error :  null

        ERROR OUTPUT::

          id : <id_given_in_input>

          result : null

          error :  {

            'Error occurred during cache invalidation action'

          }

        """

        repo = get_repo_or_error(repoid)

            # check if we have admin permission for this repo !

            if not HasRepoPermissionAnyApi('repository.admin',

                                           'repository.write')(

                raise JSONRPCError('repository `%s` does not exist' % (repoid,))

        try:

            ScmModel().mark_for_invalidation(repo.repo_name)

            return dict(

                msg='Cache for repository `%s` was invalidated' % (repoid,),

                repository=repo.repo_name

            )

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError(

                'Error occurred during cache invalidation action'

          error :  null

        ERROR OUTPUT::

          id : <id_given_in_input>

          result : null

          error :  {

            'Error occurred locking repository `<reponame>`

          }

        """

        repo = get_repo_or_error(repoid)

            pass

        elif HasRepoPermissionAnyApi('repository.admin',

            # make sure normal user does not pass someone else userid,

            # he is not allowed to do that

            if not isinstance(userid, Optional) and userid != apiuser.user_id:

                raise JSONRPCError(

                    'userid is not the same as your user'

                )

        else:

            raise JSONRPCError('repository `%s` does not exist' % (repoid,))

        if isinstance(userid, Optional):

            userid = apiuser.user_id

        :param userid: User to get locks for

        :type userid: Optional(str or int)

        OUTPUT::

          id : <id_given_in_input>

          result : {

            [repo_object, repo_object,...]

          }

          error :  null

        """

            # make sure normal user does not pass someone else userid,

            # he is not allowed to do that

            if not isinstance(userid, Optional) and userid != apiuser.user_id:

                raise JSONRPCError(

                    'userid is not the same as your user'

                )

        ret = []

        if isinstance(userid, Optional):

            user = None

        else:

            user = get_user_or_error(userid)

                        "permissions": {

                            "global": ["hg.create.repository",

                                       "repository.read",

                                       "hg.register.manual_activate"],

                            "repositories": {"repo1": "repository.none"},

                            "repositories_groups": {"Group1": "group.read"}

                         },

                    }

            error:  null

        """

            # make sure normal user does not pass someone else userid,

            # he is not allowed to do that

            if not isinstance(userid, Optional) and userid != apiuser.user_id:

                raise JSONRPCError(

                    'userid is not the same as your user'

                )

        if isinstance(userid, Optional):

            userid = apiuser.user_id

        user = get_user_or_error(userid)

        data = user.get_api_data()

            id : <id_given_in_input>

            result : None if group not exist

                     {

                       "users_group_id" : "<id>",

                       "group_name" :     "<groupname>",

                       "active":          "<bool>",

                       "members" :  [<user_obj>,...]

                     }

            error : null

        """

        user_group = get_user_group_or_error(usergroupid)

            # check if we have at least read permission for this user group !

            _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)

            if not HasUserGroupPermissionAny(*_perms)(

                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

        data = user_group.get_api_data()

        return data

    # permission check inside

    def get_user_groups(self, apiuser):

        """

        Lists all existing user groups. This command can be executed only using

        api_key belonging to user with admin rights or user who has at least

        read access to user group.

        :param apiuser: filled automatically from apikey

        :type apiuser: AuthUser

        OUTPUT::

            id : <id_given_in_input>

            result : [<user_group_obj>,...]

            error : null

        """

        result = []

        _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)

        for user_group in UserGroupList(UserGroup.get_all(),

            result.append(user_group.get_api_data())

        return result

    @HasPermissionAnyDecorator('hg.admin', 'hg.usergroup.create.true')

    def create_user_group(self, apiuser, group_name, description=Optional(''),

                          owner=Optional(OAttr('apiuser')), active=Optional(True)):

        """

        Creates new user group. This command can be executed only using api_key

        belonging to user with admin rights or an user who has create user group

        permission

        :param apiuser: filled automatically from apikey

          error :  null

        ERROR OUTPUT::

          id : <id_given_in_input>

          result : null

          error :  {

            "failed to update user group `<user group name>`"

          }

        """

        user_group = get_user_group_or_error(usergroupid)

            # check if we have admin permission for this user group !

            _perms = ('usergroup.admin',)

            if not HasUserGroupPermissionAny(*_perms)(

                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

        if not isinstance(owner, Optional):

            owner = get_user_or_error(owner)

        updates = {}

        store_update(updates, group_name, 'users_group_name')

        store_update(updates, description, 'user_group_description')

        store_update(updates, owner, 'user')

        store_update(updates, active, 'users_group_active')

        try:

            UserGroupModel().update(user_group, updates)

        ERROR OUTPUT::

          id : <id_given_in_input>

          result : null

          error :  {

            "failed to delete user group ID:<user_group_id> <user_group_name>"

            or

            "RepoGroup assigned to <repo_groups_list>"

          }

        """

        user_group = get_user_group_or_error(usergroupid)

            # check if we have admin permission for this user group !

            _perms = ('usergroup.admin',)

            if not HasUserGroupPermissionAny(*_perms)(

                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

        try:

            UserGroupModel().delete(user_group)

            Session().commit()

            return dict(

                msg='deleted user group ID:%s %s' %

                    (user_group.users_group_id, user_group.users_group_name),

                user_group=None

            )

        except UserGroupsAssignedException as e:

            log.error(traceback.format_exc())

        ERROR OUTPUT::

          id : <id_given_in_input>

          result : null

          error :  {

            "failed to add member to user group `<user_group_name>`"

          }

        """

        user = get_user_or_error(userid)

        user_group = get_user_group_or_error(usergroupid)

            # check if we have admin permission for this user group !

            _perms = ('usergroup.admin',)

            if not HasUserGroupPermissionAny(*_perms)(

                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

        try:

            ugm = UserGroupModel().add_user_to_group(user_group, user)

            success = True if ugm != True else False

            msg = 'added member `%s` to user group `%s`' % (

                user.username, user_group.users_group_name

            )

            msg = msg if success else 'User is already in that group'

            Session().commit()

            return dict(

            id : <id_given_in_input>

            result: {

                      "success":  True|False,  # depends on if member is in group

                      "msg": "removed member <username> from user group <groupname> |

                              User wasn't in group"

                    }

            error:  null

        """

        user = get_user_or_error(userid)

        user_group = get_user_group_or_error(usergroupid)

            # check if we have admin permission for this user group !

            _perms = ('usergroup.admin',)

            if not HasUserGroupPermissionAny(*_perms)(

                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

        try:

            success = UserGroupModel().remove_user_from_group(user_group, user)

            msg = 'removed member `%s` from user group `%s`' % (

                user.username, user_group.users_group_name

            )

            msg = msg if success else "User wasn't in group"

            Session().commit()

            return dict(success=success, msg=msg)

        except Exception:

            log.error(traceback.format_exc())

                                  },

                                  …

                                ]

                 "followers":   [<user_obj>, ...]

                 ]

            }

          }

          error :  null

        """

        repo = get_repo_or_error(repoid)

            # check if we have admin permission for this repo !

            perms = ('repository.admin', 'repository.write', 'repository.read')

                raise JSONRPCError('repository `%s` does not exist' % (repoid,))

        members = []

        followers = []

        for user in repo.repo_to_perm:

            perm = user.permission.permission_name

            user = user.user

            user_data = {

                'name': user.username,

                'type': "user",

                'permission': perm

            }

                        "landing_rev":       "<landing_rev>",

                        "owner":             "<repo_owner>",

                        "fork_of":           "<name_of_fork_parent>",

                        "enable_downloads":  "<bool>",

                        "enable_locking":    "<bool>",

                        "enable_statistics": "<bool>",

                      },

                      …

                    ]

            error:  null

        """

        result = []

            repos = RepoModel().get_all_user_repos(user=apiuser)

        else:

            repos = Repository.get_all()

        for repo in repos:

            result.append(repo.get_api_data())

        return result

    # permission check inside

    def get_repo_nodes(self, apiuser, repoid, revision, root_path,

                       ret_type=Optional('all')):

        """

            id : <id_given_in_input>

            result: [

                      {

                        "name" :        "<name>"

                        "type" :        "<type>",

                      },

                      …

                    ]

            error:  null

        """

        repo = get_repo_or_error(repoid)

            # check if we have admin permission for this repo !

            perms = ('repository.admin', 'repository.write', 'repository.read')

                raise JSONRPCError('repository `%s` does not exist' % (repoid,))

        ret_type = Optional.extract(ret_type)

        _map = {}

        try:

            _d, _f = ScmModel().get_nodes(repo, revision, root_path,

                                          flat=False)

            _map = {

                'all': _d + _f,

                'files': _f,

                'dirs': _d,

            }

                    }

            error:  null

        ERROR OUTPUT::

          id : <id_given_in_input>

          result : null

          error :  {

             'failed to create repository `<repo_name>`

          }

        """

            if not isinstance(owner, Optional):

                # forbid setting owner for non-admins

                raise JSONRPCError(

                    'Only Kallithea admin can specify `owner` param'

                )

        if isinstance(owner, Optional):

            owner = apiuser.user_id

        owner = get_user_or_error(owner)

        if RepoModel().get_by_repo_name(repo_name):

            raise JSONRPCError("repo `%s` already exist" % repo_name)

        :param name:

        :param owner:

        :param group:

        :param description:

        :param private:

        :param clone_uri:

        :param landing_rev:

        :param enable_statistics:

        :param enable_locking:

        :param enable_downloads:

        """

        repo = get_repo_or_error(repoid)

            # check if we have admin permission for this repo !

                raise JSONRPCError('repository `%s` does not exist' % (repoid,))

            if (name != repo.repo_name and

                ):

                raise JSONRPCError('no permission to create (or move) repositories')

            if not isinstance(owner, Optional):

                # forbid setting owner for non-admins

                raise JSONRPCError(

                    'Only Kallithea admin can specify `owner` param'

                )

        updates = {}

        repo_group = group

        if not isinstance(repo_group, Optional):

                    }

            error:  null

        """

        repo = get_repo_or_error(repoid)

        repo_name = repo.repo_name

        _repo = RepoModel().get_by_repo_name(fork_name)

        if _repo:

            type_ = 'fork' if _repo.fork else 'repo'

            raise JSONRPCError("%s `%s` already exist" % (type_, fork_name))

            pass

        elif HasRepoPermissionAnyApi('repository.admin',

                                     'repository.write',

            if not isinstance(owner, Optional):

                # forbid setting owner for non-admins

                raise JSONRPCError(

                    'Only Kallithea admin can specify `owner` param'

                )

                raise JSONRPCError('no permission to create repositories')

        else:

            raise JSONRPCError('repository `%s` does not exist' % (repoid,))

        if isinstance(owner, Optional):

            owner = apiuser.user_id

        owner = get_user_or_error(owner)

        try:

            # create structure of groups and return the last group

            group = map_groups(fork_name)

        OUTPUT::

            id : <id_given_in_input>

            result: {

                      "msg": "Deleted repository `<reponame>`",

                      "success": true

                    }

            error:  null

        """

        repo = get_repo_or_error(repoid)

            # check if we have admin permission for this repo !

                raise JSONRPCError('repository `%s` does not exist' % (repoid,))

        try:

            handle_forks = Optional.extract(forks)

            _forks_msg = ''

            _forks = [f for f in repo.forks]

            if handle_forks == 'detach':

                _forks_msg = ' ' + 'Detached %s forks' % len(_forks)

            elif handle_forks == 'delete':

                _forks_msg = ' ' + 'Deleted %s forks' % len(_forks)

            elif _forks:

                raise JSONRPCError(

        ERROR OUTPUT::

          id : <id_given_in_input>

          result : null

          error :  {

            "failed to edit permission for user group: `<usergroup>` in repo `<repo>`'

          }

        """

        repo = get_repo_or_error(repoid)

        perm = get_perm_or_error(perm)

        user_group = get_user_group_or_error(usergroupid)

            # check if we have admin permission for this repo !

            _perms = ('repository.admin',)

            if not HasRepoPermissionAnyApi(*_perms)(

                raise JSONRPCError('repository `%s` does not exist' % (repoid,))

            # check if we have at least read permission for this user group !

            _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)

            if not HasUserGroupPermissionAny(*_perms)(

                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

        try:

            RepoModel().grant_user_group_permission(

                repo=repo, group_name=user_group, perm=perm)

            Session().commit()

            return dict(

                msg='Granted perm: `%s` for user group: `%s` in '

                    'repo: `%s`' % (

                        perm.permission_name, user_group.users_group_name,

                        repo.repo_name

        OUTPUT::

            id : <id_given_in_input>

            result: {

                      "msg" : "Revoked perm for group: `<usersgroupname>` in repo: `<reponame>`",

                      "success": true

                    }

            error:  null

        """

        repo = get_repo_or_error(repoid)

        user_group = get_user_group_or_error(usergroupid)

            # check if we have admin permission for this repo !

            _perms = ('repository.admin',)

            if not HasRepoPermissionAnyApi(*_perms)(

                raise JSONRPCError('repository `%s` does not exist' % (repoid,))

            # check if we have at least read permission for this user group !

            _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)

            if not HasUserGroupPermissionAny(*_perms)(

                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

        try:

            RepoModel().revoke_user_group_permission(

                repo=repo, group_name=user_group)

            Session().commit()

            return dict(

                msg='Revoked perm for user group: `%s` in repo: `%s`' % (

                    user_group.users_group_name, repo.repo_name

                ),

                success=True

        ERROR OUTPUT::

          id : <id_given_in_input>

          result : null

          error :  {

            "failed to edit permission for user: `<userid>` in repo group: `<repo_group_name>`"

          }

        """

        repo_group = get_repo_group_or_error(repogroupid)

            # check if we have admin permission for this repo group !

                raise JSONRPCError('repository group `%s` does not exist' % (repogroupid,))

        user = get_user_or_error(userid)

        perm = get_perm_or_error(perm, prefix='group.')

        apply_to_children = Optional.extract(apply_to_children)

        try:

            RepoGroupModel().add_permission(repo_group=repo_group,

                                            obj=user,

                                            obj_type="user",

                                            perm=perm,

                                            recursive=apply_to_children)

        ERROR OUTPUT::

          id : <id_given_in_input>

          result : null

          error :  {

            "failed to edit permission for user: `<userid>` in repo group: `<repo_group_name>`"

          }

        """

        repo_group = get_repo_group_or_error(repogroupid)

            # check if we have admin permission for this repo group !

                raise JSONRPCError('repository group `%s` does not exist' % (repogroupid,))

        user = get_user_or_error(userid)

        apply_to_children = Optional.extract(apply_to_children)

        try:

            RepoGroupModel().delete_permission(repo_group=repo_group,

                                               obj=user,

                                               obj_type="user",

                                               recursive=apply_to_children)

            Session().commit()

        ERROR OUTPUT::

          id : <id_given_in_input>

          result : null

          error :  {

            "failed to edit permission for user group: `<usergroup>` in repo group: `<repo_group_name>`"

          }

        """

        repo_group = get_repo_group_or_error(repogroupid)

        perm = get_perm_or_error(perm, prefix='group.')

        user_group = get_user_group_or_error(usergroupid)

            # check if we have admin permission for this repo group !

            _perms = ('group.admin',)

            if not HasRepoGroupPermissionAnyApi(*_perms)(

                raise JSONRPCError(

                    'repository group `%s` does not exist' % (repogroupid,))

            # check if we have at least read permission for this user group !

            _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)

            if not HasUserGroupPermissionAny(*_perms)(

                raise JSONRPCError(

                    'user group `%s` does not exist' % (usergroupid,))

        apply_to_children = Optional.extract(apply_to_children)

        try:

            RepoGroupModel().add_permission(repo_group=repo_group,

                                            obj=user_group,

                                            obj_type="user_group",

                                            perm=perm,

                                            recursive=apply_to_children)

            Session().commit()

        ERROR OUTPUT::

          id : <id_given_in_input>

          result : null

          error :  {

            "failed to edit permission for user group: `<usergroup>` in repo group: `<repo_group_name>`"

          }

        """

        repo_group = get_repo_group_or_error(repogroupid)

        user_group = get_user_group_or_error(usergroupid)

            # check if we have admin permission for this repo group !

            _perms = ('group.admin',)

            if not HasRepoGroupPermissionAnyApi(*_perms)(

                raise JSONRPCError(

                    'repository group `%s` does not exist' % (repogroupid,))

            # check if we have at least read permission for this user group !

            _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)

            if not HasUserGroupPermissionAny(*_perms)(

                raise JSONRPCError(

                    'user group `%s` does not exist' % (usergroupid,))

        apply_to_children = Optional.extract(apply_to_children)

        try:

            RepoGroupModel().delete_permission(repo_group=repo_group,

                                               obj=user_group,

                                               obj_type="user_group",

                                               recursive=apply_to_children)

            Session().commit()

            return dict(

            )

    def get_gist(self, apiuser, gistid):

        """

        Get given gist by id

        :param apiuser: filled automatically from apikey

        :type apiuser: AuthUser

        :param gistid: id of private or public gist

        :type gistid: str

        """

        gist = get_gist_or_error(gistid)

            if gist.gist_owner != apiuser.user_id:

                raise JSONRPCError('gist `%s` does not exist' % (gistid,))

        return gist.get_api_data()

    def get_gists(self, apiuser, userid=Optional(OAttr('apiuser'))):

        """

        Get all gists for given user. If userid is empty returned gists

        are for user who called the api

        :param apiuser: filled automatically from apikey

        :type apiuser: AuthUser

        :param userid: user to get gists for

        :type userid: Optional(str or int)

        """

            # make sure normal user does not pass someone else userid,

            # he is not allowed to do that

            if not isinstance(userid, Optional) and userid != apiuser.user_id:

                raise JSONRPCError(

                    'userid is not the same as your user'

                )

        if isinstance(userid, Optional):

            user_id = apiuser.user_id

        else:

            user_id = get_user_or_error(userid).user_id

          error :  null

        ERROR OUTPUT::

          id : <id_given_in_input>

          result : null

          error :  {

            "failed to delete gist ID:<gist_id>"

          }

        """

        gist = get_gist_or_error(gistid)

            if gist.gist_owner != apiuser.user_id:

                raise JSONRPCError('gist `%s` does not exist' % (gistid,))

        try:

            GistModel().delete(gist)

            Session().commit()

            return dict(

                msg='deleted gist ID:%s' % (gist.gist_access_id,),

                gist=None

            )

        except Exception:

            log.error(traceback.format_exc())

        self.required_perms = set(perms)

        self.user_perms = None

        self.repo_name = None

        self.group_name = None

    def __nonzero__(self):

        """ Defend against accidentally forgetting to call the object

            and instead evaluating it directly in a boolean context,

            which could have security implications.

        """

        raise AssertionError(self.__class__.__name__ + ' is not a bool and must be called!')

        user = request.user

        assert user

        assert isinstance(user, AuthUser), user

        cls_name = self.__class__.__name__

        check_scope = self._scope()

        log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,

                  self.required_perms, user, check_scope,

                  check_location)

        self.user_perms = user.permissions

        result = self.check_permissions()

    def _scope(self):

        return '(unknown scope)'

class HasPermissionAny(PermsFunction):

    def check_permissions(self):

        if self.required_perms.intersection(self.user_perms.get('global')):

            return True

        return False

class HasRepoPermissionAny(PermsFunction):

        self.repo_name = repo_name

    def check_permissions(self):

        if not self.repo_name:

            self.repo_name = get_repo_slug(request)

        try:

            self._user_perms = set(