_dict()

        return htmlfill.render(

            render('admin/users_groups/users_group_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False

        )

    # Add table `users_groups_members`

    #==========================================================================

    from rhodecode.model.db import UsersGroupMember

    UsersGroupMember().__table__.create()

    #==========================================================================

    # Add table `users_group_to_perm`

    #==========================================================================

    from rhodecode.model.db import UsersGroupToPerm

    UsersGroupToPerm().__table__.create()

    #==========================================================================

    # Upgrade of `users` table

    #==========================================================================

    from rhodecode.model.db import User

    #add column

import logging

from rhodecode.model import meta

log = logging.getLogger(__name__)

def init_model(engine):

    :param engine: engine to bind to

    """

    log.info("initializing db for %s", engine)

    meta.Base.metadata.bind = engine

class BaseModel(object):

    """Base Model for all RhodeCode models, it adds sql alchemy session

    into instance of model

    :param sa: If passed it reuses this session instead of creating a new one

    """

   a Query.

The rest of what's here are standard SQLAlchemy and

Beaker constructs.

"""

from beaker.exceptions import BeakerException

from sqlalchemy.orm.interfaces import MapperOption

from sqlalchemy.orm.query import Query

from sqlalchemy.sql import visitors

class CachingQuery(Query):

    """A Query subclass which optionally loads full results from a Beaker

    cache region.

    The CachingQuery stores additional state that allows it to consult

           modified to first expunge() each loaded item from the current

           session before returning the list of items, so that the items

           in the cache are not the same ones in the current Session.

        """

        if hasattr(self, '_cache_parameters'):

        else:

            return Query.__iter__(self)

    def invalidate(self):

        """Invalidate the value represented by this Query."""

    def set_value(self, value):

        """Set the value in the cache for this query."""

        cache, cache_key = _get_cache_parameters(self)

        cache.put(cache_key, value)

def query_callable(manager):

    def query(*arg, **kw):

        return CachingQuery(manager, *arg, **kw)

    return query

def get_cache_region(name, region):

    if region not in beaker.cache.cache_regions:

        raise BeakerException('Cache region `%s` not configured '

            'Check if proper cache settings are in the .ini files' % region)

    kw = beaker.cache.cache_regions[region]

    return beaker.cache.Cache._get_cache(name, kw)

def _get_cache_parameters(query):

    """For a query with cache_region and cache_namespace configured,

    return the correspoinding Cache instance and cache key, based

    on this query's current criterion and parameter values.

    """

    if not hasattr(query, '_cache_parameters'):

    region, namespace, cache_key = query._cache_parameters

    namespace = _namespace_from_query(namespace, query)

    if cache_key is None:

    # optional - hash the cache_key too for consistent length

    # import uuid

    # cache_key= str(uuid.uuid5(uuid.NAMESPACE_DNS, cache_key))

    return cache, cache_key

def _namespace_from_query(namespace, query):

    # cache namespace - the token handed in by the

    # option + class we're querying against

    namespace = " ".join([namespace] + [str(x) for x in query._entities])

    # memcached wants this

    namespace = namespace.replace(' ', '_')

    return namespace

def _set_cache_parameters(query, region, namespace, cache_key):

    if hasattr(query, '_cache_parameters'):

        region, namespace, cache_key = query._cache_parameters

        raise ValueError("This query is already configured "

                        "for region %r namespace %r" %

                        (region, namespace)

                    )

    query._cache_parameters = region, namespace, cache_key

class FromCache(MapperOption):

    """Specifies that a Query should load results from a cache."""

    propagate_to_loaders = False

    def __init__(self, region, namespace, cache_key=None):

        self.namespace = namespace

        self.cache_key = cache_key

    def process_query(self, query):

        """Process a Query during normal loading operation."""

class RelationshipCache(MapperOption):

    """Specifies that a Query as called within a "lazy load"

       should load results from a cache."""

    propagate_to_loaders = True

        lazy loader should be pulled from the cache.

        """

        self.region = region

        self.namespace = namespace

        self._relationship_options = {

        }

    def process_query_conditionally(self, query):

        """Process a Query that is used within a lazy loader.

        (the process_query_conditionally() method is a SQLAlchemy

        """

        if query._current_path:

            mapper, key = query._current_path[-2:]

            for cls in mapper.class_.__mro__:

                if (cls, key) in self._relationship_options:

                    _set_cache_parameters(

                            query,

                            relationship_option.region,

                            relationship_option.namespace,

                            None)

    E.g. params_from_query(query.filter(Cls.foo==5).filter(Cls.bar==7)))

    would return [5, 7].

    """

    v = []

    def visit_bindparam(bind):

        value = query._params.get(bind.key, bind.value)

        # lazyloader may dig a callable in here, intended

        # to late-evaluate params after autoflush is called.

        # convert to a scalar value.

        if callable(value):

            value = value()

        v.append(value)

    if query._criterion is not None:

    return v

    users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    users_group_name = Column("users_group_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)

    users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)

    members = relationship('UsersGroupMember', cascade="all, delete, delete-orphan", lazy="joined")

class UsersGroupMember(Base):

    __tablename__ = 'users_groups_members'

    __table_args__ = {'useexisting':True}

    users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)

    user = relationship('User')

    fork = relationship('Repository', remote_side=repo_id)

    group = relationship('Group')

    repo_to_perm = relationship('RepoToPerm', cascade='all', order_by='RepoToPerm.repo_to_perm_id')

    stats = relationship('Statistics', cascade='all', uselist=False)

    followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id', cascade='all')

    logs = relationship('UserLog', cascade='all')

            Session.query(cls).filter(cls.user_id == user_id)\

                .filter(cls.permission == perm).delete()

            Session.commit()

        except:

            Session.rollback()

    __table_args__ = (UniqueConstraint('users_group_id', 'permission_id'), {'useexisting':True})

    users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)

    permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)

    repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)

    users_group = relationship('UsersGroup')

    permission = relationship('Permission')

    repository = relationship('Repository')

class GroupToPerm(Base):

    __tablename__ = 'group_to_perm'

    __table_args__ = (UniqueConstraint('group_id', 'permission_id'), {'useexisting':True})

    group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)

from rhodecode.lib.utils import repo_name_slug

from rhodecode.lib.auth import authenticate, get_crypt_password

from rhodecode.lib.exceptions import LdapImportError

from rhodecode.model import meta

from rhodecode.model.user import UserModel

from rhodecode.model.repo import RepoModel

from rhodecode.model.db import User, UsersGroup

from rhodecode import BACKENDS

log = logging.getLogger(__name__)

#this is needed to translate the messages using _() in validators

class State_obj(object):

    _ = staticmethod(_)

# VALIDATORS

class ValidAuthToken(formencode.validators.FancyValidator):

    messages = {'invalid_token':_('Token mismatch')}

    def validate_python(self, value, state):

        if value != authentication_token():

            if edit:

                old_un = UserModel().get(old_data.get('user_id')).username

            if old_un != value or not edit:

                if UserModel().get_by_username(value, cache=False,

                                               case_insensitive=True):

            if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:

                raise formencode.Invalid(_('Username may only contain '

    return _ValidUsername

def ValidUsersGroup(edit, old_data):

    class _ValidUsersGroup(formencode.validators.FancyValidator):

        def validate_python(self, value, state):

            if value in ['default']:

                raise formencode.Invalid(_('Invalid group name'), value, state)

            #check if group is unique

            old_ugname = None

            if edit:

            if old_ugname != value or not edit:

                                               case_insensitive=True):

            if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:

                raise formencode.Invalid(_('Group name may only contain '

    return _ValidUsersGroup

class ValidPassword(formencode.validators.FancyValidator):

Session = scoped_session(

                sessionmaker(

                    query_cls=caching_query.query_callable(cache_manager)

                )

          )

class BaseModel(object):

    """Base Model for all classess

    """

    @classmethod

            perm = perm.options(FromCache("sql_cache_short",

                                          "get_permission_%s" % name))

        return perm.scalar()

    def update(self, form_result):

        perm_user = self.sa.query(User)\

        if len(u2p) != 3:

            raise Exception('Defined: %s should be 3  permissions for default'

                            ' user. This should not happen please verify'

                            ' your database' % len(u2p))

        try:

            #stage 3 set anonymous access

            if perm_user.username == 'default':

                perm_user.active = bool(form_result['anonymous'])

                self.sa.add(perm_user)

            self.sa.commit()

        except (DatabaseError,):

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

from vcs.utils.lazy import LazyProperty

from vcs.backends import get_backend

from rhodecode.model import BaseModel

from rhodecode.model.caching_query import FromCache

from rhodecode.model.db import Repository, RepoToPerm, User, Permission, \

from rhodecode.model.user import UserModel

log = logging.getLogger(__name__)

class RepoModel(BaseModel):

    @LazyProperty

    def repos_path(self):

        """Get's the repositories root path from database

        """

        if cache:

            repo = repo.options(FromCache("sql_cache_short",

                                          "get_repo_%s" % repo_id))

        return repo.scalar()

    def get_by_repo_name(self, repo_name, cache=False):

        repo = self.sa.query(Repository)\

            .filter(Repository.repo_name == repo_name)

        if cache:

            repo = repo.options(FromCache("sql_cache_short",

                                          "get_repo_%s" % repo_name))

        return repo.scalar()

    def get_full(self, repo_name, cache=False, invalidate=False):

        repo = self.sa.query(Repository)\

            .options(joinedload(Repository.fork))\

            .options(joinedload(Repository.user))\

            .filter(Repository.repo_name == repo_name)\

        for k in ['fork', 'user']:

            attr = getattr(ret, k, False)

            if attr:

                make_transient(attr)

        return ret

    def get_users_js(self):

        users = self.sa.query(User).filter(User.active == True).all()

        u_tmpl = '''{id:%s, fname:"%s", lname:"%s", nname:"%s"},'''

        users_array = '[%s]' % '\n'.join([u_tmpl % (u.user_id, u.name,

                                                    u.lastname, u.username)

                                        for u in users])

        return users_array

    def get_users_groups_js(self):

        users_groups = self.sa.query(UsersGroup)\

            .filter(UsersGroup.users_group_active == True).all()

        g_tmpl = '''{id:%s, grname:"%s",grmembers:"%s"},'''

        return users_groups_array

    def update(self, repo_name, form_data):

        try:

            cur_repo = self.get_by_repo_name(repo_name, cache=False)

            user_model = UserModel(self.sa)

            #update permissions

            for member, perm, member_type in form_data['perms_updates']:

                if member_type == 'user':

                    r2p = self.sa.query(RepoToPerm)\

                            .filter(RepoToPerm.repository == cur_repo)\

                            .one()

                    r2p.permission = self.sa.query(Permission)\

                    self.sa.add(r2p)

                else:

                    g2p.permission = self.sa.query(Permission)\

                    self.sa.add(g2p)

            #set new permissions

            for member, perm, member_type in form_data['perms_new']:

                if member_type == 'user':

                    r2p = RepoToPerm()

                    r2p.repository = cur_repo

                    r2p.user = user_model.get_by_username(member)

                    r2p.permission = self.sa.query(Permission)\

                    self.sa.add(r2p)

                else:

                    g2p.repository = cur_repo

                    g2p.permission = self.sa.query(Permission)\

                    self.sa.add(g2p)

            #update current repo

            for k, v in form_data.items():

                if k == 'user':

                    cur_repo.user = user_model.get(v)

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def delete_perm_users_group(self, form_data, repo_name):

        try:

                        == self.get_by_repo_name(repo_name))\

                        == form_data['users_group_id']).delete()

            self.sa.commit()

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

            self.sa.commit()

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def __create_repo(self, repo_name, alias, clone_uri=False):

        """

        makes repository on filesystem

        :param repo_name:

        :param alias:

from pylons.i18n.translation import _

from rhodecode.model import BaseModel

from rhodecode.model.caching_query import FromCache

from rhodecode.model.db import UsersGroup, UsersGroupMember

log = logging.getLogger(__name__)

class UsersGroupModel(BaseModel):

    def get(self, users_group_id, cache=False):

        users_group = self.sa.query(UsersGroup)

        if cache:

            users_group = users_group.options(FromCache("sql_cache_short",

        return users_group.get(users_group_id)