import kallithea

from kallithea.config.routing import url

from kallithea.lib import helpers as h

from kallithea.lib.compat import json

from kallithea.lib.auth import LoginRequired, \

    HasPermissionAny

from kallithea.lib.base import BaseController, render

from kallithea.model.db import RepoGroup, Repository

from kallithea.model.scm import RepoGroupList, AvailableRepoGroupChoices

from kallithea.model.repo_group import RepoGroupModel

from kallithea.model.forms import RepoGroupForm, RepoGroupPermsForm

    def __load_defaults(self, extras=(), exclude=()):

        """extras is used for keeping current parent ignoring permissions

        exclude is used for not moving group to itself TODO: also exclude descendants

        Note: only admin can create top level groups

        """

        exclude_group_ids = set(rg.group_id for rg in exclude)

        c.repo_groups = [rg for rg in repo_groups

                         if rg[0] not in exclude_group_ids]

        repo_model = RepoModel()

        c.users_array = repo_model.get_users_js()

        if _new and _new[0][1] != 'group.admin' or _up and _up[0][1] != 'group.admin':

            return True

        return False

    def index(self, format='html'):

        _list = RepoGroup.query(sorted=True).all()

        repo_groups_data = []

        total_records = len(group_iter)

        _tmpl_lookup = kallithea.CONFIG['pylons.app_globals'].mako_lookup

        template = _tmpl_lookup.get_template('data_table/_dt_elements.html')

        repo_group_name = lambda repo_group_name, children_groups: (

        else:

            # we pass in parent group into creation form, thus we know

            # what would be the group, we can check perms here !

            group_id = safe_int(request.GET.get('parent_group'))

            group = RepoGroup.get(group_id) if group_id else None

            group_name = group.group_name if group else None

                pass

            else:

                raise HTTPForbidden()

        self.__load_defaults()

        return render('admin/repo_groups/repo_group_add.html')

    def update(self, group_name):

        c.repo_group = RepoGroup.guess_instance(group_name)

        self.__load_defaults(extras=[c.repo_group.parent_group],

                             exclude=[c.repo_group])

        # TODO: kill allow_empty_group - it is only used for redundant form validation!

            log.error(traceback.format_exc())

            h.flash(_('Error occurred during update of repository group %s') \

                    % request.POST.get('group_name'), category='error')

        raise HTTPFound(location=url('edit_repo_group', group_name=group_name))

    def delete(self, group_name):

        gr = c.repo_group = RepoGroup.guess_instance(group_name)

        repos = gr.repositories.all()

        if repos:

            h.flash(_('This group contains %s repositories and cannot be '

                      'deleted') % len(repos), category='warning')

        group_name = group_name.rstrip('/')

        id_ = RepoGroup.get_by_group_name(group_name)

        if id_:

            return self.show(group_name)

        raise HTTPNotFound

    def show(self, group_name):

        c.active = 'settings'

        c.group = c.repo_group = RepoGroup.guess_instance(group_name)

        groups = RepoGroup.query(sorted=True).filter_by(parent_group=c.group).all()

                                                   admin=False, short_name=True)

        #json used to render the grid

        c.data = json.dumps(repos_data)

        return render('admin/repo_groups/repo_group_show.html')

    def edit(self, group_name):

        c.active = 'settings'

        c.repo_group = RepoGroup.guess_instance(group_name)

        self.__load_defaults(extras=[c.repo_group.parent_group],

                             exclude=[c.repo_group])

            render('admin/repo_groups/repo_group_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False

        )

    def edit_repo_group_advanced(self, group_name):

        c.active = 'advanced'

        c.repo_group = RepoGroup.guess_instance(group_name)

        return render('admin/repo_groups/repo_group_edit.html')

    def edit_repo_group_perms(self, group_name):

        c.active = 'perms'

        c.repo_group = RepoGroup.guess_instance(group_name)

        self.__load_defaults()

        defaults = self.__load_data(c.repo_group.group_id)

            render('admin/repo_groups/repo_group_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False

        )

    def update_perms(self, group_name):

        """

        Update permissions for given repository group

        :param group_name:

        """

        #action_logger(request.authuser, 'admin_changed_repo_permissions',

        #              repo_name, request.ip_addr, self.sa)

        Session().commit()

        h.flash(_('Repository group permissions updated'), category='success')

        raise HTTPFound(location=url('edit_repo_group_perms', group_name=group_name))

    def delete_perms(self, group_name):

        try:

            obj_type = request.POST.get('obj_type')

            obj_id = None

            if obj_type == 'user':

                obj_id = safe_int(request.POST.get('user_id'))

            raise HTTPFound(location=url('repos'))

        return repo_obj

    def __load_defaults(self, repo=None):

        top_perms = ['hg.create.repository']

        if HasPermissionAny('hg.create.write_on_repogroup.true')():

        extras = [] if repo is None else [repo.group]

        c.landing_revs_choices, c.landing_revs = ScmModel().get_repo_landing_revs(repo)

    def __load_data(self):

        """

        Load defaults settings for edit, and update

from pylons import request

from kallithea.controllers.api import JSONRPCController, JSONRPCError

from kallithea.lib.auth import (

    PasswordGenerator, AuthUser, HasPermissionAnyDecorator,

    HasPermissionAnyDecorator, HasPermissionAny, HasRepoPermissionLevel,

from kallithea.lib.utils import map_groups, repo2db_mapper

from kallithea.lib.utils2 import (

    str2bool, time_to_datetime, safe_int, Optional, OAttr)

from kallithea.model.meta import Session

from kallithea.model.repo_group import RepoGroupModel

from kallithea.model.scm import ScmModel, UserGroupList

        """

        repo_group = get_repo_group_or_error(repogroupid)

        if not HasPermissionAny('hg.admin')():

                raise JSONRPCError('repository group `%s` does not exist' % (repogroupid,))

        user = get_user_or_error(userid)

        perm = get_perm_or_error(perm, prefix='group.')

        apply_to_children = Optional.extract(apply_to_children)

        """

        repo_group = get_repo_group_or_error(repogroupid)

        if not HasPermissionAny('hg.admin')():

                raise JSONRPCError('repository group `%s` does not exist' % (repogroupid,))

        user = get_user_or_error(userid)

        apply_to_children = Optional.extract(apply_to_children)

        try:

        """

        repo_group = get_repo_group_or_error(repogroupid)

        perm = get_perm_or_error(perm, prefix='group.')

        user_group = get_user_group_or_error(usergroupid)

        if not HasPermissionAny('hg.admin')():

                raise JSONRPCError(

                    'repository group `%s` does not exist' % (repogroupid,))

            # check if we have at least read permission for this user group !

            _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)

            if not HasUserGroupPermissionAny(*_perms)(

        """

        repo_group = get_repo_group_or_error(repogroupid)

        user_group = get_user_group_or_error(usergroupid)

        if not HasPermissionAny('hg.admin')():

                raise JSONRPCError(

                    'repository group `%s` does not exist' % (repogroupid,))

            # check if we have at least read permission for this user group !

            _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)

            if not HasUserGroupPermissionAny(*_perms)(

class ForksController(BaseRepoController):

    def __before__(self):

        super(ForksController, self).__before__()

    def __load_defaults(self):

        if HasPermissionAny('hg.create.write_on_repogroup.true')():

        c.landing_revs_choices, c.landing_revs = ScmModel().get_repo_landing_revs()

        c.can_update = Ui.get_by_key('hooks', Ui.HOOK_UPDATE).ui_active

    def __load_data(self):

        actual_perm = self.permissions['repositories'].get(repo_name)

        ok = actual_perm in required_perms

        log.debug('Checking if user %r can %r repo %r (%s): %s (has %r)',

            self.username, level, repo_name, purpose, ok, actual_perm)

        return ok

    @property

    def api_keys(self):

        return self._get_api_keys()

    def __get_perms(self, user, explicit=True, algo='higherwin', cache=False):

        """

    def check_permissions(self, user):

        repo_name = get_repo_slug(request)

        (level,) = self.required_perms

        return user.has_repository_permission_level(repo_name, level)

    """

    Checks the user has any of given permissions for the requested repository group.

    """

    def check_permissions(self, user):

        repo_group_name = get_repo_group_slug(request)

class HasUserGroupPermissionAnyDecorator(_PermsDecorator):

    """

    Checks for access permission for any of given predicates for specific

    user group. In order to fulfill the request any of predicates must be meet

    def __call__(self, repo_name, purpose=None):

        (level,) = self.required_perms

        return request.user.has_repository_permission_level(repo_name, level, purpose)

    def __call__(self, group_name, purpose=None):

class HasUserGroupPermissionAny(_PermsFunction):

    def __call__(self, user_group_name, purpose=None):

        try:

#==============================================================================

# PERMS

#==============================================================================

from kallithea.lib.auth import HasPermissionAny, \

#==============================================================================

# GRAVATAR URL

#==============================================================================

def gravatar_div(email_address, cls='', size=30, **div_attributes):

from kallithea.lib.vcs.backends.base import EmptyChangeset

from kallithea import BACKENDS

from kallithea.lib import helpers as h

from kallithea.lib.utils2 import safe_str, safe_unicode, get_server_url, \

    _set_extras

    HasUserGroupPermissionAny, HasPermissionAny, HasPermissionAny

from kallithea.lib.utils import get_filesystem_repos, make_ui, \

    action_logger

from kallithea.model.base import BaseModel

from kallithea.model.db import Repository, Ui, CacheInvalidation, \

    UserFollowing, UserLog, User, RepoGroup, PullRequest

                    perm_checker=HasRepoPermissionLevel,

                    extra_kwargs=extra_kwargs)

class RepoGroupList(_PermCheckIterator):

        super(RepoGroupList, self).__init__(obj_list=db_repo_group_list,

                    extra_kwargs=extra_kwargs)

class UserGroupList(_PermCheckIterator):

    def __init__(self, db_user_group_list, perm_set=None, extra_kwargs=None):

        """Return the repo groups the user has access to

        If no groups are specified, use top level groups.

        """

        if groups is None:

            groups = RepoGroup.query() \

                .filter(RepoGroup.parent_group_id == None).all()

    def mark_for_invalidation(self, repo_name):

        """

        Mark caches of this repo invalid in the database.

        :param repo_name: the repo for which caches should be marked invalid

                    os.chmod(_hook_file, 0755)

                except IOError as e:

                    log.error('error writing %s: %s', _hook_file, e)

            else:

                log.debug('skipping writing hook file')

    """Return group_id,string tuples with choices for all the repo groups where

    the user has the necessary permissions.

    Top level is -1.

    """

    groups = RepoGroup.query().all()

    if HasPermissionAny('hg.admin')('available repo groups'):

        groups.append(None)

    else:

        if top_perms and HasPermissionAny(*top_perms)('available repo groups'):

            groups.append(None)

        for extra in extras:

            if not any(rg == extra for rg in groups):

                groups.append(extra)

    return RepoGroup.groups_choices(groups=groups)

from kallithea.lib import ipaddr

from kallithea.lib.utils import repo_name_slug

from kallithea.lib.utils2 import str2bool, aslist

from kallithea.model.db import RepoGroup, Repository, UserGroup, User

from kallithea.lib.exceptions import LdapImportError

from kallithea.config.routing import ADMIN_PREFIX

# silence warnings and pylint

UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \

    NotEmpty, IPAddress, CIDR, String, FancyValidator

log = logging.getLogger(__name__)

        def validate_python(self, value, state):

            gr = RepoGroup.get(value)

            gr_name = gr.group_name if gr is not None else None # None means ROOT location

            # create repositories with write permission on group is set to true

            create_on_write = HasPermissionAny('hg.create.write_on_repogroup.true')()

                                            'can write into group validator')

                                            'can write into group validator')

            forbidden = not (group_admin or (group_write and create_on_write))

            can_create_repos = HasPermissionAny('hg.admin', 'hg.create.repository')

            gid = (old_data['repo_group'].get('group_id')

                   if (old_data and 'repo_group' in old_data) else None)

            value_changed = gid != value

            if can_create_in_root and gr is None:

                #we can create in root, we're fine no validations required

                return

            forbidden_in_root = gr is None and not can_create_in_root

            if forbidden_in_root or forbidden:

                msg = self.message('permission_denied', state)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(parent_group_id=msg)

                )

              <ul class="pull-right links">

                <li>

                <%

                    gr_name = c.group.group_name if c.group else None

                    # create repositories with write permission on group is set to true

                    create_on_write = h.HasPermissionAny('hg.create.write_on_repogroup.true')()

                %>

                %if h.HasPermissionAny('hg.admin','hg.create.repository')() or (group_admin or (group_write and create_on_write)):

                  %if c.group:

                        <a href="${h.url('new_repo',parent_group=c.group.group_id)}" class="btn btn-default btn-xs"><i class="icon-plus"></i> ${_('Add Repository')}</a>

                            <a href="${h.url('new_repos_group', parent_group=c.group.group_id)}" class="btn btn-default btn-xs"><i class="icon-plus"></i> ${_('Add Repository Group')}</a>

                        %endif

                  %else:

                    <a href="${h.url('new_repo')}" class="btn btn-default btn-xs"><i class="icon-plus"></i> ${_('Add Repository')}</a>

                    %if h.HasPermissionAny('hg.admin')():

                        <a href="${h.url('new_repos_group')}" class="btn btn-default btn-xs"><i class="icon-plus"></i> ${_('Add Repository Group')}</a>

                    %endif

                  %endif

                %endif

                    <a href="${h.url('edit_repo_group',group_name=c.group.group_name)}" title="${_('You have admin right to this group, and can edit it')}" class="btn btn-default btn-xs"><i class="icon-pencil"></i> ${_('Edit Repository Group')}</a>

                %endif

                </li>

              </ul>

            %endif

        </div>