encoding="UTF-8",

                force_defaults=False)

        except UserCreationError as e:

            h.flash(e, 'error')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('Error occurred during creation of user %s') \

                    % request.POST.get('username'), category='error')

        raise HTTPFound(location=url('edit_user', id=user.user_id))

    def new(self, format='html'):

        c.default_extern_type = User.DEFAULT_AUTH_TYPE

        c.default_extern_name = ''

        return render('admin/users/user_add.html')

    def update(self, id):

        user_model = UserModel()

        user = user_model.get(id)

        _form = UserForm(edit=True, old_data={'user_id': id,

                                              'email': user.email})()

        form_result = {}

        try:

            form_result = _form.to_python(dict(request.POST))

            skip_attrs = ['extern_type', 'extern_name',

                         ] + auth_modules.get_managed_fields(user)

            user_model.update(id, form_result, skip_attrs=skip_attrs)

            usr = form_result['username']

            action_logger(self.authuser, 'admin_updated_user:%s' % usr,

                          None, self.ip_addr, self.sa)

            h.flash(_('User updated successfully'), category='success')

            Session().commit()

        except formencode.Invalid as errors:

            defaults = errors.value

            e = errors.error_dict or {}

            defaults.update({

                'create_repo_perm': user_model.has_perm(id,

                                                        'hg.create.repository'),

                'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),

            })

            return htmlfill.render(

                self._render_edit_profile(user),

                defaults=defaults,

                errors=e,

                prefix_error=False,

                encoding="UTF-8",

                force_defaults=False)

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('Error occurred during update of user %s') \

                    % form_result.get('username'), category='error')

        raise HTTPFound(location=url('edit_user', id=id))

    def delete(self, id):

        usr = User.get_or_404(id)

        try:

            UserModel().delete(usr)

            Session().commit()

            h.flash(_('Successfully deleted user'), category='success')

        except (UserOwnsReposException, DefaultUserException) as e:

            h.flash(e, category='warning')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during deletion of user'),

                    category='error')

        raise HTTPFound(location=url('users'))

    def _get_user_or_raise_if_default(self, id):

        try:

            return User.get_or_404(id, allow_default=False)

        except DefaultUserException:

            h.flash(_("The default user cannot be edited"), category='warning')

            raise HTTPNotFound

    def _render_edit_profile(self, user):

        c.user = user

        c.active = 'profile'

        c.perm_user = AuthUser(dbuser=user)

        c.ip_addr = self.ip_addr

        managed_fields = auth_modules.get_managed_fields(user)

        c.readonly = lambda n: 'readonly' if n in managed_fields else None

        return render('admin/users/user_edit.html')

    def edit(self, id, format='html'):

        user = self._get_user_or_raise_if_default(id)

        defaults = user.get_dict()

        return htmlfill.render(

            self._render_edit_profile(user),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def edit_advanced(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'advanced'

        c.ip_addr = self.ip_addr

        umodel = UserModel()

        defaults = c.user.get_dict()

        defaults.update({

            'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),

            'create_user_group_perm': umodel.has_perm(c.user,

                                                      'hg.usergroup.create.true'),

            'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),

        })

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def edit_api_keys(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'api_keys'

        show_expired = True

        c.lifetime_values = [

            (str(-1), _('Forever')),

            (str(5), _('5 minutes')),

            (str(60), _('1 hour')),

            (str(60 * 24), _('1 day')),

            (str(60 * 24 * 30), _('1 month')),

        ]

        c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]

        c.user_api_keys = ApiKeyModel().get_api_keys(c.user.user_id,

                                                     show_expired=show_expired)

        defaults = c.user.get_dict()

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def add_api_key(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        lifetime = safe_int(request.POST.get('lifetime'), -1)

        description = request.POST.get('description')

        ApiKeyModel().create(c.user.user_id, description, lifetime)

        Session().commit()

        h.flash(_("API key successfully created"), category='success')

        raise HTTPFound(location=url('edit_user_api_keys', id=c.user.user_id))

    def delete_api_key(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        api_key = request.POST.get('del_api_key')

        if request.POST.get('del_api_key_builtin'):

                Session().commit()

                h.flash(_("API key successfully reset"), category='success')

        elif api_key:

            ApiKeyModel().delete(api_key, c.user.user_id)

            Session().commit()

            h.flash(_("API key successfully deleted"), category='success')

        raise HTTPFound(location=url('edit_user_api_keys', id=c.user.user_id))

    def update_account(self, id):

        pass

    def edit_perms(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'perms'

        c.ip_addr = self.ip_addr

        umodel = UserModel()

        defaults = c.user.get_dict()

        defaults.update({

            'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),

            'create_user_group_perm': umodel.has_perm(c.user,

                                                      'hg.usergroup.create.true'),

            'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),

        })

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def update_perms(self, id):

        user = self._get_user_or_raise_if_default(id)

        try:

            form = CustomDefaultPermissionsForm()()

            form_result = form.to_python(request.POST)

            inherit_perms = form_result['inherit_default_permissions']

            user.inherit_default_permissions = inherit_perms

            user_model = UserModel()

            defs = UserToPerm.query() \

                .filter(UserToPerm.user == user) \

                .all()

            for ug in defs:

                Session().delete(ug)

            if form_result['create_repo_perm']:

                user_model.grant_perm(id, 'hg.create.repository')

            else:

                user_model.grant_perm(id, 'hg.create.none')

            if form_result['create_user_group_perm']:

                user_model.grant_perm(id, 'hg.usergroup.create.true')

            else:

                user_model.grant_perm(id, 'hg.usergroup.create.false')

            if form_result['fork_repo_perm']:

                user_model.grant_perm(id, 'hg.fork.repository')

            else:

                user_model.grant_perm(id, 'hg.fork.none')

            h.flash(_("Updated permissions"), category='success')

            Session().commit()

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during permissions saving'),

                    category='error')

        raise HTTPFound(location=url('edit_user_perms', id=id))

    def edit_emails(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'emails'

        c.user_email_map = UserEmailMap.query() \

            .filter(UserEmailMap.user == c.user).all()

        defaults = c.user.get_dict()

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def add_email(self, id):

        user = self._get_user_or_raise_if_default(id)

        email = request.POST.get('new_email')

        user_model = UserModel()

        try:

            user_model.add_extra_email(id, email)

            Session().commit()

            h.flash(_("Added email %s to user") % email, category='success')

        except formencode.Invalid as error:

            msg = error.error_dict['email']

            h.flash(msg, category='error')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during email saving'),

                    category='error')

        raise HTTPFound(location=url('edit_user_emails', id=id))

    def delete_email(self, id):

        user = self._get_user_or_raise_if_default(id)

        email_id = request.POST.get('del_email_id')

        user_model = UserModel()

        user_model.delete_extra_email(id, email_id)

        Session().commit()

        h.flash(_("Removed email from user"), category='success')

        raise HTTPFound(location=url('edit_user_emails', id=id))

    def edit_ips(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'ips'

import shutil

import logging

import traceback

from datetime import datetime

from sqlalchemy.orm import subqueryload

from kallithea.lib.utils import make_ui

from kallithea.lib.vcs.backends import get_backend

from kallithea.lib.compat import json

from kallithea.lib.utils2 import LazyProperty, safe_str, safe_unicode, \

    remove_prefix, obfuscate_url_pw, get_current_authuser

from kallithea.lib.caching_query import FromCache

from kallithea.lib.hooks import log_delete_repository

from kallithea.model import BaseModel

from kallithea.model.db import Repository, UserRepoToPerm, UserGroupRepoToPerm, \

    UserRepoGroupToPerm, UserGroupRepoGroupToPerm, User, Permission, \

    Statistics, UserGroup, Ui, RepoGroup, RepositoryField

from kallithea.lib import helpers as h

from kallithea.lib.auth import HasRepoPermissionAny, HasUserGroupPermissionAny

from kallithea.lib.exceptions import AttachedForksError

from kallithea.model.scm import UserGroupList

log = logging.getLogger(__name__)

class RepoModel(BaseModel):

    URL_SEPARATOR = Repository.url_sep()

    def _get_user_group(self, users_group):

        return UserGroup.guess_instance(users_group,

                                  callback=UserGroup.get_by_group_name)

    def _get_repo_group(self, repo_group):

        return RepoGroup.guess_instance(repo_group,

                                  callback=RepoGroup.get_by_group_name)

    def _create_default_perms(self, repository, private):

        # create default permission

        default = 'repository.read'

        def_user = User.get_default_user()

        for p in def_user.user_perms:

            if p.permission.permission_name.startswith('repository.'):

                default = p.permission.permission_name

                break

        default_perm = 'repository.none' if private else default

        repo_to_perm = UserRepoToPerm()

        repo_to_perm.permission = Permission.get_by_key(default_perm)

        repo_to_perm.repository = repository

        repo_to_perm.user_id = def_user.user_id

        return repo_to_perm

    @LazyProperty

    def repos_path(self):

        """

        Gets the repositories root path from database

        """

        q = self.sa.query(Ui).filter(Ui.ui_key == '/').one()

        return q.ui_value

    def get(self, repo_id, cache=False):

        repo = self.sa.query(Repository) \

            .filter(Repository.repo_id == repo_id)

        if cache:

            repo = repo.options(FromCache("sql_cache_short",

                                          "get_repo_%s" % repo_id))

        return repo.scalar()

    def get_repo(self, repository):

        return self._get_repo(repository)

    def get_by_repo_name(self, repo_name, cache=False):

        repo = self.sa.query(Repository) \

            .filter(Repository.repo_name == repo_name)

        if cache:

            repo = repo.options(FromCache("sql_cache_short",

                                          "get_repo_%s" % repo_name))

        return repo.scalar()

    def get_all_user_repos(self, user):

        """

        Gets all repositories that user have at least read access

        :param user:

        """

        from kallithea.lib.auth import AuthUser

        user = self._get_user(user)

        access_check = lambda r: r[1] in ['repository.read',

                                          'repository.write',

                                          'repository.admin']

        repos = [x[0] for x in filter(access_check, repos.items())]

        return Repository.query().filter(Repository.repo_name.in_(repos))

    def get_users_js(self):

        users = self.sa.query(User) \

            .filter(User.active == True) \

            .order_by(User.name, User.lastname) \

            .all()

        return json.dumps([

            {

                'id': u.user_id,

                'fname': h.escape(u.name),

                'lname': h.escape(u.lastname),

                'nname': u.username,

                'gravatar_lnk': h.gravatar_url(u.email, size=28, default='default'),

                'gravatar_size': 14,

            } for u in users]

        )

    def get_user_groups_js(self):

        user_groups = self.sa.query(UserGroup) \

            .filter(UserGroup.users_group_active == True) \

            .order_by(UserGroup.users_group_name) \

            .options(subqueryload(UserGroup.members)) \

            .all()

        user_groups = UserGroupList(user_groups, perm_set=['usergroup.read',

                                                           'usergroup.write',

                                                           'usergroup.admin'])

        return json.dumps([

            {

                'id': gr.users_group_id,

                'grname': gr.users_group_name,

                'grmembers': len(gr.members),

            } for gr in user_groups]

        )

    @classmethod

    def _render_datatable(cls, tmpl, *args, **kwargs):

        import kallithea

        from pylons import tmpl_context as c

        from pylons.i18n.translation import _

        _tmpl_lookup = kallithea.CONFIG['pylons.app_globals'].mako_lookup

        template = _tmpl_lookup.get_template('data_table/_dt_elements.html')

        tmpl = template.get_def(tmpl)

        kwargs.update(dict(_=_, h=h, c=c))

        return tmpl.render(*args, **kwargs)

    def get_repos_as_dict(self, repos_list=None, admin=False, perm_check=True,

                          super_user_actions=False, short_name=False):

        _render = self._render_datatable

        from pylons import tmpl_context as c

        def quick_menu(repo_name):

            return _render('quick_menu', repo_name)

        def repo_lnk(name, rtype, rstate, private, fork_of):

            return _render('repo_name', name, rtype, rstate, private, fork_of,

                           short_name=short_name, admin=False)

        def last_change(last_change):

            return _render("last_change", last_change)

        def rss_lnk(repo_name):

            return _render("rss", repo_name)

        def atom_lnk(repo_name):

            return _render("atom", repo_name)

        def last_rev(repo_name, cs_cache):

            return _render('revision', repo_name, cs_cache.get('revision'),

                           cs_cache.get('raw_id'), cs_cache.get('author'),

                           cs_cache.get('message'))

        def desc(desc):

            return h.urlify_text(desc, truncate=80, stylize=c.visual.stylify_metatags)

        def state(repo_state):

            return _render("repo_state", repo_state)

        def repo_actions(repo_name):

            return _render('repo_actions', repo_name, super_user_actions)

        def owner_actions(owner_id, username):

            return _render('user_name', owner_id, username)

        repos_data = []

        for repo in repos_list:

            if perm_check:

                # check permission at this level

                if not HasRepoPermissionAny(

                        'repository.read', 'repository.write',