Changeset - b2b93614a7cd
Parent rev.
Child rev.
[Not reviewed]
beta
0 3 0
Marcin Kuzminski - 13 years ago 2012-11-23 21:57:40
marcin@python-works.com
Implemented #658 Changing username in LDAP-Mode should not be allowed.
Those username are autocreated, changing them will end up with new account creation after user logs
in again
3 files changed with 15 insertions and 3 deletions:
rhodecode/controllers/admin/users.py
7
1
rhodecode/model/user.py
3
1
rhodecode/templates/admin/users/user_edit.html
5
1
0 comments (0 inline, 0 general)
rhodecode/controllers/admin/users.py
Show inline comments
 
# -*- coding: utf-8 -*-
 
"""
 
    rhodecode.controllers.admin.users
 
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

			




	
	
	
		
 
    Users crud controller for pylons

			




	
	
	
		
 

			




	
	
	
		
 
    :created_on: Apr 4, 2010

			




	
	
	
		
 
    :author: marcink

			




	
	
	
		
 
    :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>

			




	
	
	
		
 
    :license: GPLv3, see COPYING for more details.

			




	
	
	
		
 
"""

			




	
	
	
		
 
# This program is free software: you can redistribute it and/or modify

			




	
	
	
		
 
# it under the terms of the GNU General Public License as published by

			




	
	
	
		
 
# the Free Software Foundation, either version 3 of the License, or

			




	
	
	
		
 
# (at your option) any later version.

			




	
	
	
		
 
#

			




	
	
	
		
 
# This program is distributed in the hope that it will be useful,

			




	
	
	
		
 
# but WITHOUT ANY WARRANTY; without even the implied warranty of

			




	
	
	
		
 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

			




	
	
	
		
 
# GNU General Public License for more details.

			




	
	
	
		
 
#

			




	
	
	
		
 
# You should have received a copy of the GNU General Public License

			




	
	
	
		
 
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

			




	
	
	
		
 

			




	
	
	
		
 
import logging

			




	
	
	
		
 
import traceback

			




	
	
	
		
 
import formencode

			




	
	
	
		
 
from pylons import response

			




	
	
	
		
 

			




	
	
	
		
 
from formencode import htmlfill

			




	
	
	
		
 
from pylons import request, session, tmpl_context as c, url, config

			




	
	
	
		
 
from pylons.controllers.util import redirect

			




	
	
	
		
 
from pylons.i18n.translation import _

			




	
	
	
		
 

			




	
	
	
		
 
import rhodecode

			




	
	
	
		
 
from rhodecode.lib.exceptions import DefaultUserException, \

			




	
	
	
		
 
    UserOwnsReposException

			




	
	
	
		
 
from rhodecode.lib import helpers as h

			




	
	
	
		
 
from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \

			




	
	
	
		
 
    AuthUser

			




	
	
	
		
 
from rhodecode.lib.base import BaseController, render

			




	
	
	
		
 

			




	
	
	
		
 
from rhodecode.model.db import User, UserEmailMap

			




	
	
	
		
 
from rhodecode.model.forms import UserForm

			




	
	
	
		
 
from rhodecode.model.user import UserModel

			




	
	
	
		
 
from rhodecode.model.meta import Session

			




	
	
	
		
 
from rhodecode.lib.utils import action_logger

			




	
	
	
		
 
from rhodecode.lib.compat import json

			




	
	
	
		
 
from rhodecode.lib.utils2 import datetime_to_time, str2bool

			




	
	
	
		
 

			




	
	
	
		
 
log = logging.getLogger(__name__)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class UsersController(BaseController):

			




	
	
	
		
 
    """REST Controller styled on the Atom Publishing Protocol"""

			




	
	
	
		
 
    # To properly map this controller, ensure your config/routing.py

			




	
	
	
		
 
    # file has a resource setup:

			




	
	
	
		
 
    #     map.resource('user', 'users')

			




	
	
	
		
 

			




	
	
	
		
 
    @LoginRequired()

			




	
	
	
		
 
    @HasPermissionAllDecorator('hg.admin')

			




	
	
	
		
 
    def __before__(self):

			




	
	
	
		
 
        c.admin_user = session.get('admin_user')

			




	
	
	
		
 
        c.admin_username = session.get('admin_username')

			




	
	
	
		
 
        super(UsersController, self).__before__()

			




	
	
	
		
 
        c.available_permissions = config['available_permissions']

			




	
	
	
		
 

			




	
	
	
		
 
    def index(self, format='html'):

			




	
	
	
		
 
        """GET /users: All items in the collection"""

			




	
	
	
		
 
        # url('users')

			




	
	
	
		
 

			




	
	
	
		
 
        c.users_list = User.query().order_by(User.username).all()

			




	
	
	
		
 

			




	
	
	
		
 
        users_data = []

			




	
	
	
		
 
        total_records = len(c.users_list)

			




	
	
	
		
 
        _tmpl_lookup = rhodecode.CONFIG['pylons.app_globals'].mako_lookup

			




	
	
	
		
 
        template = _tmpl_lookup.get_template('data_table/_dt_elements.html')

			




	
	
	
		
 

			




	
	
	
		
 
        grav_tmpl = lambda user_email, size: (

			




	
	
	
		
 
                template.get_def("user_gravatar")

			




	
	
	
		
 
                .render(user_email, size, _=_, h=h, c=c))

			




	
	
	
		
 

			




	
	
	
		
 
        user_lnk = lambda user_id, username: (

			




	
	
	
		
 
                template.get_def("user_name")

			




	
	
	
		
 
                .render(user_id, username, _=_, h=h, c=c))

			




	
	
	
		
 

			




	
	
	
		
 
        user_actions = lambda user_id, username: (

			




	
	
	
		
 
                template.get_def("user_actions")

			




	
	
	
		
 
                .render(user_id, username, _=_, h=h, c=c))

			




	
	
	
		
 

			




	
	
	
		
 
        for user in c.users_list:

			




	
	
	
		
 

			




	
	
	
		
 
            users_data.append({

			




	
	
	
		
 
                "gravatar": grav_tmpl(user. email, 24),

			




	
	
	
		
 
                "raw_username": user.username,

			




	
	
	
		
 
                "username": user_lnk(user.user_id, user.username),

			




	
	
	
		
 
                "firstname": user.name,

			




	
	
	
		
 
                "lastname": user.lastname,

			




	
	
	
		
 
                "last_login": h.fmt_date(user.last_login),

			




	
	
	
		
 
                "last_login_raw": datetime_to_time(user.last_login),

			




	
	
	
		
 
                "active": h.bool2icon(user.active),

			




	
	
	
		
 
                "admin": h.bool2icon(user.admin),

			




	
	
	
		
 
                "ldap": h.bool2icon(bool(user.ldap_dn)),

			




	
	
	
		
 
                "action": user_actions(user.user_id, user.username),

			




	
	
	
		
 
            })

			




	
	
	
		
 

			




	
	
	
		
 
        c.data = json.dumps({

			




	
	
	
		
 
            "totalRecords": total_records,

			




	
	
	
		
 
            "startIndex": 0,

			




	
	
	
		
 
            "sort": None,

			




	
	
	
		
 
            "dir": "asc",

			




	
	
	
		
 
            "records": users_data

			




	
	
	
		
 
        })

			




	
	
	
		
 

			




	
	
	
		
 
        return render('admin/users/users.html')

			




	
	
	
		
 

			




	
	
	
		
 
    def create(self):

			




	
	
	
		
 
        """POST /users: Create a new item"""

			




	
	
	
		
 
        # url('users')

			




	
	
	
		
 

			




	
	
	
		
 
        user_model = UserModel()

			




	
	
	
		
 
        user_form = UserForm()()

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            form_result = user_form.to_python(dict(request.POST))

			




	
	
	
		
 
            user_model.create(form_result)

			




	
	
	
		
 
            usr = form_result['username']

			




	
	
	
		
 
            action_logger(self.rhodecode_user, 'admin_created_user:%s' % usr,

			




	
	
	
		
 
                          None, self.ip_addr, self.sa)

			




	
	
	
		
 
            h.flash(_('created user %s') % usr,

			




	
	
	
		
 
                    category='success')

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 
        except formencode.Invalid, errors:

			




	
	
	
		
 
            return htmlfill.render(

			




	
	
	
		
 
                render('admin/users/user_add.html'),

			




	
	
	
		
 
                defaults=errors.value,

			




	
	
	
		
 
                errors=errors.error_dict or {},

			




	
	
	
		
 
                prefix_error=False,

			




	
	
	
		
 
                encoding="UTF-8")

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            h.flash(_('error occurred during creation of user %s') \

			




	
	
	
		
 
                    % request.POST.get('username'), category='error')

			




	
	
	
		
 
        return redirect(url('users'))

			




	
	
	
		
 

			




	
	
	
		
 
    def new(self, format='html'):

			




	
	
	
		
 
        """GET /users/new: Form to create a new item"""

			




	
	
	
		
 
        # url('new_user')

			




	
	
	
		
 
        return render('admin/users/user_add.html')

			




	
	
	
		
 

			




	
	
	
		
 
    def update(self, id):

			




	
	
	
		
 
        """PUT /users/id: Update an existing item"""

			




	
	
	
		
 
        # Forms posted to this method should contain a hidden field:

			




	
	
	
		
 
        #    <input type="hidden" name="_method" value="PUT" />

			




	
	
	
		
 
        # Or using helpers:

			




	
	
	
		
 
        #    h.form(url('update_user', id=ID),

			




	
	
	
		
 
        #           method='put')

			




	
	
	
		
 
        # url('user', id=ID)

			




	
	
	
		
 
        user_model = UserModel()

			




	
	
	
		
 
        c.user = user_model.get(id)

			




	
	
	
		
 
        c.ldap_dn = c.user.ldap_dn

			




	
	
	
		
 
        c.perm_user = AuthUser(user_id=id)

			




	
	
	
		
 
        _form = UserForm(edit=True, old_data={'user_id': id,

			




	
	
	
		
 
                                              'email': c.user.email})()

			




	
	
	
		
 
        form_result = {}

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            form_result = _form.to_python(dict(request.POST))

			




	
	
	
		
 
            user_model.update(id, form_result)

			




	
	
	
		
 
            skip_attrs = []

			




	
	
	
		
 
            if c.ldap_dn:

			




	
	
	
		
 
                #forbid updating username for ldap accounts

			




	
	
	
		
 
                skip_attrs = ['username']

			




	
	
	
		
 
            user_model.update(id, form_result, skip_attrs=skip_attrs)

			




	
	
	
		
 
            usr = form_result['username']

			




	
	
	
		
 
            action_logger(self.rhodecode_user, 'admin_updated_user:%s' % usr,

			




	
	
	
		
 
                          None, self.ip_addr, self.sa)

			




	
	
	
		
 
            h.flash(_('User updated successfully'), category='success')

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 
        except formencode.Invalid, errors:

			




	
	
	
		
 
            c.user_email_map = UserEmailMap.query()\

			




	
	
	
		
 
                            .filter(UserEmailMap.user == c.user).all()

			




	
	
	
		
 
            defaults = errors.value

			




	
	
	
		
 
            e = errors.error_dict or {}

			




	
	
	
		
 
            defaults.update({

			




	
	
	
		
 
                'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'),

			




	
	
	
		
 
                'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),

			




	
	
	
		
 
                '_method': 'put'

			




	
	
	
		
 
            })

			




	
	
	
		
 
            return htmlfill.render(

			




	
	
	
		
 
                render('admin/users/user_edit.html'),

			




	
	
	
		
 
                defaults=defaults,

			




	
	
	
		
 
                errors=e,

			




	
	
	
		
 
                prefix_error=False,

			




	
	
	
		
 
                encoding="UTF-8")

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            h.flash(_('error occurred during update of user %s') \

			




	
	
	
		
 
                    % form_result.get('username'), category='error')

			




	
	
	
		
 
        return redirect(url('edit_user', id=id))

			




	
	
	
		
 

			




	
	
	
		
 
    def delete(self, id):

			




	
	
	
		
 
        """DELETE /users/id: Delete an existing item"""

			




	
	
	
		
 
        # Forms posted to this method should contain a hidden field:

			




	
	
	
		
 
        #    <input type="hidden" name="_method" value="DELETE" />

			




	
	
	
		
 
        # Or using helpers:

			




	
	
	
		
 
        #    h.form(url('delete_user', id=ID),

			




	
	
	
		
 
        #           method='delete')

			




	
	
	
		
 
        # url('user', id=ID)

			




	
	
	
		
 
        usr = User.get_or_404(id)

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            UserModel().delete(usr)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 
            h.flash(_('successfully deleted user'), category='success')

			




	
	
	
		
 
        except (UserOwnsReposException, DefaultUserException), e:

			




	
	
	
		
 
            h.flash(e, category='warning')

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            h.flash(_('An error occurred during deletion of user'),

			




	
	
	
		
 
                    category='error')

			




	
	
	
		
 
        return redirect(url('users'))

			




	
	
	
		
 

			




	
	
	
		
 
    def show(self, id, format='html'):

			




	
	
	
		
 
        """GET /users/id: Show a specific item"""

			




	
	
	
		
 
        # url('user', id=ID)

			




	
	
	
		
 

			




	
	
	
		
 
    def edit(self, id, format='html'):

			




	
	
	
		
 
        """GET /users/id/edit: Form to edit an existing item"""

			




	
	
	
		
 
        # url('edit_user', id=ID)

			




	
	
	
		
 
        c.user = User.get_or_404(id)

			




	
	
	
		
 

			




	
	
	
		
 
        if c.user.username == 'default':

			




	
	
	
		
 
            h.flash(_("You can't edit this user"), category='warning')

			




	
	
	
		
 
            return redirect(url('users'))

			




	
	
	
		
 

			




	
	
	
		
 
        c.perm_user = AuthUser(user_id=id)

			




	
	
	
		
 
        c.user.permissions = {}

			




	
	
	
		
 
        c.granted_permissions = UserModel().fill_perms(c.user)\

			




	
	
	
		
 
            .permissions['global']

			




	
	
	
		
 
        c.user_email_map = UserEmailMap.query()\

			




	
	
	
		
 
                        .filter(UserEmailMap.user == c.user).all()

			




	
	
	
		
 
        user_model = UserModel()

			




	
	
	
		
 
        c.ldap_dn = c.user.ldap_dn

			




	
	
	
		
 
        defaults = c.user.get_dict()

			




	
	
	
		
 
        defaults.update({

			




	
	
	
		
 
            'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'),

			




	
	
	
		
 
            'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),

			




	
	
	
		
 
        })

			




	
	
	
		
 

			




	
	
	
		
 
        return htmlfill.render(

			




	
	
	
		
 
            render('admin/users/user_edit.html'),

			




	
	
	
		
 
            defaults=defaults,

			




	
	
	
		
 
            encoding="UTF-8",

			




	
	
	
		
 
            force_defaults=False

			




	
	
	
		
 
        )

			




	
	
	
		
 

			




	
	
	
		
 
    def update_perm(self, id):

			




	
	
	
		
 
        """PUT /users_perm/id: Update an existing item"""

			




	
	
	
		
 
        # url('user_perm', id=ID, method='put')

			




	
	
	
		
 
        usr = User.get_or_404(id)

			




	
	
	
		
 
        grant_create_perm = str2bool(request.POST.get('create_repo_perm'))

			




	
	
	
		
 
        grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))

			




	
	
	
		
 
        inherit_perms = str2bool(request.POST.get('inherit_default_permissions'))

			




	
	
	
		
 

			




	
	
	
		
 
        user_model = UserModel()

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            usr.inherit_default_permissions = inherit_perms

			




	
	
	
		
 
            Session().add(usr)

			




	
	
	
		
 

			




	
	
	
		
 
            if grant_create_perm:

			




	
	
	
		
 
                user_model.revoke_perm(usr, 'hg.create.none')

			




	
	
	
		
 
                user_model.grant_perm(usr, 'hg.create.repository')

			




	
	
	
		
 
                h.flash(_("Granted 'repository create' permission to user"),

			




	
	
	
		
 
                        category='success')

			




	
	
	
		
 
            else:

			




	
	
	
		
 
                user_model.revoke_perm(usr, 'hg.create.repository')

			




	
	
	
		
 
                user_model.grant_perm(usr, 'hg.create.none')

			




	
	
	
		
 
                h.flash(_("Revoked 'repository create' permission to user"),

			




	
	
	
		
 
                        category='success')

			




	
	
	
		
 

			




	
	
	
		
 
            if grant_fork_perm:

			




	
	
	
		
 
                user_model.revoke_perm(usr, 'hg.fork.none')

			




	
	
	
		
 
                user_model.grant_perm(usr, 'hg.fork.repository')

			




	
	
	
		
 
                h.flash(_("Granted 'repository fork' permission to user"),

			




	
	
	
		
 
                        category='success')

			




	
	
	
		
 
            else:

			




	
	
	
		
 
                user_model.revoke_perm(usr, 'hg.fork.repository')

			




	
	
	
		
 
                user_model.grant_perm(usr, 'hg.fork.none')

			




	
	
	
		
 
                h.flash(_("Revoked 'repository fork' permission to user"),

			




	
	
	
		
 
                        category='success')

			




	
	
	
		
 

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            h.flash(_('An error occurred during permissions saving'),

			




	
	
	
		
 
                    category='error')

			




	
	
	
		
 
        return redirect(url('edit_user', id=id))

			




	
	
	
		
 

			




	
	
	
		
 
    def add_email(self, id):

			




	
	
	
		
 
        """POST /user_emails:Add an existing item"""

			




	
	
	
		
 
        # url('user_emails', id=ID, method='put')

			




	
	
	
		
 

			




	
	
	
		
 
        #TODO: validation and form !!!

			




	
	
	
		
 
        email = request.POST.get('new_email')

			




	
	
	
		
 
        user_model = UserModel()

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            user_model.add_extra_email(id, email)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 
            h.flash(_("Added email %s to user") % email, category='success')

			




	
	
	
		
 
        except formencode.Invalid, error:

			




	
	
	
		
 
            msg = error.error_dict['email']

			




	
	
	
		
 
            h.flash(msg, category='error')

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            h.flash(_('An error occurred during email saving'),

			




	
	
	
		
 
                    category='error')

			




	
	
	
		
 
        return redirect(url('edit_user', id=id))

			




	
	
	
		
 

			




	
	
	
		
 
    def delete_email(self, id):

			




	
	
	
		
 
        """DELETE /user_emails_delete/id: Delete an existing item"""

			




	
	
	
		
 
        # url('user_emails_delete', id=ID, method='delete')

			




	
	
	
		
 
        user_model = UserModel()

			




	
	
	
		
 
        user_model.delete_extra_email(id, request.POST.get('del_email'))

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        h.flash(_("Removed email from user"), category='success')

			




	
	
	
		
 
        return redirect(url('edit_user', id=id))

			




        

    


    
    

    

        

                

                    rhodecode/model/user.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
# -*- coding: utf-8 -*-

			




	
	
	
		
 
"""

			




	
	
	
		
 
    rhodecode.model.user

			




	
	
	
		
 
    ~~~~~~~~~~~~~~~~~~~~

			




	
	
	
		
 

			




	
	
	
		
 
    users model for RhodeCode

			




	
	
	
		
 

			




	
	
	
		
 
    :created_on: Apr 9, 2010

			




	
	
	
		
 
    :author: marcink

			




	
	
	
		
 
    :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>

			




	
	
	
		
 
    :license: GPLv3, see COPYING for more details.

			




	
	
	
		
 
"""

			




	
	
	
		
 
# This program is free software: you can redistribute it and/or modify

			




	
	
	
		
 
# it under the terms of the GNU General Public License as published by

			




	
	
	
		
 
# the Free Software Foundation, either version 3 of the License, or

			




	
	
	
		
 
# (at your option) any later version.

			




	
	
	
		
 
#

			




	
	
	
		
 
# This program is distributed in the hope that it will be useful,

			




	
	
	
		
 
# but WITHOUT ANY WARRANTY; without even the implied warranty of

			




	
	
	
		
 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

			




	
	
	
		
 
# GNU General Public License for more details.

			




	
	
	
		
 
#

			




	
	
	
		
 
# You should have received a copy of the GNU General Public License

			




	
	
	
		
 
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

			




	
	
	
		
 

			




	
	
	
		
 
import logging

			




	
	
	
		
 
import traceback

			




	
	
	
		
 
import itertools

			




	
	
	
		
 
from pylons import url

			




	
	
	
		
 
from pylons.i18n.translation import _

			




	
	
	
		
 

			




	
	
	
		
 
from sqlalchemy.exc import DatabaseError

			




	
	
	
		
 
from sqlalchemy.orm import joinedload

			




	
	
	
		
 

			




	
	
	
		
 
from rhodecode.lib.utils2 import safe_unicode, generate_api_key

			




	
	
	
		
 
from rhodecode.lib.caching_query import FromCache

			




	
	
	
		
 
from rhodecode.model import BaseModel

			




	
	
	
		
 
from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \

			




	
	
	
		
 
    UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember, \

			




	
	
	
		
 
    Notification, RepoGroup, UserRepoGroupToPerm, UsersGroupRepoGroupToPerm, \

			




	
	
	
		
 
    UserEmailMap

			




	
	
	
		
 
from rhodecode.lib.exceptions import DefaultUserException, \

			




	
	
	
		
 
    UserOwnsReposException

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
log = logging.getLogger(__name__)

			




	
	
	
		
 

			




	
	
	
		
 
PERM_WEIGHTS = Permission.PERM_WEIGHTS

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class UserModel(BaseModel):

			




	
	
	
		
 
    cls = User

			




	
	
	
		
 

			




	
	
	
		
 
    def get(self, user_id, cache=False):

			




	
	
	
		
 
        user = self.sa.query(User)

			




	
	
	
		
 
        if cache:

			




	
	
	
		
 
            user = user.options(FromCache("sql_cache_short",

			




	
	
	
		
 
                                          "get_user_%s" % user_id))

			




	
	
	
		
 
        return user.get(user_id)

			




	
	
	
		
 

			




	
	
	
		
 
    def get_user(self, user):

			




	
	
	
		
 
        return self._get_user(user)

			




	
	
	
		
 

			




	
	
	
		
 
    def get_by_username(self, username, cache=False, case_insensitive=False):

			




	
	
	
		
 

			




	
	
	
		
 
        if case_insensitive:

			




	
	
	
		
 
            user = self.sa.query(User).filter(User.username.ilike(username))

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            user = self.sa.query(User)\

			




	
	
	
		
 
                .filter(User.username == username)

			




	
	
	
		
 
        if cache:

			




	
	
	
		
 
            user = user.options(FromCache("sql_cache_short",

			




	
	
	
		
 
                                          "get_user_%s" % username))

			




	
	
	
		
 
        return user.scalar()

			




	
	
	
		
 

			




	
	
	
		
 
    def get_by_email(self, email, cache=False, case_insensitive=False):

			




	
	
	
		
 
        return User.get_by_email(email, case_insensitive, cache)

			




	
	
	
		
 

			




	
	
	
		
 
    def get_by_api_key(self, api_key, cache=False):

			




	
	
	
		
 
        return User.get_by_api_key(api_key, cache)

			




	
	
	
		
 

			




	
	
	
		
 
    def create(self, form_data):

			




	
	
	
		
 
        from rhodecode.lib.auth import get_crypt_password

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            new_user = User()

			




	
	
	
		
 
            for k, v in form_data.items():

			




	
	
	
		
 
                if k == 'password':

			




	
	
	
		
 
                    v = get_crypt_password(v)

			




	
	
	
		
 
                if k == 'firstname':

			




	
	
	
		
 
                    k = 'name'

			




	
	
	
		
 
                setattr(new_user, k, v)

			




	
	
	
		
 

			




	
	
	
		
 
            new_user.api_key = generate_api_key(form_data['username'])

			




	
	
	
		
 
            self.sa.add(new_user)

			




	
	
	
		
 
            return new_user

			




	
	
	
		
 
        except:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise

			




	
	
	
		
 

			




	
	
	
		
 
    def create_or_update(self, username, password, email, firstname='',

			




	
	
	
		
 
                         lastname='', active=True, admin=False, ldap_dn=None):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Creates a new instance if not found, or updates current one

			




	
	
	
		
 

			




	
	
	
		
 
        :param username:

			




	
	
	
		
 
        :param password:

			




	
	
	
		
 
        :param email:

			




	
	
	
		
 
        :param active:

			




	
	
	
		
 
        :param firstname:

			




	
	
	
		
 
        :param lastname:

			




	
	
	
		
 
        :param active:

			




	
	
	
		
 
        :param admin:

			




	
	
	
		
 
        :param ldap_dn:

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        from rhodecode.lib.auth import get_crypt_password

			




	
	
	
		
 

			




	
	
	
		
 
        log.debug('Checking for %s account in RhodeCode database' % username)

			




	
	
	
		
 
        user = User.get_by_username(username, case_insensitive=True)

			




	
	
	
		
 
        if user is None:

			




	
	
	
		
 
            log.debug('creating new user %s' % username)

			




	
	
	
		
 
            new_user = User()

			




	
	
	
		
 
            edit = False

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            log.debug('updating user %s' % username)

			




	
	
	
		
 
            new_user = user

			




	
	
	
		
 
            edit = True

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            new_user.username = username

			




	
	
	
		
 
            new_user.admin = admin

			




	
	
	
		
 
            # set password only if creating an user or password is changed

			




	
	
	
		
 
            if edit is False or user.password != password:

			




	
	
	
		
 
                new_user.password = get_crypt_password(password)

			




	
	
	
		
 
                new_user.api_key = generate_api_key(username)

			




	
	
	
		
 
            new_user.email = email

			




	
	
	
		
 
            new_user.active = active

			




	
	
	
		
 
            new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None

			




	
	
	
		
 
            new_user.name = firstname

			




	
	
	
		
 
            new_user.lastname = lastname

			




	
	
	
		
 
            self.sa.add(new_user)

			




	
	
	
		
 
            return new_user

			




	
	
	
		
 
        except (DatabaseError,):

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise

			




	
	
	
		
 

			




	
	
	
		
 
    def create_for_container_auth(self, username, attrs):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Creates the given user if it's not already in the database

			




	
	
	
		
 

			




	
	
	
		
 
        :param username:

			




	
	
	
		
 
        :param attrs:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        if self.get_by_username(username, case_insensitive=True) is None:

			




	
	
	
		
 

			




	
	
	
		
 
            # autogenerate email for container account without one

			




	
	
	
		
 
            generate_email = lambda usr: '%s@container_auth.account' % usr

			




	
	
	
		
 

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                new_user = User()

			




	
	
	
		
 
                new_user.username = username

			




	
	
	
		
 
                new_user.password = None

			




	
	
	
		
 
                new_user.api_key = generate_api_key(username)

			




	
	
	
		
 
                new_user.email = attrs['email']

			




	
	
	
		
 
                new_user.active = attrs.get('active', True)

			




	
	
	
		
 
                new_user.name = attrs['name'] or generate_email(username)

			




	
	
	
		
 
                new_user.lastname = attrs['lastname']

			




	
	
	
		
 

			




	
	
	
		
 
                self.sa.add(new_user)

			




	
	
	
		
 
                return new_user

			




	
	
	
		
 
            except (DatabaseError,):

			




	
	
	
		
 
                log.error(traceback.format_exc())

			




	
	
	
		
 
                self.sa.rollback()

			




	
	
	
		
 
                raise

			




	
	
	
		
 
        log.debug('User %s already exists. Skipping creation of account'

			




	
	
	
		
 
                  ' for container auth.', username)

			




	
	
	
		
 
        return None

			




	
	
	
		
 

			




	
	
	
		
 
    def create_ldap(self, username, password, user_dn, attrs):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Checks if user is in database, if not creates this user marked

			




	
	
	
		
 
        as ldap user

			




	
	
	
		
 

			




	
	
	
		
 
        :param username:

			




	
	
	
		
 
        :param password:

			




	
	
	
		
 
        :param user_dn:

			




	
	
	
		
 
        :param attrs:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        from rhodecode.lib.auth import get_crypt_password

			




	
	
	
		
 
        log.debug('Checking for such ldap account in RhodeCode database')

			




	
	
	
		
 
        if self.get_by_username(username, case_insensitive=True) is None:

			




	
	
	
		
 

			




	
	
	
		
 
            # autogenerate email for ldap account without one

			




	
	
	
		
 
            generate_email = lambda usr: '%s@ldap.account' % usr

			




	
	
	
		
 

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                new_user = User()

			




	
	
	
		
 
                username = username.lower()

			




	
	
	
		
 
                # add ldap account always lowercase

			




	
	
	
		
 
                new_user.username = username

			




	
	
	
		
 
                new_user.password = get_crypt_password(password)

			




	
	
	
		
 
                new_user.api_key = generate_api_key(username)

			




	
	
	
		
 
                new_user.email = attrs['email'] or generate_email(username)

			




	
	
	
		
 
                new_user.active = attrs.get('active', True)

			




	
	
	
		
 
                new_user.ldap_dn = safe_unicode(user_dn)

			




	
	
	
		
 
                new_user.name = attrs['name']

			




	
	
	
		
 
                new_user.lastname = attrs['lastname']

			




	
	
	
		
 

			




	
	
	
		
 
                self.sa.add(new_user)

			




	
	
	
		
 
                return new_user

			




	
	
	
		
 
            except (DatabaseError,):

			




	
	
	
		
 
                log.error(traceback.format_exc())

			




	
	
	
		
 
                self.sa.rollback()

			




	
	
	
		
 
                raise

			




	
	
	
		
 
        log.debug('this %s user exists skipping creation of ldap account',

			




	
	
	
		
 
                  username)

			




	
	
	
		
 
        return None

			




	
	
	
		
 

			




	
	
	
		
 
    def create_registration(self, form_data):

			




	
	
	
		
 
        from rhodecode.model.notification import NotificationModel

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            form_data['admin'] = False

			




	
	
	
		
 
            new_user = self.create(form_data)

			




	
	
	
		
 

			




	
	
	
		
 
            self.sa.add(new_user)

			




	
	
	
		
 
            self.sa.flush()

			




	
	
	
		
 

			




	
	
	
		
 
            # notification to admins

			




	
	
	
		
 
            subject = _('new user registration')

			




	
	
	
		
 
            body = ('New user registration\n'

			




	
	
	
		
 
                    '---------------------\n'

			




	
	
	
		
 
                    '- Username: %s\n'

			




	
	
	
		
 
                    '- Full Name: %s\n'

			




	
	
	
		
 
                    '- Email: %s\n')

			




	
	
	
		
 
            body = body % (new_user.username, new_user.full_name,

			




	
	
	
		
 
                           new_user.email)

			




	
	
	
		
 
            edit_url = url('edit_user', id=new_user.user_id, qualified=True)

			




	
	
	
		
 
            kw = {'registered_user_url': edit_url}

			




	
	
	
		
 
            NotificationModel().create(created_by=new_user, subject=subject,

			




	
	
	
		
 
                                       body=body, recipients=None,

			




	
	
	
		
 
                                       type_=Notification.TYPE_REGISTRATION,

			




	
	
	
		
 
                                       email_kwargs=kw)

			




	
	
	
		
 

			




	
	
	
		
 
        except:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise

			




	
	
	
		
 

			




	
	
	
		
 
    def update(self, user_id, form_data):

			




	
	
	
		
 
    def update(self, user_id, form_data, skip_attrs=[]):

			




	
	
	
		
 
        from rhodecode.lib.auth import get_crypt_password

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            user = self.get(user_id, cache=False)

			




	
	
	
		
 
            if user.username == 'default':

			




	
	
	
		
 
                raise DefaultUserException(

			




	
	
	
		
 
                                _("You can't Edit this user since it's"

			




	
	
	
		
 
                                  " crucial for entire application"))

			




	
	
	
		
 

			




	
	
	
		
 
            for k, v in form_data.items():

			




	
	
	
		
 
                if k in skip_attrs:

			




	
	
	
		
 
                    continue

			




	
	
	
		
 
                if k == 'new_password' and v:

			




	
	
	
		
 
                    user.password = get_crypt_password(v)

			




	
	
	
		
 
                    user.api_key = generate_api_key(user.username)

			




	
	
	
		
 
                else:

			




	
	
	
		
 
                    if k == 'firstname':

			




	
	
	
		
 
                        k = 'name'

			




	
	
	
		
 
                    setattr(user, k, v)

			




	
	
	
		
 
            self.sa.add(user)

			




	
	
	
		
 
        except:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise

			




	
	
	
		
 

			




	
	
	
		
 
    def update_user(self, user, **kwargs):

			




	
	
	
		
 
        from rhodecode.lib.auth import get_crypt_password

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            user = self._get_user(user)

			




	
	
	
		
 
            if user.username == 'default':

			




	
	
	
		
 
                raise DefaultUserException(

			




	
	
	
		
 
                    _("You can't Edit this user since it's"

			




	
	
	
		
 
                      " crucial for entire application")

			




	
	
	
		
 
                )

			




	
	
	
		
 

			




	
	
	
		
 
            for k, v in kwargs.items():

			




	
	
	
		
 
                if k == 'password' and v:

			




	
	
	
		
 
                    v = get_crypt_password(v)

			




	
	
	
		
 
                    user.api_key = generate_api_key(user.username)

			




	
	
	
		
 

			




	
	
	
		
 
                setattr(user, k, v)

			




	
	
	
		
 
            self.sa.add(user)

			




	
	
	
		
 
            return user

			




	
	
	
		
 
        except:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise

			




	
	
	
		
 

			




	
	
	
		
 
    def update_my_account(self, user_id, form_data):

			




	
	
	
		
 
        from rhodecode.lib.auth import get_crypt_password

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            user = self.get(user_id, cache=False)

			




	
	
	
		
 
            if user.username == 'default':

			




	
	
	
		
 
                raise DefaultUserException(

			




	
	
	
		
 
                    _("You can't Edit this user since it's"

			




	
	
	
		
 
                      " crucial for entire application")

			




	
	
	
		
 
                )

			




	
	
	
		
 
            for k, v in form_data.items():

			




	
	
	
		
 
                if k == 'new_password' and v:

			




	
	
	
		
 
                    user.password = get_crypt_password(v)

			




	
	
	
		
 
                    user.api_key = generate_api_key(user.username)

			




	
	
	
		
 
                else:

			




	
	
	
		
 
                    if k == 'firstname':

			




	
	
	
		
 
                        k = 'name'

			




	
	
	
		
 
                    if k not in ['admin', 'active']:

			




	
	
	
		
 
                        setattr(user, k, v)

			




	
	
	
		
 

			




	
	
	
		
 
            self.sa.add(user)

			




	
	
	
		
 
        except:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise

			




	
	
	
		
 

			




	
	
	
		
 
    def delete(self, user):

			




	
	
	
		
 
        user = self._get_user(user)

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            if user.username == 'default':

			




	
	
	
		
 
                raise DefaultUserException(

			




	
	
	
		
 
                    _(u"You can't remove this user since it's"

			




	
	
	
		
 
                      " crucial for entire application")

			




	
	
	
		
 
                )

			




	
	
	
		
 
            if user.repositories:

			




	
	
	
		
 
                repos = [x.repo_name for x in user.repositories]

			




	
	
	
		
 
                raise UserOwnsReposException(

			




	
	
	
		
 
                    _(u'user "%s" still owns %s repositories and cannot be '

			




	
	
	
		
 
                      'removed. Switch owners or remove those repositories. %s')

			




	
	
	
		
 
                    % (user.username, len(repos), ', '.join(repos))

			




	
	
	
		
 
                )

			




	
	
	
		
 
            self.sa.delete(user)

			




	
	
	
		
 
        except:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise

			




	
	
	
		
 

			




	
	
	
		
 
    def reset_password_link(self, data):

			




	
	
	
		
 
        from rhodecode.lib.celerylib import tasks, run_task

			




	
	
	
		
 
        run_task(tasks.send_password_link, data['email'])

			




	
	
	
		
 

			




	
	
	
		
 
    def reset_password(self, data):

			




	
	
	
		
 
        from rhodecode.lib.celerylib import tasks, run_task

			




	
	
	
		
 
        run_task(tasks.reset_user_password, data['email'])

			




	
	
	
		
 

			




	
	
	
		
 
    def fill_data(self, auth_user, user_id=None, api_key=None):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Fetches auth_user by user_id,or api_key if present.

			




	
	
	
		
 
        Fills auth_user attributes with those taken from database.

			




	
	
	
		
 
        Additionally set's is_authenitated if lookup fails

			




	
	
	
		
 
        present in database

			




	
	
	
		
 

			




	
	
	
		
 
        :param auth_user: instance of user to set attributes

			




	
	
	
		
 
        :param user_id: user id to fetch by

			




	
	
	
		
 
        :param api_key: api key to fetch by

			




	
	
	
		
 
        """

			




	
	
	
		
 
        if user_id is None and api_key is None:

			




	
	
	
		
 
            raise Exception('You need to pass user_id or api_key')

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            if api_key:

			




	
	
	
		
 
                dbuser = self.get_by_api_key(api_key)

			




	
	
	
		
 
            else:

			




	
	
	
		
 
                dbuser = self.get(user_id)

			




	
	
	
		
 

			




	
	
	
		
 
            if dbuser is not None and dbuser.active:

			




	
	
	
		
 
                log.debug('filling %s data' % dbuser)

			




	
	
	
		
 
                for k, v in dbuser.get_dict().items():

			




	
	
	
		
 
                    setattr(auth_user, k, v)

			




	
	
	
		
 
            else:

			




	
	
	
		
 
                return False

			




	
	
	
		
 

			




	
	
	
		
 
        except:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            auth_user.is_authenticated = False

			




	
	
	
		
 
            return False

			




	
	
	
		
 

			




	
	
	
		
 
        return True

			




	
	
	
		
 

			




	
	
	
		
 
    def fill_perms(self, user):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Fills user permission attribute with permissions taken from database

			




	
	
	
		
 
        works for permissions given for repositories, and for permissions that

			




	
	
	
		
 
        are granted to groups

			




	
	
	
		
 

			




	
	
	
		
 
        :param user: user instance to fill his perms

			




	
	
	
		
 
        """

			




	
	
	
		
 
        RK = 'repositories'

			




	
	
	
		
 
        GK = 'repositories_groups'

			




	
	
	
		
 
        GLOBAL = 'global'

			




	
	
	
		
 
        user.permissions[RK] = {}

			




	
	
	
		
 
        user.permissions[GK] = {}

			




	
	
	
		
 
        user.permissions[GLOBAL] = set()

			




	
	
	
		
 

			




	
	
	
		
 
        #======================================================================

			




	
	
	
		
 
        # fetch default permissions

			




	
	
	
		
 
        #======================================================================

			




	
	
	
		
 
        default_user = User.get_by_username('default', cache=True)

			




	
	
	
		
 
        default_user_id = default_user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        default_repo_perms = Permission.get_default_perms(default_user_id)

			




	
	
	
		
 
        default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)

			




	
	
	
		
 

			




	
	
	
		
 
        if user.is_admin:

			




	
	
	
		
 
            #==================================================================

			




	
	
	
		
 
            # admin user have all default rights for repositories

			




	
	
	
		
 
            # and groups set to admin

			




	
	
	
		
 
            #==================================================================

			




	
	
	
		
 
            user.permissions[GLOBAL].add('hg.admin')

			




	
	
	
		
 

			




	
	
	
		
 
            # repositories

			




	
	
	
		
 
            for perm in default_repo_perms:

			




	
	
	
		
 
                r_k = perm.UserRepoToPerm.repository.repo_name

			




	
	
	
		
 
                p = 'repository.admin'

			




	
	
	
		
 
                user.permissions[RK][r_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
            # repositories groups

			




	
	
	
		
 
            for perm in default_repo_groups_perms:

			




	
	
	
		
 
                rg_k = perm.UserRepoGroupToPerm.group.group_name

			




	
	
	
		
 
                p = 'group.admin'

			




	
	
	
		
 
                user.permissions[GK][rg_k] = p

			




	
	
	
		
 
            return user

			




	
	
	
		
 

			




	
	
	
		
 
        #==================================================================

			




	
	
	
		
 
        # SET DEFAULTS GLOBAL, REPOS, REPOS GROUPS

			




	
	
	
		
 
        #==================================================================

			




	
	
	
		
 
        uid = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        # default global permissions taken fron the default user

			




	
	
	
		
 
        default_global_perms = self.sa.query(UserToPerm)\

			




	
	
	
		
 
            .filter(UserToPerm.user_id == default_user_id)

			




	
	
	
		
 

			




	
	
	
		
 
        for perm in default_global_perms:

			




	
	
	
		
 
            user.permissions[GLOBAL].add(perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
        # defaults for repositories, taken from default user

			




	
	
	
		
 
        for perm in default_repo_perms:

			




	
	
	
		
 
            r_k = perm.UserRepoToPerm.repository.repo_name

			




	
	
	
		
 
            if perm.Repository.private and not (perm.Repository.user_id == uid):

			




	
	
	
		
 
                # disable defaults for private repos,

			




	
	
	
		
 
                p = 'repository.none'

			




	
	
	
		
 
            elif perm.Repository.user_id == uid:

			




	
	
	
		
 
                # set admin if owner

			




	
	
	
		
 
                p = 'repository.admin'

			




	
	
	
		
 
            else:

			




	
	
	
		
 
                p = perm.Permission.permission_name

			




	
	
	
		
 

			




	
	
	
		
 
            user.permissions[RK][r_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
        # defaults for repositories groups taken from default user permission

			




	
	
	
		
 
        # on given group

			




	
	
	
		
 
        for perm in default_repo_groups_perms:

			




	
	
	
		
 
            rg_k = perm.UserRepoGroupToPerm.group.group_name

			




	
	
	
		
 
            p = perm.Permission.permission_name

			




	
	
	
		
 
            user.permissions[GK][rg_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
        #======================================================================

			




	
	
	
		
 
        # !! OVERRIDE GLOBALS !! with user permissions if any found

			




	
	
	
		
 
        #======================================================================

			




	
	
	
		
 
        # those can be configured from groups or users explicitly

			




	
	
	
		
 
        _configurable = set(['hg.fork.none', 'hg.fork.repository',

			




	
	
	
		
 
                             'hg.create.none', 'hg.create.repository'])

			




	
	
	
		
 

			




	
	
	
		
 
        # USER GROUPS comes first

			




	
	
	
		
 
        # users group global permissions

			




	
	
	
		
 
        user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\

			




	
	
	
		
 
            .options(joinedload(UsersGroupToPerm.permission))\

			




	
	
	
		
 
            .join((UsersGroupMember, UsersGroupToPerm.users_group_id ==

			




	
	
	
		
 
                   UsersGroupMember.users_group_id))\

			




	
	
	
		
 
            .filter(UsersGroupMember.user_id == uid)\

			




	
	
	
		
 
            .order_by(UsersGroupToPerm.users_group_id)\

			




	
	
	
		
 
            .all()

			




	
	
	
		
 
        #need to group here by groups since user can be in more than one group

			




	
	
	
		
 
        _grouped = [[x, list(y)] for x, y in

			




	
	
	
		
 
                    itertools.groupby(user_perms_from_users_groups,

			




	
	
	
		
 
                                      lambda x:x.users_group)]

			




	
	
	
		
 
        for gr, perms in _grouped:

			




	
	
	
		
 
            # since user can be in multiple groups iterate over them and

			




	
	
	
		
 
            # select the lowest permissions first (more explicit)

			




	
	
	
		
 
            ##TODO: do this^^

			




	
	
	
		
 
            if not gr.inherit_default_permissions:

			




	
	
	
		
 
                # NEED TO IGNORE all configurable permissions and

			




	
	
	
		
 
                # replace them with explicitly set

			




	
	
	
		
 
                user.permissions[GLOBAL] = user.permissions[GLOBAL]\

			




	
	
	
		
 
                                                .difference(_configurable)

			




	
	
	
		
 
            for perm in perms:

			




	
	
	
		
 
                user.permissions[GLOBAL].add(perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
        # user specific global permissions

			




	
	
	
		
 
        user_perms = self.sa.query(UserToPerm)\

			




	
	
	
		
 
                .options(joinedload(UserToPerm.permission))\

			




	
	
	
		
 
                .filter(UserToPerm.user_id == uid).all()

			




	
	
	
		
 

			




	
	
	
		
 
        if not user.inherit_default_permissions:

			




	
	
	
		
 
            # NEED TO IGNORE all configurable permissions and

			




	
	
	
		
 
            # replace them with explicitly set

			




	
	
	
		
 
            user.permissions[GLOBAL] = user.permissions[GLOBAL]\

			




	
	
	
		
 
                                            .difference(_configurable)

			




	
	
	
		
 

			




	
	
	
		
 
            for perm in user_perms:

			




	
	
	
		
 
                user.permissions[GLOBAL].add(perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
        #======================================================================

			




	
	
	
		
 
        # !! REPO PERMISSIONS !!

			




	
	
	
		
 
        #======================================================================

			




	
	
	
		
 
        #======================================================================

			




	
	
	
		
 
        # check if user is part of user groups for this repository and

			




	
	
	
		
 
        # fill in (or NOT replace with higher `or 1` permissions

			




	
	
	
		
 
        #======================================================================

			




	
	
	
		
 
        # users group for repositories permissions

			




	
	
	
		
 
        user_repo_perms_from_users_groups = \

			




	
	
	
		
 
         self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\

			




	
	
	
		
 
            .join((Repository, UsersGroupRepoToPerm.repository_id ==

			




	
	
	
		
 
                   Repository.repo_id))\

			




	
	
	
		
 
            .join((Permission, UsersGroupRepoToPerm.permission_id ==

			




	
	
	
		
 
                   Permission.permission_id))\

			




	
	
	
		
 
            .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id ==

			




	
	
	
		
 
                   UsersGroupMember.users_group_id))\

			




	
	
	
		
 
            .filter(UsersGroupMember.user_id == uid)\

			




	
	
	
		
 
            .all()

			




	
	
	
		
 

			




	
	
	
		
 
        for perm in user_repo_perms_from_users_groups:

			




	
	
	
		
 
            r_k = perm.UsersGroupRepoToPerm.repository.repo_name

			




	
	
	
		
 
            p = perm.Permission.permission_name

			




	
	
	
		
 
            cur_perm = user.permissions[RK][r_k]

			




	
	
	
		
 
            # overwrite permission only if it's greater than permission

			




	
	
	
		
 
            # given from other sources - disabled with `or 1` now

			




	
	
	
		
 
            if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1:  # disable check

			




	
	
	
		
 
                if perm.Repository.user_id == uid:

			




	
	
	
		
 
                    # set admin if owner

			




	
	
	
		
 
                    p = 'repository.admin'

			




	
	
	
		
 

			




	
	
	
		
 
                user.permissions[RK][r_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
        # user explicit permissions for repositories

			




	
	
	
		
 
        user_repo_perms = \

			




	
	
	
		
 
         self.sa.query(UserRepoToPerm, Permission, Repository)\

			




	
	
	
		
 
            .join((Repository, UserRepoToPerm.repository_id ==

			




	
	
	
		
 
                   Repository.repo_id))\

			




	
	
	
		
 
            .join((Permission, UserRepoToPerm.permission_id ==

			




	
	
	
		
 
                   Permission.permission_id))\

			




	
	
	
		
 
            .filter(UserRepoToPerm.user_id == uid)\

			




	
	
	
		
 
            .all()

			




	
	
	
		
 

			




	
	
	
		
 
        for perm in user_repo_perms:

			




	
	
	
		
 
            # set admin if owner

			




	
	
	
		
 
            r_k = perm.UserRepoToPerm.repository.repo_name

			




	
	
	
		
 
            if perm.Repository.user_id == uid:

			




	
	
	
		
 
                p = 'repository.admin'

			




	
	
	
		
 
            else:

			




	
	
	
		
 
                p = perm.Permission.permission_name

			




	
	
	
		
 
            user.permissions[RK][r_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
        # REPO GROUP

			




	
	
	
		
 
        #==================================================================

			




	
	
	
		
 
        # get access for this user for repos group and override defaults

			




	
	
	
		
 
        #==================================================================

			




	
	
	
		
 

			




	
	
	
		
 
        # user explicit permissions for repository

			




	
	
	
		
 
        user_repo_groups_perms = \

			




	
	
	
		
 
         self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\

			




	
	
	
		
 
         .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\

			




	
	
	
		
 
         .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\

			




	
	
	
		
 
         .filter(UserRepoGroupToPerm.user_id == uid)\

			




	
	
	
		
 
         .all()

			




	
	
	
		
 

			




	
	
	
		
 
        for perm in user_repo_groups_perms:

			




	
	
	
		
 
            rg_k = perm.UserRepoGroupToPerm.group.group_name

			




	
	
	
		
 
            p = perm.Permission.permission_name

			




	
	
	
		
 
            cur_perm = user.permissions[GK][rg_k]

			




	
	
	
		
 
            if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1:  # disable check

			




	
	
	
		
 
                user.permissions[GK][rg_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
        # REPO GROUP + USER GROUP

			




	
	
	
		
 
        #==================================================================

			




	
	
	
		
 
        # check if user is part of user groups for this repo group and

			




	
	
	
		
 
        # fill in (or replace with higher) permissions

			




	
	
	
		
 
        #==================================================================

			




	
	
	
		
 

			




	
	
	
		
 
        # users group for repositories permissions

			




	
	
	
		
 
        user_repo_group_perms_from_users_groups = \

			




	
	
	
		
 
         self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\

			




	
	
	
		
 
         .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\

			




	
	
	
		
 
         .join((Permission, UsersGroupRepoGroupToPerm.permission_id == Permission.permission_id))\

			




	
	
	
		
 
         .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\

			




	
	
	
		
 
         .filter(UsersGroupMember.user_id == uid)\

			




	
	
	
		
 
         .all()

			




	
	
	
		
 

			




	
	
	
		
 
        for perm in user_repo_group_perms_from_users_groups:

			




	
	
	
		
 
            g_k = perm.UsersGroupRepoGroupToPerm.group.group_name

			




	
	
	
		
 
            p = perm.Permission.permission_name

			




	
	
	
		
 
            cur_perm = user.permissions[GK][g_k]

			




	
	
	
		
 
            # overwrite permission only if it's greater than permission

			




	
	
	
		
 
            # given from other sources

			




	
	
	
		
 
            if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1:  # disable check

			




	
	
	
		
 
                user.permissions[GK][g_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
        return user

			




	
	
	
		
 

			




	
	
	
		
 
    def has_perm(self, user, perm):

			




	
	
	
		
 
        perm = self._get_perm(perm)

			




	
	
	
		
 
        user = self._get_user(user)

			




	
	
	
		
 

			




	
	
	
		
 
        return UserToPerm.query().filter(UserToPerm.user == user)\

			




	
	
	
		
 
            .filter(UserToPerm.permission == perm).scalar() is not None

			




	
	
	
		
 

			




	
	
	
		
 
    def grant_perm(self, user, perm):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Grant user global permissions

			




	
	
	
		
 

			




	
	
	
		
 
        :param user:

			




	
	
	
		
 
        :param perm:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        user = self._get_user(user)

			




	
	
	
		
 
        perm = self._get_perm(perm)

			




	
	
	
		
 
        # if this permission is already granted skip it

			




	
	
	
		
 
        _perm = UserToPerm.query()\

			




	
	
	
		
 
            .filter(UserToPerm.user == user)\

			




	
	
	
		
 
            .filter(UserToPerm.permission == perm)\

			




	
	
	
		
 
            .scalar()

			




	
	
	
		
 
        if _perm:

			




	
	
	
		
 
            return

			




	
	
	
		
 
        new = UserToPerm()

			




	
	
	
		
 
        new.user = user

			




	
	
	
		
 
        new.permission = perm

			




	
	
	
		
 
        self.sa.add(new)

			




	
	
	
		
 

			




	
	
	
		
 
    def revoke_perm(self, user, perm):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Revoke users global permissions

			




	
	
	
		
 

			




	
	
	
		
 
        :param user:

			




	
	
	
		
 
        :param perm:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        user = self._get_user(user)

			




	
	
	
		
 
        perm = self._get_perm(perm)

			




	
	
	
		
 

			




	
	
	
		
 
        obj = UserToPerm.query()\

			




	
	
	
		
 
                .filter(UserToPerm.user == user)\

			




	
	
	
		
 
                .filter(UserToPerm.permission == perm)\

			




	
	
	
		
 
                .scalar()

			




	
	
	
		
 
        if obj:

			




        

    


    
    

    

        

                

                    rhodecode/templates/admin/users/user_edit.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
## -*- coding: utf-8 -*-

			




	
	
	
		
 
<%inherit file="/base/base.html"/>

			




	
	
	
		
 

			




	
	
	
		
 
<%def name="title()">

			




	
	
	
		
 
    ${_('Edit user')} ${c.user.username} - ${c.rhodecode_name}

			




	
	
	
		
 
</%def>

			




	
	
	
		
 

			




	
	
	
		
 
<%def name="breadcrumbs_links()">

			




	
	
	
		
 
    ${h.link_to(_('Admin'),h.url('admin_home'))}

			




	
	
	
		
 
    &raquo;

			




	
	
	
		
 
    ${h.link_to(_('Users'),h.url('users'))}

			




	
	
	
		
 
    &raquo;

			




	
	
	
		
 
    ${_('edit')} "${c.user.username}"

			




	
	
	
		
 
</%def>

			




	
	
	
		
 

			




	
	
	
		
 
<%def name="page_nav()">

			




	
	
	
		
 
	${self.menu('admin')}

			




	
	
	
		
 
</%def>

			




	
	
	
		
 

			




	
	
	
		
 
<%def name="main()">

			




	
	
	
		
 
<div class="box box-left">

			




	
	
	
		
 
    <!-- box / title -->

			




	
	
	
		
 
    <div class="title">

			




	
	
	
		
 
        ${self.breadcrumbs()}

			




	
	
	
		
 
    </div>

			




	
	
	
		
 
    <!-- end box / title -->

			




	
	
	
		
 
    ${h.form(url('update_user', id=c.user.user_id),method='put')}

			




	
	
	
		
 
    <div class="form">

			




	
	
	
		
 
        <div class="field">

			




	
	
	
		
 
           <div class="gravatar_box">

			




	
	
	
		
 
               <div class="gravatar"><img alt="gravatar" src="${h.gravatar_url(c.user.email)}"/></div>

			




	
	
	
		
 
                <p>

			




	
	
	
		
 
                %if c.use_gravatar:

			




	
	
	
		
 
                <strong>${_('Change your avatar at')} <a href="http://gravatar.com">gravatar.com</a></strong>

			




	
	
	
		
 
                <br/>${_('Using')} ${c.user.email}

			




	
	
	
		
 
                %else:

			




	
	
	
		
 
                <br/>${c.user.email}

			




	
	
	
		
 
                %endif

			




	
	
	
		
 
           </div>

			




	
	
	
		
 
        </div>

			




	
	
	
		
 
        <div class="field">

			




	
	
	
		
 
            <div class="label">

			




	
	
	
		
 
                <label>${_('API key')}</label> ${c.user.api_key}

			




	
	
	
		
 
            </div>

			




	
	
	
		
 
        </div>

			




	
	
	
		
 

			




	
	
	
		
 
        <div class="fields">

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="username">${_('Username')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.text('username',class_='medium')}

			




	
	
	
		
 
                    %if c.ldap_dn:

			




	
	
	
		
 
                        ${h.text('username',class_='medium disabled', readonly="readonly")}

			




	
	
	
		
 
                    %else:

			




	
	
	
		
 
                        ${h.text('username',class_='medium')}

			




	
	
	
		
 
                    %endif:

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="ldap_dn">${_('LDAP DN')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.text('ldap_dn',class_='medium disabled',readonly="readonly")}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="new_password">${_('New password')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.password('new_password',class_='medium',autocomplete="off")}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="password_confirmation">${_('New password confirmation')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.password('password_confirmation',class_="medium",autocomplete="off")}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="firstname">${_('First Name')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.text('firstname',class_='medium')}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="lastname">${_('Last Name')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.text('lastname',class_='medium')}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="email">${_('Email')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.text('email',class_='medium')}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label label-checkbox">

			




	
	
	
		
 
                    <label for="active">${_('Active')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="checkboxes">

			




	
	
	
		
 
                    ${h.checkbox('active',value=True)}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label label-checkbox">

			




	
	
	
		
 
                    <label for="admin">${_('Admin')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="checkboxes">

			




	
	
	
		
 
                    ${h.checkbox('admin',value=True)}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 
            <div class="buttons">

			




	
	
	
		
 
              ${h.submit('save',_('Save'),class_="ui-btn large")}

			




	
	
	
		
 
              ${h.reset('reset',_('Reset'),class_="ui-btn large")}

			




	
	
	
		
 
            </div>

			




	
	
	
		
 
    	</div>

			




	
	
	
		
 
    </div>

			




	
	
	
		
 
    ${h.end_form()}

			




	
	
	
		
 
</div>

			




	
	
	
		
 
<div style="min-height:780px" class="box box-right">

			




	
	
	
		
 
    <!-- box / title -->

			




	
	
	
		
 
    <div class="title">

			




	
	
	
		
 
        <h5>${_('Permissions')}</h5>

			




	
	
	
		
 
    </div>

			




	
	
	
		
 
    ${h.form(url('user_perm', id=c.user.user_id),method='put')}

			




	
	
	
		
 
    <div class="form">

			




	
	
	
		
 
        <!-- fields -->

			




	
	
	
		
 
        <div class="fields">

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label label-checkbox">

			




	
	
	
		
 
                    <label for="inherit_permissions">${_('Inherit default permissions')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="checkboxes">

			




	
	
	
		
 
                    ${h.checkbox('inherit_default_permissions',value=True)}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <span class="help-block">${h.literal(_('Select to inherit permissions from %s settings. '

			




	
	
	
		
 
                                             'With this selected below options does not have any action') % h.link_to('default', url('edit_permission', id='default')))}</span>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 
             <div id="inherit_overlay" style="${'opacity:0.3' if c.user.inherit_default_permissions else ''}" >

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label label-checkbox">

			




	
	
	
		
 
                    <label for="create_repo_perm">${_('Create repositories')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="checkboxes">

			




	
	
	
		
 
                    ${h.checkbox('create_repo_perm',value=True)}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label label-checkbox">

			




	
	
	
		
 
                    <label for="fork_repo_perm">${_('Fork repositories')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="checkboxes">

			




	
	
	
		
 
                    ${h.checkbox('fork_repo_perm',value=True)}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 
            <div class="buttons">

			




	
	
	
		
 
              ${h.submit('save',_('Save'),class_="ui-btn large")}

			




	
	
	
		
 
              ${h.reset('reset',_('Reset'),class_="ui-btn large")}

			




	
	
	
		
 
            </div>

			




	
	
	
		
 
        </div>

			




	
	
	
		
 
    </div>

			




	
	
	
		
 
    ${h.end_form()}

			




	
	
	
		
 

			




	
	
	
		
 
    ## permissions overview

			




	
	
	
		
 
    <div id="perms" class="table">

			




	
	
	
		
 
           %for section in sorted(c.perm_user.permissions.keys()):

			




	
	
	
		
 
              <div class="perms_section_head">${section.replace("_"," ").capitalize()}</div>

			




	
	
	
		
 
              %if not c.perm_user.permissions[section]:

			




	
	
	
		
 
                  <span class="empty_data">${_('Nothing here yet')}</span>

			




	
	
	
		
 
              %else:

			




	
	
	
		
 
              <div id='tbl_list_wrap_${section}' class="yui-skin-sam">

			




	
	
	
		
 
               <table id="tbl_list_${section}">

			




	
	
	
		
 
                <thead>

			




	
	
	
		
 
                    <tr>

			




	
	
	
		
 
                    <th class="left">${_('Name')}</th>

			




	
	
	
		
 
                    <th class="left">${_('Permission')}</th>

			




	
	
	
		
 
                    <th class="left">${_('Edit Permission')}</th>

			




	
	
	
		
 
                </thead>

			




	
	
	
		
 
                <tbody>

			




	
	
	
		
 
                %for k in c.perm_user.permissions[section]:

			




	
	
	
		
 
                     <%

			




	
	
	
		
 
                     if section != 'global':

			




	
	
	
		
 
                         section_perm = c.perm_user.permissions[section].get(k)

			




	
	
	
		
 
                         _perm = section_perm.split('.')[-1]

			




	
	
	
		
 
                     else:

			




	
	
	
		
 
                         _perm = section_perm = None

			




	
	
	
		
 
                     %>

			




	
	
	
		
 
                    <tr>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            %if section == 'repositories':

			




	
	
	
		
 
                                <a href="${h.url('summary_home',repo_name=k)}">${k}</a>

			




	
	
	
		
 
                            %elif section == 'repositories_groups':

			




	
	
	
		
 
                                <a href="${h.url('repos_group_home',group_name=k)}">${k}</a>

			




	
	
	
		
 
                            %else:

			




	
	
	
		
 
                                ${h.get_permission_name(k)}

			




	
	
	
		
 
                            %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            %if section == 'global':

			




	
	
	
		
 
                             ${h.bool2icon(k.split('.')[-1] != 'none')}

			




	
	
	
		
 
                            %else:

			




	
	
	
		
 
                             <span class="perm_tag ${_perm}">${section_perm}</span>

			




	
	
	
		
 
                            %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                        <td>

			




	
	
	
		
 
                            %if section == 'repositories':

			




	
	
	
		
 
                                <a href="${h.url('edit_repo',repo_name=k,anchor='permissions_manage')}">${_('edit')}</a>

			




	
	
	
		
 
                            %elif section == 'repositories_groups':

			




	
	
	
		
 
                                <a href="${h.url('edit_repos_group',id=k,anchor='permissions_manage')}">${_('edit')}</a>

			




	
	
	
		
 
                            %else:

			




	
	
	
		
 
                                --

			




	
	
	
		
 
                            %endif

			




	
	
	
		
 
                        </td>

			




	
	
	
		
 
                    </tr>

			




	
	
	
		
 
                %endfor

			




	
	
	
		
 
                </tbody>

			




	
	
	
		
 
               </table>

			




	
	
	
		
 
              </div>

			




	
	
	
		
 
              %endif

			




	
	
	
		
 
           %endfor

			




	
	
	
		
 
    </div>

			




	
	
	
		
 
</div>

			




	
	
	
		
 
<div class="box box-left">

			




	
	
	
		
 
    <!-- box / title -->

			




	
	
	
		
 
    <div class="title">

			




	
	
	
		
 
        <h5>${_('Email addresses')}</h5>

			




	
	
	
		
 
    </div>

			




	
	
	
		
 

			




	
	
	
		
 
    <div class="emails_wrap">

			




	
	
	
		
 
      <table class="noborder">

			




	
	
	
		
 
      %for em in c.user_email_map:

			




	
	
	
		
 
        <tr>

			




	
	
	
		
 
            <td><div class="gravatar"><img alt="gravatar" src="${h.gravatar_url(em.user.email,16)}"/> </div></td>

			




	
	
	
		
 
            <td><div class="email">${em.email}</div></td>

			




	
	
	
		
 
            <td>

			




	
	
	
		
 
              ${h.form(url('user_emails_delete', id=c.user.user_id),method='delete')}

			




	
	
	
		
 
                  ${h.hidden('del_email',em.email_id)}

			




	
	
	
		
 
                  ${h.submit('remove_',_('delete'),id="remove_email_%s" % em.email_id,

			




	
	
	
		
 
                  class_="delete_icon action_button", onclick="return  confirm('"+_('Confirm to delete this email: %s') % em.email+"');")}

			




	
	
	
		
 
              ${h.end_form()}

			




	
	
	
		
 
            </td>

			




	
	
	
		
 
        </tr>

			




	
	
	
		
 
      %endfor

			




	
	
	
		
 
      </table>

			




	
	
	
		
 
    </div>

			




	
	
	
		
 

			




	
	
	
		
 
    ${h.form(url('user_emails', id=c.user.user_id),method='put')}

			




	
	
	
		
 
    <div class="form">

			




	
	
	
		
 
        <!-- fields -->

			




	
	
	
		
 
        <div class="fields">

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="email">${_('New email address')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.text('new_email', class_='medium')}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 
            <div class="buttons">

			




	
	
	
		
 
              ${h.submit('save',_('Add'),class_="ui-btn large")}

			




	
	
	
		
 
              ${h.reset('reset',_('Reset'),class_="ui-btn large")}

			




	
	
	
		
 
            </div>

			




	
	
	
		
 
        </div>

			




	
	
	
		
 
    </div>

			




	
	
	
		
 
    ${h.end_form()}

			




	
	
	
		
 
</div>

			




	
	
	
		
 
</%def>

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.