from kallithea.lib.vcs.exceptions import VCSError, NodeNotChangedError

log = logging.getLogger(__name__)

class GistsController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    def __load_defaults(self, extra_values=None):

        c.lifetime_values = [

            (str(-1), _('Forever')),

            (str(5), _('5 minutes')),

            (str(60), _('1 hour')),

            (str(60 * 24), _('1 day')),

            (str(60 * 24 * 30), _('1 month')),

        ]

        if extra_values:

            c.lifetime_values.append(extra_values)

        c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]

    @LoginRequired()

    def index(self):

        """GET /admin/gists: All items in the collection"""

        # url('gists')

        c.show_private = request.GET.get('private') and not_default_user

        c.show_public = request.GET.get('public') and not_default_user

        gists = Gist().query()\

            .filter(or_(Gist.gist_expires == -1, Gist.gist_expires >= time.time()))\

            .order_by(Gist.created_on.desc())

        # MY private

        if c.show_private and not c.show_public:

            gists = gists.filter(Gist.gist_type == Gist.GIST_PRIVATE)\

                             .filter(Gist.gist_owner == c.authuser.user_id)

        # MY public

        elif c.show_public and not c.show_private:

            gists = gists.filter(Gist.gist_type == Gist.GIST_PUBLIC)\

                             .filter(Gist.gist_owner == c.authuser.user_id)

        # MY public+private

        elif c.show_private and c.show_public:

            gists = gists.filter(or_(Gist.gist_type == Gist.GIST_PUBLIC,

                                     Gist.gist_type == Gist.GIST_PRIVATE))\

                             .filter(Gist.gist_owner == c.authuser.user_id)

        # default show ALL public gists

        if not c.show_public and not c.show_private:

    def _validate_came_from(self, came_from,

            _re=re.compile(r"/(?!/)[-!#$%&'()*+,./:;=?@_~0-9A-Za-z]*$")):

        """Return True if came_from is valid and can and should be used.

        Determines if a URI reference is valid and relative to the origin;

        or in RFC 3986 terms, whether it matches this production:

          origin-relative-ref = path-absolute [ "?" query ] [ "#" fragment ]

        with the exception that '%' escapes are not validated and '#' is

        allowed inside the fragment part.

        """

        return _re.match(came_from) is not None

    def index(self):

        c.came_from = safe_str(request.GET.get('came_from', ''))

        if c.came_from:

            if not self._validate_came_from(c.came_from):

                log.error('Invalid came_from (not server-relative): %r', c.came_from)

                raise HTTPBadRequest()

        else:

            c.came_from = url('home')

        ip_allowed = AuthUser.check_ip_allowed(self.authuser, self.ip_addr)

        # redirect if already logged in

            raise HTTPFound(location=c.came_from)

        if request.POST:

            # import Login Form validator class

            login_form = LoginForm()

            try:

                c.form_result = login_form.to_python(dict(request.POST))

                # form checks for username/password, now we're authenticated

                username = c.form_result['username']

                user = User.get_by_username(username, case_insensitive=True)

            except formencode.Invalid as errors:

                defaults = errors.value

                # remove password from filling in form again

                del defaults['password']

                return htmlfill.render(

                    render('/login.html'),

                    defaults=errors.value,

                    errors=errors.error_dict or {},

                    prefix_error=False,

                    encoding="UTF-8",

                    force_defaults=False)

            except UserCreationError as e:

                # container auth or other auth functions that create users on

                # the fly can throw this exception signaling that there's issue

                                                      filename=f)

                        break

                    except NodeDoesNotExistError:

                        continue

            except ChangesetError:

                log.error(traceback.format_exc())

                pass

            except EmptyRepositoryError:

                pass

            return readme_data, readme_file

        kind = 'README'

        valid = CacheInvalidation.test_and_set_valid(repo_name, kind)

        if not valid:

            region_invalidate(_get_readme_from_cache, None, repo_name, kind)

        return _get_readme_from_cache(repo_name, kind)

    @LoginRequired()

    @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',

                                   'repository.admin')

    def index(self, repo_name):

        _load_changelog_summary()

            username = safe_str(self.authuser.username)

        _def_clone_uri = _def_clone_uri_by_id = c.clone_uri_tmpl

        if '{repo}' in _def_clone_uri:

            _def_clone_uri_by_id = _def_clone_uri.replace('{repo}', '_{repoid}')

        elif '{repoid}' in _def_clone_uri:

            _def_clone_uri_by_id = _def_clone_uri.replace('_{repoid}', '{repo}')

        c.clone_repo_url = c.db_repo.clone_url(user=username,

                                                uri_tmpl=_def_clone_uri)

        c.clone_repo_url_id = c.db_repo.clone_url(user=username,

                                                uri_tmpl=_def_clone_uri_by_id)

        if c.db_repo.enable_statistics:

            c.show_stats = True

        else:

            c.show_stats = False

        stats = self.sa.query(Statistics)\

            .filter(Statistics.repository == c.db_repo)\

            .scalar()

        c.stats_percentage = 0

        self.user_id = None

        self.username = None

        self.api_key = None

        self.name = ''

        self.lastname = ''

        self.email = ''

        self.admin = False

        self.inherit_default_permissions = False

        # Look up database user, if necessary.

        if user_id is not None:

            log.debug('Auth User lookup by USER ID %s', user_id)

            dbuser = user_model.get(user_id)

        else:

            # Note: dbuser is allowed to be None.

            log.debug('Auth User lookup by database user %s', dbuser)

        is_user_loaded = self._fill_data(dbuser)

        # If user cannot be found, try falling back to anonymous.

        if not is_user_loaded:

            is_user_loaded =  self._fill_data(self.anonymous_user)

        # The anonymous user is always "logged in".

            self.is_authenticated = True

        if not self.username:

            self.username = 'None'

        log.debug('Auth User is now %s', self)

    def _fill_data(self, dbuser):

        """

        Copies database fields from a `db.User` to this `AuthUser`. Does

        not copy `api_keys` and `permissions` attributes.

        Checks that `dbuser` is `active` (and not None) before copying;

        returns True on success.

        """

        if dbuser is not None and dbuser.active:

            log.debug('filling %s data', dbuser)

            for k, v in dbuser.get_dict().iteritems():

                assert k not in ['api_keys', 'permissions']

                setattr(self, k, v)

            return True

        return False

    @LazyProperty

        return [x[0] for x in self.permissions['user_groups'].iteritems()

                if x[1] == 'usergroup.admin']

    @staticmethod

    def check_ip_allowed(user, ip_addr):

        """

        Check if the given IP address (a `str`) is allowed for the given

        user (an `AuthUser` or `db.User`).

        """

        allowed_ips = AuthUser.get_allowed_ips(user.user_id, cache=True,

            inherit_from_default=user.inherit_default_permissions)

        if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips):

            log.debug('IP:%s is in range of %s', ip_addr, allowed_ips)

            return True

        else:

            log.info('Access for IP:%s forbidden, '

                     'not in %s' % (ip_addr, allowed_ips))

            return False

    def __repr__(self):

        return "<AuthUser('id:%s[%s] auth:%s')>"\

            % (self.user_id, self.username, self.is_authenticated)

    def set_authenticated(self, authenticated=True):

            self.is_authenticated = authenticated

    def to_cookie(self):

        """ Serializes this login session to a cookie `dict`. """

        return {

            'user_id': self.user_id,

            'is_authenticated': self.is_authenticated,

            'is_external_auth': self.is_external_auth,

        }

    @staticmethod

    def from_cookie(cookie):

        """

        Deserializes an `AuthUser` from a cookie `dict`.

        """

        au = AuthUser(

            user_id=cookie.get('user_id'),

            is_external_auth=cookie.get('is_external_auth', False),

        )

        if not au.is_authenticated and au.user_id is not None:

            # user is not authenticated and not empty

            au.set_authenticated(cookie.get('is_authenticated'))

        return au

            raise HTTPBadRequest()

        # regular user authentication

        if user.is_authenticated:

            log.info('user %s authenticated with regular auth @ %s', user, loc)

            return func(*fargs, **fkwargs)

        else:

            log.warning('user %s NOT authenticated with regular auth @ %s', user, loc)

            return redirect_to_login()

class NotAnonymous(object):

    """

    Must be logged in to execute this function else

    redirect to login page"""

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        cls = fargs[0]

        self.user = cls.authuser

        log.debug('Checking if user is not anonymous @%s', cls)

            return redirect_to_login(_('You need to be a registered user to '

                    'perform this action'))

        else:

            return func(*fargs, **fkwargs)

class PermsDecorator(object):

    """Base class for controller decorators"""

    def __init__(self, *required_perms):

        self.required_perms = set(required_perms)

        self.user_perms = None

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        cls = fargs[0]

        self.user = cls.authuser

        self.user_perms = self.user.permissions

        log.debug('checking %s permissions %s for %s %s',

          self.__class__.__name__, self.required_perms, cls, self.user)

        if self.check_permissions():

            log.debug('Permission granted for %s %s', cls, self.user)

            return func(*fargs, **fkwargs)

        else:

            log.debug('Permission denied for %s %s', cls, self.user)

                return redirect_to_login(_('You need to be signed in to view this page'))

            else:

                raise HTTPForbidden()

    def check_permissions(self):

        """Dummy function for overriding"""

        raise Exception('You have to write this function in child class')

class HasPermissionAllDecorator(PermsDecorator):

    """

    Checks for access permission for all given predicates. All of them

    have to be meet in order to fulfill the request

    """

    def check_permissions(self):

        if self.required_perms.issubset(self.user_perms.get('global')):

            return True

        return False

class HasPermissionAnyDecorator(PermsDecorator):

    """

    Checks for access permission for any of given predicates. In order to