# -*- coding: utf-8 -*-

"""

    rhodecode.controllers.admin.users

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Users crud controller for pylons

    :created_on: Apr 4, 2010

    :author: marcink

    :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

import traceback

import formencode

from pylons import response

from formencode import htmlfill

from pylons import request, session, tmpl_context as c, url, config

from pylons.controllers.util import redirect

from pylons.i18n.translation import _

import rhodecode

from rhodecode.lib.exceptions import DefaultUserException, \

    UserOwnsReposException

from rhodecode.lib import helpers as h

from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \

    AuthUser

from rhodecode.lib.base import BaseController, render

from rhodecode.model.db import User, UserEmailMap

from rhodecode.model.forms import UserForm

from rhodecode.model.user import UserModel

from rhodecode.model.meta import Session

from rhodecode.lib.utils import action_logger

from rhodecode.lib.compat import json

from rhodecode.lib.utils2 import datetime_to_time, str2bool

log = logging.getLogger(__name__)

class UsersController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    # To properly map this controller, ensure your config/routing.py

    # file has a resource setup:

    #     map.resource('user', 'users')

    @LoginRequired()

    @HasPermissionAllDecorator('hg.admin')

    def __before__(self):

        c.admin_user = session.get('admin_user')

        c.admin_username = session.get('admin_username')

        super(UsersController, self).__before__()

        c.available_permissions = config['available_permissions']

    def index(self, format='html'):

        """GET /users: All items in the collection"""

        # url('users')

        c.users_list = User.query().order_by(User.username).all()

        users_data = []

        total_records = len(c.users_list)

        _tmpl_lookup = rhodecode.CONFIG['pylons.app_globals'].mako_lookup

        template = _tmpl_lookup.get_template('data_table/_dt_elements.html')

        grav_tmpl = lambda user_email, size: (

                template.get_def("user_gravatar")

                .render(user_email, size, _=_, h=h, c=c))

        user_lnk = lambda user_id, username: (

                template.get_def("user_name")

                .render(user_id, username, _=_, h=h, c=c))

        user_actions = lambda user_id, username: (

                template.get_def("user_actions")

                .render(user_id, username, _=_, h=h, c=c))

        for user in c.users_list:

            users_data.append({

                "gravatar": grav_tmpl(user. email, 24),

                "raw_username": user.username,

                "username": user_lnk(user.user_id, user.username),

                "firstname": user.name,

                "lastname": user.lastname,

                "last_login": h.fmt_date(user.last_login),

                "last_login_raw": datetime_to_time(user.last_login),

                "active": h.bool2icon(user.active),

                "admin": h.bool2icon(user.admin),

                "ldap": h.bool2icon(bool(user.ldap_dn)),

                "action": user_actions(user.user_id, user.username),

            })

        c.data = json.dumps({

            "totalRecords": total_records,

            "startIndex": 0,

            "sort": None,

            "dir": "asc",

            "records": users_data

        })

        return render('admin/users/users.html')

    def create(self):

        """POST /users: Create a new item"""

        # url('users')

        user_model = UserModel()

        user_form = UserForm()()

        try:

            form_result = user_form.to_python(dict(request.POST))

            user_model.create(form_result)

            usr = form_result['username']

            action_logger(self.rhodecode_user, 'admin_created_user:%s' % usr,

                          None, self.ip_addr, self.sa)

            h.flash(_('created user %s') % usr,

                    category='success')

            Session().commit()

        except formencode.Invalid, errors:

            return htmlfill.render(

                render('admin/users/user_add.html'),

                defaults=errors.value,

                errors=errors.error_dict or {},

                prefix_error=False,

                encoding="UTF-8")

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('error occurred during creation of user %s') \

                    % request.POST.get('username'), category='error')

        return redirect(url('users'))

    def new(self, format='html'):

        """GET /users/new: Form to create a new item"""

        # url('new_user')

        return render('admin/users/user_add.html')

    def update(self, id):

        """PUT /users/id: Update an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="PUT" />

        # Or using helpers:

        #    h.form(url('update_user', id=ID),

        #           method='put')

        # url('user', id=ID)

        user_model = UserModel()

        c.user = user_model.get(id)

        c.perm_user = AuthUser(user_id=id)

        _form = UserForm(edit=True, old_data={'user_id': id,

                                              'email': c.user.email})()

        form_result = {}

        try:

            form_result = _form.to_python(dict(request.POST))

            usr = form_result['username']

            action_logger(self.rhodecode_user, 'admin_updated_user:%s' % usr,

                          None, self.ip_addr, self.sa)

            h.flash(_('User updated successfully'), category='success')

            Session().commit()

        except formencode.Invalid, errors:

            c.user_email_map = UserEmailMap.query()\

                            .filter(UserEmailMap.user == c.user).all()

            defaults = errors.value

            e = errors.error_dict or {}

            defaults.update({

                'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'),

                'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),

                '_method': 'put'

            })

            return htmlfill.render(

                render('admin/users/user_edit.html'),

                defaults=defaults,

                errors=e,

                prefix_error=False,

                encoding="UTF-8")

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('error occurred during update of user %s') \

                    % form_result.get('username'), category='error')

        return redirect(url('edit_user', id=id))

    def delete(self, id):

        """DELETE /users/id: Delete an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="DELETE" />

        # Or using helpers:

        #    h.form(url('delete_user', id=ID),

        #           method='delete')

        # url('user', id=ID)

        usr = User.get_or_404(id)

        try:

            UserModel().delete(usr)

            Session().commit()

            h.flash(_('successfully deleted user'), category='success')

        except (UserOwnsReposException, DefaultUserException), e:

            h.flash(e, category='warning')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during deletion of user'),

                    category='error')

        return redirect(url('users'))

    def show(self, id, format='html'):

        """GET /users/id: Show a specific item"""

        # url('user', id=ID)

    def edit(self, id, format='html'):

        """GET /users/id/edit: Form to edit an existing item"""

        # url('edit_user', id=ID)

        c.user = User.get_or_404(id)

        if c.user.username == 'default':

            h.flash(_("You can't edit this user"), category='warning')

            return redirect(url('users'))

        c.perm_user = AuthUser(user_id=id)

        c.user.permissions = {}

        c.granted_permissions = UserModel().fill_perms(c.user)\

            .permissions['global']

        c.user_email_map = UserEmailMap.query()\

                        .filter(UserEmailMap.user == c.user).all()

        user_model = UserModel()

        defaults = c.user.get_dict()

        defaults.update({

            'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'),

            'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),

        })

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False

        )

    def update_perm(self, id):

        """PUT /users_perm/id: Update an existing item"""

        # url('user_perm', id=ID, method='put')

        usr = User.get_or_404(id)

        grant_create_perm = str2bool(request.POST.get('create_repo_perm'))

        grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))

        inherit_perms = str2bool(request.POST.get('inherit_default_permissions'))

        user_model = UserModel()

        try:

            usr.inherit_default_permissions = inherit_perms

            Session().add(usr)

            if grant_create_perm:

                user_model.revoke_perm(usr, 'hg.create.none')

                user_model.grant_perm(usr, 'hg.create.repository')

                h.flash(_("Granted 'repository create' permission to user"),

                        category='success')

            else:

                user_model.revoke_perm(usr, 'hg.create.repository')

                user_model.grant_perm(usr, 'hg.create.none')

                h.flash(_("Revoked 'repository create' permission to user"),

                        category='success')

            if grant_fork_perm:

                user_model.revoke_perm(usr, 'hg.fork.none')

                user_model.grant_perm(usr, 'hg.fork.repository')

                h.flash(_("Granted 'repository fork' permission to user"),

                        category='success')

            else:

                user_model.revoke_perm(usr, 'hg.fork.repository')

                user_model.grant_perm(usr, 'hg.fork.none')

                h.flash(_("Revoked 'repository fork' permission to user"),

                        category='success')

            Session().commit()

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during permissions saving'),

                    category='error')

        return redirect(url('edit_user', id=id))

    def add_email(self, id):

        """POST /user_emails:Add an existing item"""

        # url('user_emails', id=ID, method='put')

        #TODO: validation and form !!!

        email = request.POST.get('new_email')

        user_model = UserModel()

        try:

            user_model.add_extra_email(id, email)

            Session().commit()

            h.flash(_("Added email %s to user") % email, category='success')

        except formencode.Invalid, error:

            msg = error.error_dict['email']

            h.flash(msg, category='error')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during email saving'),

                    category='error')

        return redirect(url('edit_user', id=id))

    def delete_email(self, id):

        """DELETE /user_emails_delete/id: Delete an existing item"""

        # url('user_emails_delete', id=ID, method='delete')

        user_model = UserModel()

        user_model.delete_extra_email(id, request.POST.get('del_email'))

        Session().commit()

        h.flash(_("Removed email from user"), category='success')

        return redirect(url('edit_user', id=id))

            user = user.options(FromCache("sql_cache_short",

                                          "get_user_%s" % user_id))

        return user.get(user_id)

    def get_user(self, user):

        return self._get_user(user)

    def get_by_username(self, username, cache=False, case_insensitive=False):

        if case_insensitive:

            user = self.sa.query(User).filter(User.username.ilike(username))

        else:

            user = self.sa.query(User)\

                .filter(User.username == username)

        if cache:

            user = user.options(FromCache("sql_cache_short",

                                          "get_user_%s" % username))

        return user.scalar()

    def get_by_email(self, email, cache=False, case_insensitive=False):

        return User.get_by_email(email, case_insensitive, cache)

    def get_by_api_key(self, api_key, cache=False):

        return User.get_by_api_key(api_key, cache)

    def create(self, form_data):

        from rhodecode.lib.auth import get_crypt_password

        try:

            new_user = User()

            for k, v in form_data.items():

                if k == 'password':

                    v = get_crypt_password(v)

                if k == 'firstname':

                    k = 'name'

                setattr(new_user, k, v)

            new_user.api_key = generate_api_key(form_data['username'])

            self.sa.add(new_user)

            return new_user

        except:

            log.error(traceback.format_exc())

            raise

    def create_or_update(self, username, password, email, firstname='',

                         lastname='', active=True, admin=False, ldap_dn=None):

        """

        Creates a new instance if not found, or updates current one

        :param username:

        :param password:

        :param email:

        :param active:

        :param firstname:

        :param lastname:

        :param active:

        :param admin:

        :param ldap_dn:

        """

        from rhodecode.lib.auth import get_crypt_password

        log.debug('Checking for %s account in RhodeCode database' % username)

        user = User.get_by_username(username, case_insensitive=True)

        if user is None:

            log.debug('creating new user %s' % username)

            new_user = User()

            edit = False

        else:

            log.debug('updating user %s' % username)

            new_user = user

            edit = True

        try:

            new_user.username = username

            new_user.admin = admin

            # set password only if creating an user or password is changed

            if edit is False or user.password != password:

                new_user.password = get_crypt_password(password)

                new_user.api_key = generate_api_key(username)

            new_user.email = email

            new_user.active = active

            new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None

            new_user.name = firstname

            new_user.lastname = lastname

            self.sa.add(new_user)

            return new_user

        except (DatabaseError,):

            log.error(traceback.format_exc())

            raise

    def create_for_container_auth(self, username, attrs):

        """

        Creates the given user if it's not already in the database

        :param username:

        :param attrs:

        """

        if self.get_by_username(username, case_insensitive=True) is None:

            # autogenerate email for container account without one

            generate_email = lambda usr: '%s@container_auth.account' % usr

            try:

                new_user = User()

                new_user.username = username

                new_user.password = None

                new_user.api_key = generate_api_key(username)

                new_user.email = attrs['email']

                new_user.active = attrs.get('active', True)

                new_user.name = attrs['name'] or generate_email(username)

                new_user.lastname = attrs['lastname']

                self.sa.add(new_user)

                return new_user

            except (DatabaseError,):

                log.error(traceback.format_exc())

                self.sa.rollback()

                raise

        log.debug('User %s already exists. Skipping creation of account'

                  ' for container auth.', username)

        return None

    def create_ldap(self, username, password, user_dn, attrs):

        """

        Checks if user is in database, if not creates this user marked

        as ldap user

        :param username:

        :param password:

        :param user_dn:

        :param attrs:

        """

        from rhodecode.lib.auth import get_crypt_password

        log.debug('Checking for such ldap account in RhodeCode database')

        if self.get_by_username(username, case_insensitive=True) is None:

            # autogenerate email for ldap account without one

            generate_email = lambda usr: '%s@ldap.account' % usr

            try:

                new_user = User()

                username = username.lower()

                # add ldap account always lowercase

                new_user.username = username

                new_user.password = get_crypt_password(password)

                new_user.api_key = generate_api_key(username)

                new_user.email = attrs['email'] or generate_email(username)

                new_user.active = attrs.get('active', True)

                new_user.ldap_dn = safe_unicode(user_dn)

                new_user.name = attrs['name']

                new_user.lastname = attrs['lastname']

                self.sa.add(new_user)

                return new_user

            except (DatabaseError,):

                log.error(traceback.format_exc())

                self.sa.rollback()

                raise

        log.debug('this %s user exists skipping creation of ldap account',

                  username)

        return None

    def create_registration(self, form_data):

        from rhodecode.model.notification import NotificationModel

        try:

            form_data['admin'] = False

            new_user = self.create(form_data)

            self.sa.add(new_user)

            self.sa.flush()

            # notification to admins

            subject = _('new user registration')

            body = ('New user registration\n'

                    '---------------------\n'

                    '- Username: %s\n'

                    '- Full Name: %s\n'

                    '- Email: %s\n')

            body = body % (new_user.username, new_user.full_name,

                           new_user.email)

            edit_url = url('edit_user', id=new_user.user_id, qualified=True)

            kw = {'registered_user_url': edit_url}

            NotificationModel().create(created_by=new_user, subject=subject,

                                       body=body, recipients=None,

                                       type_=Notification.TYPE_REGISTRATION,

                                       email_kwargs=kw)

        except:

            log.error(traceback.format_exc())

            raise

        from rhodecode.lib.auth import get_crypt_password

        try:

            user = self.get(user_id, cache=False)

            if user.username == 'default':

                raise DefaultUserException(

                                _("You can't Edit this user since it's"

                                  " crucial for entire application"))

            for k, v in form_data.items():

                if k == 'new_password' and v:

                    user.password = get_crypt_password(v)

                    user.api_key = generate_api_key(user.username)

                else:

                    if k == 'firstname':

                        k = 'name'

                    setattr(user, k, v)

            self.sa.add(user)

        except:

            log.error(traceback.format_exc())

            raise

    def update_user(self, user, **kwargs):

        from rhodecode.lib.auth import get_crypt_password

        try:

            user = self._get_user(user)

            if user.username == 'default':

                raise DefaultUserException(

                    _("You can't Edit this user since it's"

                      " crucial for entire application")

                )

            for k, v in kwargs.items():

                if k == 'password' and v:

                    v = get_crypt_password(v)

                    user.api_key = generate_api_key(user.username)

                setattr(user, k, v)

            self.sa.add(user)

            return user

        except:

            log.error(traceback.format_exc())

            raise

    def update_my_account(self, user_id, form_data):

        from rhodecode.lib.auth import get_crypt_password

        try:

            user = self.get(user_id, cache=False)

            if user.username == 'default':

                raise DefaultUserException(

                    _("You can't Edit this user since it's"

                      " crucial for entire application")

                )

            for k, v in form_data.items():

                if k == 'new_password' and v:

                    user.password = get_crypt_password(v)

                    user.api_key = generate_api_key(user.username)

                else:

                    if k == 'firstname':

                        k = 'name'

                    if k not in ['admin', 'active']:

                        setattr(user, k, v)

            self.sa.add(user)

        except:

            log.error(traceback.format_exc())

            raise

    def delete(self, user):

        user = self._get_user(user)

        try:

            if user.username == 'default':

                raise DefaultUserException(

                    _(u"You can't remove this user since it's"

                      " crucial for entire application")

                )

            if user.repositories:

                repos = [x.repo_name for x in user.repositories]

                raise UserOwnsReposException(

                    _(u'user "%s" still owns %s repositories and cannot be '

                      'removed. Switch owners or remove those repositories. %s')

                    % (user.username, len(repos), ', '.join(repos))

                )

            self.sa.delete(user)

        except:

            log.error(traceback.format_exc())

            raise

    def reset_password_link(self, data):

        from rhodecode.lib.celerylib import tasks, run_task

        run_task(tasks.send_password_link, data['email'])

    def reset_password(self, data):

        from rhodecode.lib.celerylib import tasks, run_task

        run_task(tasks.reset_user_password, data['email'])

    def fill_data(self, auth_user, user_id=None, api_key=None):

        """

        Fetches auth_user by user_id,or api_key if present.

        Fills auth_user attributes with those taken from database.

        Additionally set's is_authenitated if lookup fails

        present in database

        :param auth_user: instance of user to set attributes

        :param user_id: user id to fetch by

        :param api_key: api key to fetch by

        """

        if user_id is None and api_key is None:

            raise Exception('You need to pass user_id or api_key')

        try:

            if api_key:

                dbuser = self.get_by_api_key(api_key)

            else:

                dbuser = self.get(user_id)

            if dbuser is not None and dbuser.active:

                log.debug('filling %s data' % dbuser)

                for k, v in dbuser.get_dict().items():

                    setattr(auth_user, k, v)

            else:

                return False

        except:

            log.error(traceback.format_exc())

            auth_user.is_authenticated = False

            return False

        return True

    def fill_perms(self, user):

        """

        Fills user permission attribute with permissions taken from database

        works for permissions given for repositories, and for permissions that

        are granted to groups

        :param user: user instance to fill his perms

        """

        RK = 'repositories'

        GK = 'repositories_groups'

        GLOBAL = 'global'

        user.permissions[RK] = {}

        user.permissions[GK] = {}

        user.permissions[GLOBAL] = set()

        #======================================================================

        # fetch default permissions

        #======================================================================

        default_user = User.get_by_username('default', cache=True)

        default_user_id = default_user.user_id

        default_repo_perms = Permission.get_default_perms(default_user_id)

        default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)

        if user.is_admin:

            #==================================================================

            # admin user have all default rights for repositories

            # and groups set to admin

            #==================================================================

            user.permissions[GLOBAL].add('hg.admin')

            # repositories

            for perm in default_repo_perms:

                r_k = perm.UserRepoToPerm.repository.repo_name

                p = 'repository.admin'

                user.permissions[RK][r_k] = p

            # repositories groups

            for perm in default_repo_groups_perms:

                rg_k = perm.UserRepoGroupToPerm.group.group_name

                p = 'group.admin'

                user.permissions[GK][rg_k] = p

            return user

        #==================================================================

        # SET DEFAULTS GLOBAL, REPOS, REPOS GROUPS

        #==================================================================

        uid = user.user_id

        # default global permissions taken fron the default user

        default_global_perms = self.sa.query(UserToPerm)\

            .filter(UserToPerm.user_id == default_user_id)

        for perm in default_global_perms:

            user.permissions[GLOBAL].add(perm.permission.permission_name)

        # defaults for repositories, taken from default user

        for perm in default_repo_perms:

            r_k = perm.UserRepoToPerm.repository.repo_name

            if perm.Repository.private and not (perm.Repository.user_id == uid):

                # disable defaults for private repos,

                p = 'repository.none'

            elif perm.Repository.user_id == uid:

                # set admin if owner

                p = 'repository.admin'

            else:

                p = perm.Permission.permission_name

            user.permissions[RK][r_k] = p

        # defaults for repositories groups taken from default user permission

## -*- coding: utf-8 -*-

<%inherit file="/base/base.html"/>

<%def name="title()">

    ${_('Edit user')} ${c.user.username} - ${c.rhodecode_name}

</%def>

<%def name="breadcrumbs_links()">

    ${h.link_to(_('Admin'),h.url('admin_home'))}

    »

    ${h.link_to(_('Users'),h.url('users'))}

    »

    ${_('edit')} "${c.user.username}"

</%def>

<%def name="page_nav()">

	${self.menu('admin')}

</%def>

<%def name="main()">

<div class="box box-left">

    <!-- box / title -->

    <div class="title">

        ${self.breadcrumbs()}

    </div>

    <!-- end box / title -->

    ${h.form(url('update_user', id=c.user.user_id),method='put')}

    <div class="form">

        <div class="field">

           <div class="gravatar_box">

               <div class="gravatar"><img alt="gravatar" src="${h.gravatar_url(c.user.email)}"/></div>

                <p>

                %if c.use_gravatar:

                <strong>${_('Change your avatar at')} <a href="http://gravatar.com">gravatar.com</a></strong>

                <br/>${_('Using')} ${c.user.email}

                %else:

                <br/>${c.user.email}

                %endif

           </div>

        </div>

        <div class="field">

            <div class="label">

                <label>${_('API key')}</label> ${c.user.api_key}

            </div>

        </div>

        <div class="fields">

             <div class="field">

                <div class="label">

                    <label for="username">${_('Username')}:</label>

                </div>

                <div class="input">

                    ${h.text('username',class_='medium')}

                </div>

             </div>

             <div class="field">

                <div class="label">

                    <label for="ldap_dn">${_('LDAP DN')}:</label>

                </div>

                <div class="input">

                    ${h.text('ldap_dn',class_='medium disabled',readonly="readonly")}

                </div>

             </div>

             <div class="field">

                <div class="label">

                    <label for="new_password">${_('New password')}:</label>

                </div>

                <div class="input">

                    ${h.password('new_password',class_='medium',autocomplete="off")}

                </div>

             </div>

             <div class="field">

                <div class="label">

                    <label for="password_confirmation">${_('New password confirmation')}:</label>

                </div>

                <div class="input">

                    ${h.password('password_confirmation',class_="medium",autocomplete="off")}

                </div>

             </div>

             <div class="field">

                <div class="label">

                    <label for="firstname">${_('First Name')}:</label>

                </div>

                <div class="input">

                    ${h.text('firstname',class_='medium')}

                </div>

             </div>

             <div class="field">

                <div class="label">

                    <label for="lastname">${_('Last Name')}:</label>

                </div>

                <div class="input">

                    ${h.text('lastname',class_='medium')}

                </div>

             </div>

             <div class="field">

                <div class="label">

                    <label for="email">${_('Email')}:</label>

                </div>

                <div class="input">

                    ${h.text('email',class_='medium')}

                </div>

             </div>

             <div class="field">

                <div class="label label-checkbox">

                    <label for="active">${_('Active')}:</label>

                </div>

                <div class="checkboxes">

                    ${h.checkbox('active',value=True)}

                </div>

             </div>

             <div class="field">

                <div class="label label-checkbox">

                    <label for="admin">${_('Admin')}:</label>

                </div>

                <div class="checkboxes">

                    ${h.checkbox('admin',value=True)}

                </div>

             </div>

            <div class="buttons">

              ${h.submit('save',_('Save'),class_="ui-btn large")}

              ${h.reset('reset',_('Reset'),class_="ui-btn large")}

            </div>

    	</div>

    </div>

    ${h.end_form()}

</div>

<div style="min-height:780px" class="box box-right">

    <!-- box / title -->

    <div class="title">

        <h5>${_('Permissions')}</h5>

    </div>

    ${h.form(url('user_perm', id=c.user.user_id),method='put')}