# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.controllers.admin.my_account

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

my account controller for Kallithea admin

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: August 20, 2013

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import traceback

import formencode

from sqlalchemy import func

from formencode import htmlfill

from pylons import request, tmpl_context as c, url

from pylons.controllers.util import redirect

from pylons.i18n.translation import _

from kallithea import EXTERN_TYPE_INTERNAL

from kallithea.lib import helpers as h

from kallithea.lib.auth import LoginRequired, NotAnonymous, AuthUser

from kallithea.lib.base import BaseController, render

from kallithea.lib.utils2 import generate_api_key, safe_int

from kallithea.lib.compat import json

from kallithea.model.db import Repository, \

    UserEmailMap, UserApiKeys, User, UserFollowing

from kallithea.model.forms import UserForm, PasswordChangeForm

from kallithea.model.user import UserModel

from kallithea.model.repo import RepoModel

from kallithea.model.api_key import ApiKeyModel

from kallithea.model.meta import Session

log = logging.getLogger(__name__)

class MyAccountController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    # To properly map this controller, ensure your config/routing.py

    # file has a resource setup:

    #     map.resource('setting', 'settings', controller='admin/settings',

    #         path_prefix='/admin', name_prefix='admin_')

    @LoginRequired()

    @NotAnonymous()

    def __before__(self):

        super(MyAccountController, self).__before__()

    def __load_data(self):

        c.user = User.get(self.authuser.user_id)

        if c.user.username == User.DEFAULT_USER:

            h.flash(_("You can't edit this user since it's"

                      " crucial for entire application"), category='warning')

            return redirect(url('users'))

        c.EXTERN_TYPE_INTERNAL = EXTERN_TYPE_INTERNAL

    def _load_my_repos_data(self, watched=False):

        if watched:

            admin = False

            repos_list = [x.follows_repository for x in

                          Session().query(UserFollowing).filter(

                              UserFollowing.user_id ==

                              self.authuser.user_id).all()]

        else:

            admin = True

            repos_list = Session().query(Repository)\

                         .filter(Repository.user_id ==

                                 self.authuser.user_id)\

                         .order_by(func.lower(Repository.repo_name)).all()

        repos_data = RepoModel().get_repos_as_dict(repos_list=repos_list,

                                                   admin=admin)

        #json used to render the grid

        return json.dumps(repos_data)

    def my_account(self):

        """

        GET /_admin/my_account Displays info about my account

        """

        # url('my_account')

        c.active = 'profile'

        self.__load_data()

        c.perm_user = AuthUser(user_id=self.authuser.user_id)

        c.ip_addr = self.ip_addr

        defaults = c.user.get_dict()

        update = False

        if request.POST:

            _form = UserForm(edit=True,

                             old_data={'user_id': self.authuser.user_id,

                                       'email': self.authuser.email})()

            form_result = {}

            try:

                post_data = dict(request.POST)

                post_data['new_password'] = ''

                post_data['password_confirmation'] = ''

                form_result = _form.to_python(post_data)

                # skip updating those attrs for my account

                skip_attrs = ['admin', 'active', 'extern_type', 'extern_name',

                              'new_password', 'password_confirmation']

                #TODO: plugin should define if username can be updated

                    # forbid updating username for external accounts

                    skip_attrs.append('username')

                UserModel().update(self.authuser.user_id, form_result,

                                   skip_attrs=skip_attrs)

                h.flash(_('Your account was updated successfully'),

                        category='success')

                Session().commit()

                update = True

            except formencode.Invalid, errors:

                return htmlfill.render(

                    render('admin/my_account/my_account.html'),

                    defaults=errors.value,

                    errors=errors.error_dict or {},

                    prefix_error=False,

                    encoding="UTF-8",

                    force_defaults=False)

            except Exception:

                log.error(traceback.format_exc())

                h.flash(_('Error occurred during update of user %s') \

                        % form_result.get('username'), category='error')

        if update:

            return redirect('my_account')

        return htmlfill.render(

            render('admin/my_account/my_account.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def my_account_password(self):

        c.active = 'password'

        self.__load_data()

        if request.POST:

            _form = PasswordChangeForm(self.authuser.username)()

            try:

                form_result = _form.to_python(request.POST)

                UserModel().update(self.authuser.user_id, form_result)

                Session().commit()

                h.flash(_("Successfully updated password"), category='success')

            except formencode.Invalid as errors:

                return htmlfill.render(

                    render('admin/my_account/my_account.html'),

                    defaults=errors.value,

                    errors=errors.error_dict or {},

                    prefix_error=False,

                    encoding="UTF-8",

                    force_defaults=False)

            except Exception:

                log.error(traceback.format_exc())

                h.flash(_('Error occurred during update of user password'),

                        category='error')

        return render('admin/my_account/my_account.html')

    def my_account_repos(self):

        c.active = 'repos'

        self.__load_data()

        #json used to render the grid

        c.data = self._load_my_repos_data()

        return render('admin/my_account/my_account.html')

    def my_account_watched(self):

        c.active = 'watched'

        self.__load_data()

        #json used to render the grid

        c.data = self._load_my_repos_data(watched=True)

        return render('admin/my_account/my_account.html')

    def my_account_perms(self):

        c.active = 'perms'

        self.__load_data()

        c.perm_user = AuthUser(user_id=self.authuser.user_id)

        c.ip_addr = self.ip_addr

        return render('admin/my_account/my_account.html')

    def my_account_emails(self):

        c.active = 'emails'

        self.__load_data()

        c.user_email_map = UserEmailMap.query()\

            .filter(UserEmailMap.user == c.user).all()

        return render('admin/my_account/my_account.html')

    def my_account_emails_add(self):

        email = request.POST.get('new_email')

        try:

            UserModel().add_extra_email(self.authuser.user_id, email)

            Session().commit()

            h.flash(_("Added email %s to user") % email, category='success')

        except formencode.Invalid, error:

            msg = error.error_dict['email']

            h.flash(msg, category='error')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during email saving'),

                    category='error')

        return redirect(url('my_account_emails'))

    def my_account_emails_delete(self):

        email_id = request.POST.get('del_email_id')

        user_model = UserModel()

        user_model.delete_extra_email(self.authuser.user_id, email_id)

        Session().commit()

        h.flash(_("Removed email from user"), category='success')

        return redirect(url('my_account_emails'))

    def my_account_api_keys(self):

        c.active = 'api_keys'

        self.__load_data()

        show_expired = True

        c.lifetime_values = [

            (str(-1), _('Forever')),

            (str(5), _('5 minutes')),

            (str(60), _('1 hour')),

            (str(60 * 24), _('1 day')),

            (str(60 * 24 * 30), _('1 month')),

        ]

        c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]

        c.user_api_keys = ApiKeyModel().get_api_keys(self.authuser.user_id,

                                                     show_expired=show_expired)

        return render('admin/my_account/my_account.html')

    def my_account_api_keys_add(self):

        lifetime = safe_int(request.POST.get('lifetime'), -1)

        description = request.POST.get('description')

        ApiKeyModel().create(self.authuser.user_id, description, lifetime)

        Session().commit()

        h.flash(_("API key successfully created"), category='success')

        return redirect(url('my_account_api_keys'))

    def my_account_api_keys_delete(self):

        api_key = request.POST.get('del_api_key')

        user_id = self.authuser.user_id

        if request.POST.get('del_api_key_builtin'):

            user = User.get(user_id)

            if user is not None:

                user.api_key = generate_api_key()

                Session().add(user)

                Session().commit()

                h.flash(_("API key successfully reset"), category='success')

        elif api_key:

            ApiKeyModel().delete(api_key, self.authuser.user_id)

            Session().commit()

            h.flash(_("API key successfully deleted"), category='success')

        return redirect(url('my_account_api_keys'))

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.controllers.admin.users

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Users crud controller for pylons

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 4, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import traceback

import formencode

from formencode import htmlfill

from pylons import request, tmpl_context as c, url, config

from pylons.controllers.util import redirect

from pylons.i18n.translation import _

from sqlalchemy.sql.expression import func

from webob.exc import HTTPNotFound

import kallithea

from kallithea.lib.exceptions import DefaultUserException, \

    UserOwnsReposException, UserCreationError

from kallithea.lib import helpers as h

from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator, \

    AuthUser

import kallithea.lib.auth_modules.auth_internal

from kallithea.lib import auth_modules

from kallithea.lib.base import BaseController, render

from kallithea.model.api_key import ApiKeyModel

from kallithea.model.db import User, UserEmailMap, UserIpMap, UserToPerm

from kallithea.model.forms import UserForm, CustomDefaultPermissionsForm

from kallithea.model.user import UserModel

from kallithea.model.meta import Session

from kallithea.lib.utils import action_logger

from kallithea.lib.compat import json

from kallithea.lib.utils2 import datetime_to_time, safe_int, generate_api_key

log = logging.getLogger(__name__)

class UsersController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    @LoginRequired()

    @HasPermissionAllDecorator('hg.admin')

    def __before__(self):

        super(UsersController, self).__before__()

        c.available_permissions = config['available_permissions']

        c.EXTERN_TYPE_INTERNAL = kallithea.EXTERN_TYPE_INTERNAL

    def index(self, format='html'):

        """GET /users: All items in the collection"""

        # url('users')

        c.users_list = User.query().order_by(User.username)\

                        .filter(User.username != User.DEFAULT_USER)\

                        .order_by(func.lower(User.username))\

                        .all()

        users_data = []

        total_records = len(c.users_list)

        _tmpl_lookup = kallithea.CONFIG['pylons.app_globals'].mako_lookup

        template = _tmpl_lookup.get_template('data_table/_dt_elements.html')

        grav_tmpl = '<div class="gravatar">%s</div>'

        username = lambda user_id, username: (

                template.get_def("user_name")

                .render(user_id, username, _=_, h=h, c=c))

        user_actions = lambda user_id, username: (

                template.get_def("user_actions")

                .render(user_id, username, _=_, h=h, c=c))

        for user in c.users_list:

            users_data.append({

                "gravatar": grav_tmpl % h.gravatar(user.email, size=20),

                "raw_name": user.username,

                "username": username(user.user_id, user.username),

                "firstname": h.escape(user.name),

                "lastname": h.escape(user.lastname),

                "last_login": h.fmt_date(user.last_login),

                "last_login_raw": datetime_to_time(user.last_login),

                "active": h.boolicon(user.active),

                "admin": h.boolicon(user.admin),

                "extern_type": user.extern_type,

                "extern_name": user.extern_name,

                "action": user_actions(user.user_id, user.username),

            })

        c.data = json.dumps({

            "totalRecords": total_records,

            "startIndex": 0,

            "sort": None,

            "dir": "asc",

            "records": users_data

        })

        return render('admin/users/users.html')

    def create(self):

        """POST /users: Create a new item"""

        # url('users')

        c.default_extern_type = auth_modules.auth_internal.KallitheaAuthPlugin.name

        user_model = UserModel()

        user_form = UserForm()()

        try:

            form_result = user_form.to_python(dict(request.POST))

            user = user_model.create(form_result)

            usr = form_result['username']

            action_logger(self.authuser, 'admin_created_user:%s' % usr,

                          None, self.ip_addr, self.sa)

            h.flash(h.literal(_('Created user %s') % h.link_to(h.escape(usr), url('edit_user', id=user.user_id))),

                    category='success')

            Session().commit()

        except formencode.Invalid, errors:

            return htmlfill.render(

                render('admin/users/user_add.html'),

                defaults=errors.value,

                errors=errors.error_dict or {},

                prefix_error=False,

                encoding="UTF-8",

                force_defaults=False)

        except UserCreationError, e:

            h.flash(e, 'error')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('Error occurred during creation of user %s') \

                    % request.POST.get('username'), category='error')

        return redirect(url('users'))

    def new(self, format='html'):

        """GET /users/new: Form to create a new item"""

        # url('new_user')

        c.default_extern_type = auth_modules.auth_internal.KallitheaAuthPlugin.name

        return render('admin/users/user_add.html')

    def update(self, id):

        """PUT /users/id: Update an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="PUT" />

        # Or using helpers:

        #    h.form(url('update_user', id=ID),

        #           method='put')

        # url('user', id=ID)

        c.active = 'profile'

        user_model = UserModel()

        c.user = user_model.get(id)

        c.perm_user = AuthUser(user_id=id)

        c.ip_addr = self.ip_addr

        _form = UserForm(edit=True, old_data={'user_id': id,

                                              'email': c.user.email})()

        form_result = {}

        try:

            form_result = _form.to_python(dict(request.POST))

            skip_attrs = ['extern_type', 'extern_name']

            #TODO: plugin should define if username can be updated

                # forbid updating username for external accounts

                skip_attrs.append('username')

            user_model.update(id, form_result, skip_attrs=skip_attrs)

            usr = form_result['username']

            action_logger(self.authuser, 'admin_updated_user:%s' % usr,

                          None, self.ip_addr, self.sa)

            h.flash(_('User updated successfully'), category='success')

            Session().commit()

        except formencode.Invalid, errors:

            defaults = errors.value

            e = errors.error_dict or {}

            defaults.update({

                'create_repo_perm': user_model.has_perm(id,

                                                        'hg.create.repository'),

                'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),

                '_method': 'put'

            })

            return htmlfill.render(

                render('admin/users/user_edit.html'),

                defaults=defaults,

                errors=e,

                prefix_error=False,

                encoding="UTF-8",

                force_defaults=False)

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('Error occurred during update of user %s') \

                    % form_result.get('username'), category='error')

        return redirect(url('edit_user', id=id))

    def delete(self, id):

        """DELETE /users/id: Delete an existing item"""

        # Forms posted to this method should contain a hidden field:

        #    <input type="hidden" name="_method" value="DELETE" />

        # Or using helpers:

        #    h.form(url('delete_user', id=ID),

        #           method='delete')

        # url('user', id=ID)

        usr = User.get_or_404(id)

        try:

            UserModel().delete(usr)

            Session().commit()

            h.flash(_('Successfully deleted user'), category='success')

        except (UserOwnsReposException, DefaultUserException), e:

            h.flash(e, category='warning')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during deletion of user'),

                    category='error')

        return redirect(url('users'))

    def show(self, id, format='html'):

        """GET /users/id: Show a specific item"""

        # url('user', id=ID)

        User.get_or_404(-1)

    def _get_user_or_raise_if_default(self, id):

        try:

            return User.get_or_404(id, allow_default=False)

        except DefaultUserException:

            h.flash(_("The default user cannot be edited"), category='warning')

            raise HTTPNotFound

    def edit(self, id, format='html'):

        """GET /users/id/edit: Form to edit an existing item"""

        # url('edit_user', id=ID)

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'profile'

        c.perm_user = AuthUser(user_id=id)

        c.ip_addr = self.ip_addr

        defaults = c.user.get_dict()

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def edit_advanced(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'advanced'

        c.perm_user = AuthUser(user_id=id)

        c.ip_addr = self.ip_addr

        umodel = UserModel()

        defaults = c.user.get_dict()

        defaults.update({

            'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),

            'create_user_group_perm': umodel.has_perm(c.user,

                                                      'hg.usergroup.create.true'),

            'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),

        })

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def edit_api_keys(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'api_keys'

        show_expired = True

        c.lifetime_values = [

            (str(-1), _('Forever')),

            (str(5), _('5 minutes')),

            (str(60), _('1 hour')),

            (str(60 * 24), _('1 day')),

            (str(60 * 24 * 30), _('1 month')),

        ]

        c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]

        c.user_api_keys = ApiKeyModel().get_api_keys(c.user.user_id,

                                                     show_expired=show_expired)

        defaults = c.user.get_dict()

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def add_api_key(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        lifetime = safe_int(request.POST.get('lifetime'), -1)

        description = request.POST.get('description')

        ApiKeyModel().create(c.user.user_id, description, lifetime)

        Session().commit()

        h.flash(_("API key successfully created"), category='success')

        return redirect(url('edit_user_api_keys', id=c.user.user_id))

    def delete_api_key(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        api_key = request.POST.get('del_api_key')

        if request.POST.get('del_api_key_builtin'):

            user = User.get(c.user.user_id)

            if user is not None:

                user.api_key = generate_api_key()

                Session().add(user)

                Session().commit()

                h.flash(_("API key successfully reset"), category='success')

        elif api_key:

            ApiKeyModel().delete(api_key, c.user.user_id)

            Session().commit()

            h.flash(_("API key successfully deleted"), category='success')

        return redirect(url('edit_user_api_keys', id=c.user.user_id))

    def update_account(self, id):

        pass

    def edit_perms(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'perms'

        c.perm_user = AuthUser(user_id=id)

        c.ip_addr = self.ip_addr

        umodel = UserModel()

        defaults = c.user.get_dict()

        defaults.update({

            'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),

            'create_user_group_perm': umodel.has_perm(c.user,

                                                      'hg.usergroup.create.true'),

            'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),

        })

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def update_perms(self, id):

        """PUT /users_perm/id: Update an existing item"""

        # url('user_perm', id=ID, method='put')

        user = self._get_user_or_raise_if_default(id)

        try:

            form = CustomDefaultPermissionsForm()()

            form_result = form.to_python(request.POST)

            inherit_perms = form_result['inherit_default_permissions']

            user.inherit_default_permissions = inherit_perms

            Session().add(user)

            user_model = UserModel()

            defs = UserToPerm.query()\

                .filter(UserToPerm.user == user)\

                .all()

            for ug in defs:

                Session().delete(ug)

            if form_result['create_repo_perm']:

                user_model.grant_perm(id, 'hg.create.repository')

            else:

                user_model.grant_perm(id, 'hg.create.none')

            if form_result['create_user_group_perm']:

                user_model.grant_perm(id, 'hg.usergroup.create.true')

            else:

                user_model.grant_perm(id, 'hg.usergroup.create.false')

            if form_result['fork_repo_perm']:

                user_model.grant_perm(id, 'hg.fork.repository')

            else:

                user_model.grant_perm(id, 'hg.fork.none')

            h.flash(_("Updated permissions"), category='success')

            Session().commit()

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during permissions saving'),

                    category='error')

        return redirect(url('edit_user_perms', id=id))

    def edit_emails(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'emails'

        c.user_email_map = UserEmailMap.query()\

            .filter(UserEmailMap.user == c.user).all()

        defaults = c.user.get_dict()

        return htmlfill.render(

            render('admin/users/user_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False)

    def add_email(self, id):

        """POST /user_emails:Add an existing item"""

        # url('user_emails', id=ID, method='put')

        user = self._get_user_or_raise_if_default(id)

        email = request.POST.get('new_email')

        user_model = UserModel()

        try:

            user_model.add_extra_email(id, email)

            Session().commit()

            h.flash(_("Added email %s to user") % email, category='success')

        except formencode.Invalid, error:

            msg = error.error_dict['email']

            h.flash(msg, category='error')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during email saving'),

                    category='error')

        return redirect(url('edit_user_emails', id=id))

    def delete_email(self, id):

        """DELETE /user_emails_delete/id: Delete an existing item"""

        # url('user_emails_delete', id=ID, method='delete')

        user = self._get_user_or_raise_if_default(id)

        email_id = request.POST.get('del_email_id')

        user_model = UserModel()

        user_model.delete_extra_email(id, email_id)

        Session().commit()

        h.flash(_("Removed email from user"), category='success')

        return redirect(url('edit_user_emails', id=id))

    def edit_ips(self, id):

        c.user = self._get_user_or_raise_if_default(id)

        c.active = 'ips'

        c.user_ip_map = UserIpMap.query()\

            .filter(UserIpMap.user == c.user).all()

${h.form(url('my_account'), method='post')}

    <div class="form">

         <div class="field">

           <div class="gravatar_box">

               <div class="gravatar">

                 ${h.gravatar(c.user.email)}

               </div>

                <p>

                %if c.visual.use_gravatar:

                <strong>${_('Change your avatar at')} <a href="http://gravatar.com">gravatar.com</a></strong>

                <br/>${_('Using')} ${c.user.email}

                %else:

                <strong>${_('Avatars are disabled')}</strong>

                <br/>${c.user.email or _('Missing email, please update your user email address.')}

                    [${_('Current IP')}: ${c.ip_addr}]

                %endif

               </p>

           </div>

         </div>

        <% readonly = None %>

        <% disabled = "" %>

        <div class="fields">

                <% readonly = "readonly" %>

                <% disabled = " disabled" %>

                <strong>${_('Your user is in an external Source of Record; some details cannot be managed here')}.</strong>

           %endif

             <div class="field">

                <div class="label">

                    <label for="username">${_('Username')}:</label>

                </div>

                <div class="input">

                  ${h.text('username',class_='medium%s' % disabled, readonly=readonly)}

                  ${h.hidden('extern_name', c.extern_name)}

                  ${h.hidden('extern_type', c.extern_type)}

                </div>

             </div>

             <div class="field">

                <div class="label">

                    <label for="name">${_('First Name')}:</label>

                </div>

                <div class="input">

                    ${h.text('firstname',class_="medium")}

                </div>

             </div>

             <div class="field">

                <div class="label">

                    <label for="lastname">${_('Last Name')}:</label>

                </div>

                <div class="input">

                    ${h.text('lastname',class_="medium")}

                </div>

             </div>

             <div class="field">

                <div class="label">

                    <label for="email">${_('Email')}:</label>

                </div>

                <div class="input">

                    ## we should be able to edit email !

                    ${h.text('email',class_="medium")}

                </div>

             </div>

            <div class="buttons">

              ${h.submit('save',_('Save'),class_="btn")}

              ${h.reset('reset',_('Reset'),class_="btn")}

            </div>

        </div>

    </div>

${h.end_form()}

${h.form(url('update_user', id=c.user.user_id),method='put')}

<div class="form">

        <div class="field">

           <div class="gravatar_box">

                <div class="gravatar">${h.gravatar(c.user.email)}</div>

                <p>

                %if c.visual.use_gravatar:

                <strong>${_('Change avatar at')} <a href="http://gravatar.com">gravatar.com</a></strong>

                <br/>${_('Using')} ${c.user.email}

                %else:

                <strong>${_('Avatars are disabled')}</strong>

                <br/>${c.user.email or _('Missing email, please update this user email address.')}

                        ##show current ip just if we show ourself

                        %if c.authuser.username == c.user.username:

                            [${_('Current IP')}: ${c.ip_addr}]

                        %endif

                %endif

           </div>

        </div>

        <% readonly = None %>

        <% disabled = "" %>

        <div class="fields">

             <div class="field">

               <% readonly = "readonly" %>

               <% disabled = " disabled" %>

             </div>

            %endif

             <div class="field">

                <div class="label">

                    <label for="username">${_('Username')}:</label>

                </div>

                <div class="input">

                  ${h.text('username',class_='medium%s' % disabled, readonly=readonly)}

                </div>

             </div>

             <div class="field">

                <div class="label">

                    <label for="email">${_('Email')}:</label>

                </div>

                <div class="input">

                    ${h.text('email',class_='medium')}

                </div>

             </div>

             <div class="field">

                <div class="label">

                    <label for="extern_type">${_('Source of Record')}:</label>

                </div>

                <div class="input">

                    ${h.text('extern_type',class_='medium disabled',readonly="readonly")}

                </div>

             </div>

             <div class="field">

                <div class="label">

                    <label for="extern_name">${_('Name in Source of Record')}:</label>

                </div>

                <div class="input">

                    ${h.text('extern_name',class_='medium disabled',readonly="readonly")}

                </div>

             </div>

             <div class="field">

                <div class="label">

                    <label for="new_password">${_('New password')}:</label>