kw = {}

        kw.update(repository_dict)

        kw.update({'created_by': created_by})

        kw.update(kwargs)

        return callback(**kw)

    return 0

def log_delete_repository(repository_dict, deleted_by, **kwargs):

    """

    Post delete repository Hook. This is a dummy function for admins to re-use

    if needed. It's taken from rhodecode-extensions module and executed

    if present

    :param repository: dict dump of repository object

    :param deleted_by: username who deleted the repository

    available keys of repository_dict:

     'repo_type',

     'description',

     'private',

     'created_on',

     'enable_downloads',

     'repo_id',

     'user_id',

     'enable_statistics',

     'clone_uri',

     'fork_id',

     'group_id',

     'repo_name'

    """

    from rhodecode import EXTENSIONS

    callback = getattr(EXTENSIONS, 'DELETE_REPO_HOOK', None)

    if isfunction(callback):

        kw = {}

        kw.update(repository_dict)

        kw.update({'deleted_by': deleted_by,

                   'deleted_on': time.time()})

        kw.update(kwargs)

        return callback(**kw)

    return 0

handle_git_pre_receive = (lambda repo_path, revs, env:

    handle_git_receive(repo_path, revs, env, hook_type='pre'))

handle_git_post_receive = (lambda repo_path, revs, env:

    handle_git_receive(repo_path, revs, env, hook_type='post'))

def handle_git_receive(repo_path, revs, env, hook_type='post'):

    """

    A really hacky method that is runned by git post-receive hook and logs

    an push action together with pushed revisions. It's executed by subprocess

    thus needs all info to be able to create a on the fly pylons enviroment,

    connect to database and run the logging code. Hacky as sh*t but works.

    :param repo_path:

    :type repo_path:

    :param revs:

    :type revs:

    :param env:

    :type env:

    """

    from paste.deploy import appconfig

    from sqlalchemy import engine_from_config

    from rhodecode.config.environment import load_environment

    from rhodecode.model import init_model

    from rhodecode.model.db import RhodeCodeUi

    from rhodecode.lib.utils import make_ui

    extras = json.loads(env['RHODECODE_EXTRAS'])

    path, ini_name = os.path.split(extras['config'])

    conf = appconfig('config:%s' % ini_name, relative_to=path)

    load_environment(conf.global_conf, conf.local_conf)

    engine = engine_from_config(conf, 'sqlalchemy.db1.')

    init_model(engine)

    baseui = make_ui('db')

    # fix if it's not a bare repo

    if repo_path.endswith(os.sep + '.git'):

        repo_path = repo_path[:-5]

    repo = Repository.get_by_full_path(repo_path)

    if not repo:

        raise OSError('Repository %s not found in database'

                      % (safe_str(repo_path)))

    _hooks = dict(baseui.configitems('hooks')) or {}

    for k, v in extras.items():

        baseui.setconfig('rhodecode_extras', k, v)

    repo.ui = baseui

    if hook_type == 'pre':

        pre_push(baseui, repo)

    # if push hook is enabled via web interface

    elif hook_type == 'post' and _hooks.get(RhodeCodeUi.HOOK_PUSH):

        rev_data = []

        for l in revs:

            old_rev, new_rev, ref = l.split(' ')

            _ref_data = ref.split('/')

            if _ref_data[1] in ['tags', 'heads']:

                rev_data.append({'old_rev': old_rev,

                                 'new_rev': new_rev,

                                 'ref': ref,

                                 'type': _ref_data[1],

                                 'name': _ref_data[2].strip()})

        git_revs = []

        for push_ref  in rev_data:

            _type = push_ref['type']

            if _type == 'heads':

                if push_ref['old_rev'] == EmptyChangeset().raw_id:

                    cmd = "for-each-ref --format='%(refname)' 'refs/heads/*'"

                    heads = repo.run_git_command(cmd)[0]

                    heads = heads.replace(push_ref['ref'], '')

                    heads = ' '.join(map(lambda c: c.strip('\n').strip(),

                                         heads.splitlines()))

                    cmd = (('log %(new_rev)s' % push_ref) +

                           ' --reverse --pretty=format:"%H" --not ' + heads)

                    git_revs += repo.run_git_command(cmd)[0].splitlines()

                elif push_ref['new_rev'] == EmptyChangeset().raw_id:

                    #delete branch case

                    git_revs += ['delete_branch=>%s' % push_ref['name']]

                else:

                    cmd = (('log %(old_rev)s..%(new_rev)s' % push_ref) +

                           ' --reverse --pretty=format:"%H"')

                    git_revs += repo.run_git_command(cmd)[0].splitlines()

            elif _type == 'tags':

                git_revs += ['tag=>%s' % push_ref['name']]

        log_push_action(baseui, repo, _git_revs=git_revs)

        #======================================================================

        # CHECK ANONYMOUS PERMISSION

        #======================================================================

        if action in ['pull', 'push']:

            anonymous_user = self.__get_user('default')

            username = anonymous_user.username

            anonymous_perm = self._check_permission(action, anonymous_user,

                                                    repo_name, ip_addr)

            if anonymous_perm is not True or anonymous_user.active is False:

                if anonymous_perm is not True:

                    log.debug('Not enough credentials to access this '

                              'repository as anonymous user')

                if anonymous_user.active is False:

                    log.debug('Anonymous access is disabled, running '

                              'authentication')

                #==============================================================

                # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE

                # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS

                #==============================================================

                # Attempting to retrieve username from the container

                username = get_container_username(environ, self.config)

                # If not authenticated by the container, running basic auth

                if not username:

                    self.authenticate.realm = \

                        safe_str(self.config['rhodecode_realm'])

                    result = self.authenticate(environ)

                    if isinstance(result, str):

                        AUTH_TYPE.update(environ, 'basic')

                        REMOTE_USER.update(environ, result)

                        username = result

                    else:

                        return result.wsgi_application(environ, start_response)

                #==============================================================

                # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME

                #==============================================================

                try:

                    user = self.__get_user(username)

                    if user is None or not user.active:

                        return HTTPForbidden()(environ, start_response)

                    username = user.username

                except:

                    log.error(traceback.format_exc())

                    return HTTPInternalServerError()(environ, start_response)

                #check permissions for this repository

                perm = self._check_permission(action, user, repo_name, ip_addr)

                if perm is not True:

                    return HTTPForbidden()(environ, start_response)

        # extras are injected into UI object and later available

        # in hooks executed by rhodecode

        from rhodecode import CONFIG

        server_url = get_server_url(environ)

        extras = {

            'ip': ip_addr,

            'username': username,

            'action': action,

            'repository': repo_name,

            'scm': 'git',

            'config': CONFIG['__file__'],

            'server_url': server_url,

            'make_lock': None,

            'locked_by': [None, None]

        }

        #===================================================================

        # GIT REQUEST HANDLING

        #===================================================================

        repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name))

        log.debug('Repository path is %s' % repo_path)

        # CHECK LOCKING only if it's not ANONYMOUS USER

        if username != User.DEFAULT_USER:

            log.debug('Checking locking on repository')

            (make_lock,

             locked,

             locked_by) = self._check_locking_state(

                            environ=environ, action=action,

                            repo=repo_name, user_id=user.user_id

                       )

            # store the make_lock for later evaluation in hooks

            extras.update({'make_lock': make_lock,

                           'locked_by': locked_by})

        # set the environ variables for this request

        os.environ['RC_SCM_DATA'] = json.dumps(extras)

        fix_PATH()

        log.debug('HOOKS extras is %s' % extras)

        baseui = make_ui('db')

        self.__inject_extras(repo_path, baseui, extras)

        try:

            self._handle_githooks(repo_name, action, baseui, environ)

            log.info('%s action on GIT repo "%s" by "%s" from %s' %

                     (action, repo_name, username, ip_addr))

            app = self.__make_app(repo_name, repo_path, extras)

            return app(environ, start_response)

        except HTTPLockedRC, e:

            log.debug('Repository LOCKED ret code 423!')

            return e(environ, start_response)

        except Exception:

            log.error(traceback.format_exc())

            return HTTPInternalServerError()(environ, start_response)

    def __make_app(self, repo_name, repo_path, extras):

        """

        Make an wsgi application using dulserver

        :param repo_name: name of the repository

        :param repo_path: full path to the repository

        """

        from rhodecode.lib.middleware.pygrack import make_wsgi_app

        app = make_wsgi_app(

            repo_root=safe_str(self.basepath),

            repo_name=repo_name,

            extras=extras,

        )

        app = GunzipFilter(LimitedInputFilter(app))

        return app

    def __get_repository(self, environ):

        """

        Get's repository name out of PATH_INFO header

        :param environ: environ where PATH_INFO is stored

        """

        try:

            environ['PATH_INFO'] = self._get_by_id(environ['PATH_INFO'])

            repo_name = GIT_PROTO_PAT.match(environ['PATH_INFO']).group(1)

        except:

            log.error(traceback.format_exc())

            raise

        return repo_name

    def __get_user(self, username):

        return User.get_by_username(username)

    def __get_action(self, environ):

        """

        Maps git request commands into a pull or push command.

        :param environ:

        """

        service = environ['QUERY_STRING'].split('=')

        if len(service) > 1:

            service_cmd = service[1]

            mapping = {

                'git-receive-pack': 'push',

                'git-upload-pack': 'pull',

            }

            op = mapping[service_cmd]

            self._git_stored_op = op

            return op

        else:

            # try to fallback to stored variable as we don't know if the last

            # operation is pull/push

            op = getattr(self, '_git_stored_op', 'pull')

        return op

    def _handle_githooks(self, repo_name, action, baseui, environ):

        """

        Handles pull action, push is handled by post-receive hook

        """

        from rhodecode.lib.hooks import log_pull_action

        service = environ['QUERY_STRING'].split('=')

        if len(service) < 2:

            return

        from rhodecode.model.db import Repository

        _repo = Repository.get_by_repo_name(repo_name)

        _repo = _repo.scm_instance

        _repo._repo.ui = baseui

        _hooks = dict(baseui.configitems('hooks')) or {}

        if action == 'pull':

            # stupid git, emulate pre-pull hook !

            pre_pull(ui=baseui, repo=_repo._repo)

        if action == 'pull' and _hooks.get(RhodeCodeUi.HOOK_PULL):

            log_pull_action(ui=baseui, repo=_repo._repo)

    def __inject_extras(self, repo_path, baseui, extras={}):

        """

        Injects some extra params into baseui instance

        :param baseui: baseui instance

        :param extras: dict with extra params to put into baseui

        """

        # make our hgweb quiet so it doesn't print output

        baseui.setconfig('ui', 'quiet', 'true')

        #inject some additional parameters that will be available in ui

        #for hooks

        for k, v in extras.items():

            baseui.setconfig('rhodecode_extras', k, v)

        #======================================================================

        # CHECK ANONYMOUS PERMISSION

        #======================================================================

        if action in ['pull', 'push']:

            anonymous_user = self.__get_user('default')

            username = anonymous_user.username

            anonymous_perm = self._check_permission(action, anonymous_user,

                                                    repo_name, ip_addr)

            if anonymous_perm is not True or anonymous_user.active is False:

                if anonymous_perm is not True:

                    log.debug('Not enough credentials to access this '

                              'repository as anonymous user')

                if anonymous_user.active is False:

                    log.debug('Anonymous access is disabled, running '

                              'authentication')

                #==============================================================

                # DEFAULT PERM FAILED OR ANONYMOUS ACCESS IS DISABLED SO WE

                # NEED TO AUTHENTICATE AND ASK FOR AUTH USER PERMISSIONS

                #==============================================================

                # Attempting to retrieve username from the container

                username = get_container_username(environ, self.config)

                # If not authenticated by the container, running basic auth

                if not username:

                    self.authenticate.realm = \

                        safe_str(self.config['rhodecode_realm'])

                    result = self.authenticate(environ)

                    if isinstance(result, str):

                        AUTH_TYPE.update(environ, 'basic')

                        REMOTE_USER.update(environ, result)

                        username = result

                    else:

                        return result.wsgi_application(environ, start_response)

                #==============================================================

                # CHECK PERMISSIONS FOR THIS REQUEST USING GIVEN USERNAME

                #==============================================================

                try:

                    user = self.__get_user(username)

                    if user is None or not user.active:

                        return HTTPForbidden()(environ, start_response)

                    username = user.username

                except:

                    log.error(traceback.format_exc())

                    return HTTPInternalServerError()(environ, start_response)

                #check permissions for this repository

                perm = self._check_permission(action, user, repo_name, ip_addr)

                if perm is not True:

                    return HTTPForbidden()(environ, start_response)

        # extras are injected into mercurial UI object and later available

        # in hg hooks executed by rhodecode

        from rhodecode import CONFIG

        server_url = get_server_url(environ)

        extras = {

            'ip': ip_addr,

            'username': username,

            'action': action,

            'repository': repo_name,

            'scm': 'hg',

            'config': CONFIG['__file__'],

            'server_url': server_url,

            'make_lock': None,

            'locked_by': [None, None]

        }

        #======================================================================

        # MERCURIAL REQUEST HANDLING

        #======================================================================

        repo_path = os.path.join(safe_str(self.basepath), safe_str(repo_name))

        log.debug('Repository path is %s' % repo_path)

        # CHECK LOCKING only if it's not ANONYMOUS USER

        if username != User.DEFAULT_USER:

            log.debug('Checking locking on repository')

            (make_lock,

             locked,

             locked_by) = self._check_locking_state(

                            environ=environ, action=action,

                            repo=repo_name, user_id=user.user_id

                       )

            # store the make_lock for later evaluation in hooks

            extras.update({'make_lock': make_lock,

                           'locked_by': locked_by})

        # set the environ variables for this request

        os.environ['RC_SCM_DATA'] = json.dumps(extras)

        fix_PATH()

        log.debug('HOOKS extras is %s' % extras)

        baseui = make_ui('db')

        self.__inject_extras(repo_path, baseui, extras)

        try:

            log.info('%s action on HG repo "%s" by "%s" from %s' %

                     (action, repo_name, username, ip_addr))

            app = self.__make_app(repo_path, baseui, extras)

            return app(environ, start_response)

        except RepoError, e:

            if str(e).find('not found') != -1:

                return HTTPNotFound()(environ, start_response)

        except HTTPLockedRC, e:

            log.debug('Repository LOCKED ret code 423!')

            return e(environ, start_response)

        except Exception:

            log.error(traceback.format_exc())

            return HTTPInternalServerError()(environ, start_response)

    def __make_app(self, repo_name, baseui, extras):

        """

        Make an wsgi application using hgweb, and inject generated baseui

        instance, additionally inject some extras into ui object

        """

        return hgweb_mod.hgweb(repo_name, name=repo_name, baseui=baseui)

    def __get_repository(self, environ):

        """

        Get's repository name out of PATH_INFO header

        :param environ: environ where PATH_INFO is stored

        """

        try:

            environ['PATH_INFO'] = self._get_by_id(environ['PATH_INFO'])

            repo_name = '/'.join(environ['PATH_INFO'].split('/')[1:])

            if repo_name.endswith('/'):

                repo_name = repo_name.rstrip('/')

        except:

            log.error(traceback.format_exc())

            raise

        return repo_name

    def __get_user(self, username):

        return User.get_by_username(username)

    def __get_action(self, environ):

        """

        Maps mercurial request commands into a clone,pull or push command.

        This should always return a valid command string

        :param environ:

        """

        mapping = {'changegroup': 'pull',

                   'changegroupsubset': 'pull',

                   'stream_out': 'pull',

                   'listkeys': 'pull',

                   'unbundle': 'push',

                   'pushkey': 'push', }

        for qry in environ['QUERY_STRING'].split('&'):

            if qry.startswith('cmd'):

                cmd = qry.split('=')[-1]

                if cmd in mapping:

                    return mapping[cmd]

                return 'pull'

        raise Exception('Unable to detect pull/push action !!'

                        'Are you using non standard command or client ?')

    def __inject_extras(self, repo_path, baseui, extras={}):

        """

        Injects some extra params into baseui instance

        also overwrites global settings with those takes from local hgrc file

        :param baseui: baseui instance

        :param extras: dict with extra params to put into baseui

        """

        hgrc = os.path.join(repo_path, '.hg', 'hgrc')

        # make our hgweb quiet so it doesn't print output

        baseui.setconfig('ui', 'quiet', 'true')

        #inject some additional parameters that will be available in ui

        #for hooks

        for k, v in extras.items():

            baseui.setconfig('rhodecode_extras', k, v)

        repoui = make_ui('file', hgrc, False)

        if repoui:

            #overwrite our ui instance with the section from hgrc file

            for section in ui_sections:

                for k, v in repoui.configitems(section):

                    baseui.setconfig(section, k, v)

        :param cs_cache:

        """

        from rhodecode.lib.vcs.backends.base import BaseChangeset

        if cs_cache is None:

            cs_cache = self.get_changeset()

        if isinstance(cs_cache, BaseChangeset):

            cs_cache = cs_cache.__json__()

        if (cs_cache != self.changeset_cache

            or not self.last_change

            or not self.changeset_cache):

            _default = datetime.datetime.fromtimestamp(0)

            last_change = cs_cache.get('date') or self.last_change or _default

            log.debug('updated repo %s with new cs cache %s' % (self, cs_cache))

            self.updated_on = last_change

            self.changeset_cache = cs_cache

            Session().add(self)

            Session().commit()

        else:

            log.debug('Skipping repo:%s already with latest changes' % self)

    @property

    def tip(self):

        return self.get_changeset('tip')

    @property

    def author(self):

        return self.tip.author

    @property

    def last_change(self):

        return self.scm_instance.last_change

    def get_comments(self, revisions=None):

        """

        Returns comments for this repository grouped by revisions

        :param revisions: filter query by revisions only

        """

        cmts = ChangesetComment.query()\

            .filter(ChangesetComment.repo == self)

        if revisions:

            cmts = cmts.filter(ChangesetComment.revision.in_(revisions))

        grouped = defaultdict(list)

        for cmt in cmts.all():

            grouped[cmt.revision].append(cmt)

        return grouped

    def statuses(self, revisions=None):

        """

        Returns statuses for this repository

        :param revisions: list of revisions to get statuses for

        :type revisions: list

        """

        statuses = ChangesetStatus.query()\

            .filter(ChangesetStatus.repo == self)\

            .filter(ChangesetStatus.version == 0)

        if revisions:

            statuses = statuses.filter(ChangesetStatus.revision.in_(revisions))

        grouped = {}

        #maybe we have open new pullrequest without a status ?

        stat = ChangesetStatus.STATUS_UNDER_REVIEW

        status_lbl = ChangesetStatus.get_status_lbl(stat)

        for pr in PullRequest.query().filter(PullRequest.org_repo == self).all():

            for rev in pr.revisions:

                pr_id = pr.pull_request_id

                pr_repo = pr.other_repo.repo_name

                grouped[rev] = [stat, status_lbl, pr_id, pr_repo]

        for stat in statuses.all():

            pr_id = pr_repo = None

            if stat.pull_request:

                pr_id = stat.pull_request.pull_request_id

                pr_repo = stat.pull_request.other_repo.repo_name

            grouped[stat.revision] = [str(stat.status), stat.status_lbl,

                                      pr_id, pr_repo]

        return grouped

    #==========================================================================

    # SCM CACHE INSTANCE

    #==========================================================================

    @property

    def invalidate(self):

        return CacheInvalidation.invalidate(self.repo_name)

    def set_invalidate(self):

        """

        set a cache for invalidation for this instance

        """

        CacheInvalidation.set_invalidate(repo_name=self.repo_name)

    @LazyProperty

    def scm_instance(self):

        import rhodecode

        full_cache = str2bool(rhodecode.CONFIG.get('vcs_full_cache'))

        if full_cache:

            return self.scm_instance_cached()

        return self.__get_instance()

    def scm_instance_cached(self, cache_map=None):

        @cache_region('long_term')

        def _c(repo_name):

            return self.__get_instance()

        rn = self.repo_name

        log.debug('Getting cached instance of repo')

        if cache_map:

            # get using prefilled cache_map

            invalidate_repo = cache_map[self.repo_name]

            if invalidate_repo:

                invalidate_repo = (None if invalidate_repo.cache_active

                                   else invalidate_repo)

        else:

            # get from invalidate

            invalidate_repo = self.invalidate

        if invalidate_repo is not None:

            region_invalidate(_c, None, rn)

            # update our cache

            CacheInvalidation.set_valid(invalidate_repo.cache_key)

        return _c(rn)

    def __get_instance(self):

        repo_full_path = self.repo_full_path

        try:

            alias = get_scm(repo_full_path)[0]

            log.debug('Creating instance of %s repository' % alias)

            backend = get_backend(alias)

        except VCSError:

            log.error(traceback.format_exc())

            log.error('Perhaps this repository is in db and not in '

                      'filesystem run rescan repositories with '

                      '"destroy old data " option from admin panel')

            return

        if alias == 'hg':

            repo = backend(safe_str(repo_full_path), create=False,

                           baseui=self._ui)

            # skip hidden web repository

            if repo._get_hidden():

                return

        else:

            repo = backend(repo_full_path, create=False)

        return repo

class RepoGroup(Base, BaseModel):

    __tablename__ = 'groups'

    __table_args__ = (

        UniqueConstraint('group_name', 'group_parent_id'),

        CheckConstraint('group_id != group_parent_id'),

        {'extend_existing': True, 'mysql_engine': 'InnoDB',

         'mysql_charset': 'utf8'},

    )

    __mapper_args__ = {'order_by': 'group_name'}

    group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    group_name = Column("group_name", String(255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)

    group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)

    group_description = Column("group_description", String(10000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    enable_locking = Column("enable_locking", Boolean(), nullable=False, unique=None, default=False)

    repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')

    users_group_to_perm = relationship('UsersGroupRepoGroupToPerm', cascade='all')

    parent_group = relationship('RepoGroup', remote_side=group_id)

    def __init__(self, group_name='', parent_group=None):

        self.group_name = group_name

        self.parent_group = parent_group

    def __unicode__(self):

        return u"<%s('%s:%s')>" % (self.__class__.__name__, self.group_id,

                                  self.group_name)

    @classmethod

    def groups_choices(cls, check_perms=False):

        from webhelpers.html import literal as _literal

        from rhodecode.model.scm import ScmModel

        groups = cls.query().all()

        if check_perms:

            #filter group user have access to, it's done

            #magically inside ScmModel based on current user

            groups = ScmModel().get_repos_groups(groups)

        repo_groups = [('', '')]

        sep = ' » '