#HOOKS

        hooks1_key = RhodeCodeUi.HOOK_UPDATE

        hooks1_ = self.sa.query(RhodeCodeUi)\

            .filter(RhodeCodeUi.ui_key == hooks1_key).scalar()

        hooks1 = RhodeCodeUi() if hooks1_ is None else hooks1_

        hooks1.ui_section = 'hooks'

        hooks1.ui_key = hooks1_key

        hooks1.ui_value = 'hg update >&2'

        hooks1.ui_active = False

        self.sa.add(hooks1)

        hooks2_key = RhodeCodeUi.HOOK_REPO_SIZE

        hooks2_ = self.sa.query(RhodeCodeUi)\

            .filter(RhodeCodeUi.ui_key == hooks2_key).scalar()

        hooks2 = RhodeCodeUi() if hooks2_ is None else hooks2_

        hooks2.ui_section = 'hooks'

        hooks2.ui_key = hooks2_key

        hooks2.ui_value = 'python:rhodecode.lib.hooks.repo_size'

        self.sa.add(hooks2)

        hooks3 = RhodeCodeUi()

        hooks3.ui_section = 'hooks'

        hooks3.ui_key = RhodeCodeUi.HOOK_PUSH

        hooks3.ui_value = 'python:rhodecode.lib.hooks.log_push_action'

        self.sa.add(hooks3)

        hooks4 = RhodeCodeUi()

        hooks4.ui_section = 'hooks'

        hooks4.ui_key = RhodeCodeUi.HOOK_PRE_PUSH

        hooks4.ui_value = 'python:rhodecode.lib.hooks.pre_push'

        self.sa.add(hooks4)

        hooks5 = RhodeCodeUi()

        hooks5.ui_section = 'hooks'

        hooks5.ui_key = RhodeCodeUi.HOOK_PULL

        hooks5.ui_value = 'python:rhodecode.lib.hooks.log_pull_action'

        self.sa.add(hooks5)

        hooks6 = RhodeCodeUi()

        hooks6.ui_section = 'hooks'

        hooks6.ui_key = RhodeCodeUi.HOOK_PRE_PULL

        hooks6.ui_value = 'python:rhodecode.lib.hooks.pre_pull'

        self.sa.add(hooks6)

        # enable largefiles

        largefiles = RhodeCodeUi()

        largefiles.ui_section = 'extensions'

        largefiles.ui_key = 'largefiles'

        largefiles.ui_value = ''

        self.sa.add(largefiles)

        # enable hgsubversion disabled by default

        hgsubversion = RhodeCodeUi()

        hgsubversion.ui_section = 'extensions'

        hgsubversion.ui_key = 'hgsubversion'

        hgsubversion.ui_value = ''

        hgsubversion.ui_active = False

        self.sa.add(hgsubversion)

        # enable hggit disabled by default

        hggit = RhodeCodeUi()

        hggit.ui_section = 'extensions'

        hggit.ui_key = 'hggit'

        hggit.ui_value = ''

        hggit.ui_active = False

        self.sa.add(hggit)

    def create_ldap_options(self, skip_existing=False):

        """Creates ldap settings"""

        for k, v in [('ldap_active', 'false'), ('ldap_host', ''),

                    ('ldap_port', '389'), ('ldap_tls_kind', 'PLAIN'),

                    ('ldap_tls_reqcert', ''), ('ldap_dn_user', ''),

                    ('ldap_dn_pass', ''), ('ldap_base_dn', ''),

                    ('ldap_filter', ''), ('ldap_search_scope', ''),

                    ('ldap_attr_login', ''), ('ldap_attr_firstname', ''),

                    ('ldap_attr_lastname', ''), ('ldap_attr_email', '')]:

            if skip_existing and RhodeCodeSetting.get_by_name(k) is not None:

                log.debug('Skipping option %s' % k)

                continue

            setting = RhodeCodeSetting(k, v)

            self.sa.add(setting)

    def create_default_options(self, skip_existing=False):

        """Creates default settings"""

        for k, v in [

            ('default_repo_enable_locking',  False),

            ('default_repo_enable_downloads', False),

            ('default_repo_enable_statistics', False),

            ('default_repo_private', False),

            ('default_repo_type', 'hg')]:

            if skip_existing and RhodeCodeSetting.get_by_name(k) is not None:

                log.debug('Skipping option %s' % k)

                continue

            setting = RhodeCodeSetting(k, v)

            self.sa.add(setting)

    def fixup_groups(self):

        def_usr = User.get_default_user()

        for g in RepoGroup.query().all():

            g.group_name = g.get_new_name(g.name)

            self.sa.add(g)

            # get default perm

            default = UserRepoGroupToPerm.query()\

                .filter(UserRepoGroupToPerm.group == g)\

                .filter(UserRepoGroupToPerm.user == def_usr)\

                .scalar()

            if default is None:

                log.debug('missing default permission for group %s adding' % g)

                perm_obj = ReposGroupModel()._create_default_perms(g)

                self.sa.add(perm_obj)

    def reset_permissions(self, username):

        """

        Resets permissions to default state, usefull when old systems had

        bad permissions, we must clean them up

        :param username:

        """

        default_user = User.get_by_username(username)

        if not default_user:

            return

        u2p = UserToPerm.query()\

            .filter(UserToPerm.user == default_user).all()

        fixed = False

        if len(u2p) != len(Permission.DEFAULT_USER_PERMISSIONS):

            for p in u2p:

                Session().delete(p)

            fixed = True

            self.populate_default_permissions()

        return fixed

    def update_repo_info(self):

        RepoModel.update_repoinfo()

    def config_prompt(self, test_repo_path='', retries=3):

        defaults = self.cli_args

        _path = defaults.get('repos_location')

        if retries == 3:

            log.info('Setting up repositories config')

        if _path is not None:

            path = _path

        elif not self.tests and not test_repo_path:

            path = raw_input(

                 'Enter a valid absolute path to store repositories. '

                 'All repositories in that path will be added automatically:'

            )

        else:

            path = test_repo_path

        path_ok = True

        # check proper dir

        if not os.path.isdir(path):

            path_ok = False

            log.error('Given path %s is not a valid directory' % path)

        elif not os.path.isabs(path):

            path_ok = False

            log.error('Given path %s is not an absolute path' % path)

        # check write access

        elif not os.access(path, os.W_OK) and path_ok:

            path_ok = False

            log.error('No write permission to given path %s' % path)

        if retries == 0:

            sys.exit('max retries reached')

        if not path_ok:

            retries -= 1

            return self.config_prompt(test_repo_path, retries)

        real_path = os.path.normpath(os.path.realpath(path))

        if real_path != os.path.normpath(path):

            if not ask_ok(('Path looks like a symlink, Rhodecode will store '

                           'given path as %s ? [y/n]') % (real_path)):

                log.error('Canceled by user')

                sys.exit(-1)

        return real_path

    def create_settings(self, path):

        self.create_ui_settings()

        self.create_ldap_options()

        self.create_default_options()

        log.info('created ui config')

    def create_user(self, username, password, email='', admin=False):

        log.info('creating user %s' % username)

        UserModel().create_or_update(username, password, email,

                                     firstname='RhodeCode', lastname='Admin',

                                     active=True, admin=admin)

    def create_default_user(self):

        log.info('creating default user')

        # create default user for handling default permissions.

        UserModel().create_or_update(username='default',

                              password=str(uuid.uuid1())[:8],

                              email='anonymous@rhodecode.org',

                              firstname='Anonymous', lastname='User')

    def create_permissions(self):

        """

        Creates all permissions defined in the system

        """

        # module.(access|create|change|delete)_[name]

        # module.(none|read|write|admin)

        log.info('creating permissions')

        PermissionModel(self.sa).create_permissions()

    def populate_default_permissions(self):

        """

        Populate default permissions. It will create only the default

        permissions that are missing, and not alter already defined ones

        """

        log.info('creating default user permissions')

        PermissionModel(self.sa).create_default_permissions(user=User.DEFAULT_USER)

    @staticmethod

    def check_waitress():

        """

        Function executed at the end of setup

        """

        if not __py_version__ >= (2, 6):

            notify('Python2.5 detected, please switch '

                   'egg:waitress#main -> egg:Paste#http '

                   'in your .ini file')

        d = {}

        for k in self._get_keys():

            d[k] = getattr(self, k)

        # also use __json__() if present to get additional fields

        _json_attr = getattr(self, '__json__', None)

        if _json_attr:

            # update with attributes from __json__

            if callable(_json_attr):

                _json_attr = _json_attr()

            for k, val in _json_attr.iteritems():

                d[k] = val

        return d

    def get_appstruct(self):

        """return list with keys and values tupples corresponding

        to this model data """

        l = []

        for k in self._get_keys():

            l.append((k, getattr(self, k),))

        return l

    def populate_obj(self, populate_dict):

        """populate model with data from given populate_dict"""

        for k in self._get_keys():

            if k in populate_dict:

                setattr(self, k, populate_dict[k])

    @classmethod

    def query(cls):

        return Session().query(cls)

    @classmethod

    def get(cls, id_):

        if id_:

            return cls.query().get(id_)

    @classmethod

    def get_or_404(cls, id_):

        try:

            id_ = int(id_)

        except (TypeError, ValueError):

            raise HTTPNotFound

        res = cls.query().get(id_)

        if not res:

            raise HTTPNotFound

        return res

    @classmethod

    def getAll(cls):

        # deprecated and left for backward compatibility

        return cls.get_all()

    @classmethod

    def get_all(cls):

        return cls.query().all()

    @classmethod

    def delete(cls, id_):

        obj = cls.query().get(id_)

        Session().delete(obj)

    def __repr__(self):

        if hasattr(self, '__unicode__'):

            # python repr needs to return str

            return safe_str(self.__unicode__())

        return '<DB:%s>' % (self.__class__.__name__)

class RhodeCodeSetting(Base, BaseModel):

    __tablename__ = 'rhodecode_settings'

    __table_args__ = (

        UniqueConstraint('app_settings_name'),

        {'extend_existing': True, 'mysql_engine': 'InnoDB',

         'mysql_charset': 'utf8'}

    )

    app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    app_settings_name = Column("app_settings_name", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    _app_settings_value = Column("app_settings_value", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    def __init__(self, k='', v=''):

        self.app_settings_name = k

        self.app_settings_value = v

    @validates('_app_settings_value')

    def validate_settings_value(self, key, val):

        assert type(val) == unicode

        return val

    @hybrid_property

    def app_settings_value(self):

        v = self._app_settings_value

        if self.app_settings_name in ["ldap_active",

                                      "default_repo_enable_statistics",

                                      "default_repo_enable_locking",

                                      "default_repo_private",

                                      "default_repo_enable_downloads"]:

            v = str2bool(v)

        return v

    @app_settings_value.setter

    def app_settings_value(self, val):

        """

        Setter that will always make sure we use unicode in app_settings_value

        :param val:

        """

        self._app_settings_value = safe_unicode(val)

    def __unicode__(self):

        return u"<%s('%s:%s')>" % (

            self.__class__.__name__,

            self.app_settings_name, self.app_settings_value

        )

    @classmethod

    def get_by_name(cls, key):

        return cls.query()\

            .filter(cls.app_settings_name == key).scalar()

    @classmethod

    def get_by_name_or_create(cls, key):

        res = cls.get_by_name(key)

        if not res:

            res = cls(key)

        return res

    @classmethod

    def get_app_settings(cls, cache=False):

        ret = cls.query()

        if cache:

            ret = ret.options(FromCache("sql_cache_short", "get_hg_settings"))

        if not ret:

            raise Exception('Could not get application settings !')

        settings = {}

        for each in ret:

            settings['rhodecode_' + each.app_settings_name] = \

                each.app_settings_value

        return settings

    @classmethod

    def get_ldap_settings(cls, cache=False):

        ret = cls.query()\

                .filter(cls.app_settings_name.startswith('ldap_')).all()

        fd = {}

        for row in ret:

            fd.update({row.app_settings_name: row.app_settings_value})

        return fd

    @classmethod

    def get_default_repo_settings(cls, cache=False, strip_prefix=False):

        ret = cls.query()\

                .filter(cls.app_settings_name.startswith('default_')).all()

        fd = {}

        for row in ret:

            key = row.app_settings_name

            if strip_prefix:

                key = remove_prefix(key, prefix='default_')

            fd.update({key: row.app_settings_value})

        return fd

class RhodeCodeUi(Base, BaseModel):

    __tablename__ = 'rhodecode_ui'

    __table_args__ = (

        UniqueConstraint('ui_key'),

        {'extend_existing': True, 'mysql_engine': 'InnoDB',

         'mysql_charset': 'utf8'}

    )

    HOOK_UPDATE = 'changegroup.update'

    HOOK_REPO_SIZE = 'changegroup.repo_size'

    HOOK_PUSH = 'changegroup.push_logger'

    HOOK_PRE_PUSH = 'prechangegroup.pre_push'

    HOOK_PULL = 'outgoing.pull_logger'

    HOOK_PRE_PULL = 'preoutgoing.pre_pull'

    ui_id = Column("ui_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    ui_section = Column("ui_section", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    ui_key = Column("ui_key", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    ui_value = Column("ui_value", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    ui_active = Column("ui_active", Boolean(), nullable=True, unique=None, default=True)

    @classmethod

    def get_by_key(cls, key):

        return cls.query().filter(cls.ui_key == key).scalar()

    @classmethod

    def get_builtin_hooks(cls):

        q = cls.query()

        q = q.filter(cls.ui_key.in_([cls.HOOK_UPDATE, cls.HOOK_REPO_SIZE,

                                     cls.HOOK_PUSH, cls.HOOK_PRE_PUSH,

                                     cls.HOOK_PULL, cls.HOOK_PRE_PULL]))

        return q.all()

    @classmethod

    def get_custom_hooks(cls):

        q = cls.query()

        q = q.filter(~cls.ui_key.in_([cls.HOOK_UPDATE, cls.HOOK_REPO_SIZE,

                                      cls.HOOK_PUSH, cls.HOOK_PRE_PUSH,

                                      cls.HOOK_PULL, cls.HOOK_PRE_PULL]))

        q = q.filter(cls.ui_section == 'hooks')

        return q.all()

    @classmethod

    def get_repos_location(cls):

        return cls.get_by_key('/').ui_value

    @classmethod

    def create_or_update_hook(cls, key, val):

        new_ui = cls.get_by_key(key) or cls()

        new_ui.ui_section = 'hooks'

        new_ui.ui_active = True

        new_ui.ui_key = key

        new_ui.ui_value = val

        Session().add(new_ui)

    def __repr__(self):

        return '<DB:%s[%s:%s]>' % (self.__class__.__name__, self.ui_key,

                                   self.ui_value)

class User(Base, BaseModel):

    __tablename__ = 'users'

    __table_args__ = (

        UniqueConstraint('username'), UniqueConstraint('email'),

        Index('u_username_idx', 'username'),

        Index('u_email_idx', 'email'),

        {'extend_existing': True, 'mysql_engine': 'InnoDB',

         'mysql_charset': 'utf8'}

    )

    DEFAULT_USER = 'default'

    user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    username = Column("username", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    password = Column("password", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    active = Column("active", Boolean(), nullable=True, unique=None, default=True)

    admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)

    name = Column("firstname", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    lastname = Column("lastname", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    _email = Column("email", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)

    ldap_dn = Column("ldap_dn", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    api_key = Column("api_key", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    inherit_default_permissions = Column("inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)

    user_log = relationship('UserLog')

    user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')

    repositories = relationship('Repository')

    user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')

    followings = relationship('UserFollowing', primaryjoin='UserFollowing.user_id==User.user_id', cascade='all')

    repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')

    repo_group_to_perm = relationship('UserRepoGroupToPerm', primaryjoin='UserRepoGroupToPerm.user_id==User.user_id', cascade='all')

    group_member = relationship('UserGroupMember', cascade='all')

    notifications = relationship('UserNotification', cascade='all')

    # notifications assigned to this user

    user_created_notifications = relationship('Notification', cascade='all')

    # comments created by this user

    user_comments = relationship('ChangesetComment', cascade='all')

    #extra emails for this user

    user_emails = relationship('UserEmailMap', cascade='all')

    @hybrid_property

    def email(self):

        return self._email

    @email.setter

    def email(self, val):

        self._email = val.lower() if val else None

    @property

    def firstname(self):

        # alias for future

        return self.name

    @property

    def emails(self):

        other = UserEmailMap.query().filter(UserEmailMap.user==self).all()

        return [self.email] + [x.email for x in other]

    @property

    def ip_addresses(self):

        ret = UserIpMap.query().filter(UserIpMap.user == self).all()

        return [x.ip_addr for x in ret]

    @property

    def username_and_name(self):

        return '%s (%s %s)' % (self.username, self.firstname, self.lastname)

    @property

    def full_name(self):

        return '%s %s' % (self.firstname, self.lastname)

    @property

    def full_name_or_username(self):

        return ('%s %s' % (self.firstname, self.lastname)

                if (self.firstname and self.lastname) else self.username)

    @property

    def full_contact(self):

        return '%s %s <%s>' % (self.firstname, self.lastname, self.email)

    @property

    def short_contact(self):

        return '%s %s' % (self.firstname, self.lastname)

    @property

    def is_admin(self):

        return self.admin

    @property

    def AuthUser(self):

        """

        Returns instance of AuthUser for this user

        """

        from rhodecode.lib.auth import AuthUser

        return AuthUser(user_id=self.user_id, api_key=self.api_key,

                        username=self.username)

    def __unicode__(self):

        return u"<%s('id:%s:%s')>" % (self.__class__.__name__,

                                     self.user_id, self.username)

    @classmethod

    def get_by_username(cls, username, case_insensitive=False, cache=False):

        if case_insensitive:

            q = cls.query().filter(cls.username.ilike(username))

        else:

            q = cls.query().filter(cls.username == username)

        if cache:

            q = q.options(FromCache(

                            "sql_cache_short",

                            "get_user_%s" % _hash_key(username)

                          )

            )

        return q.scalar()

    @classmethod

    def get_by_api_key(cls, api_key, cache=False):

        q = cls.query().filter(cls.api_key == api_key)

        if cache:

            q = q.options(FromCache("sql_cache_short",

                                    "get_api_key_%s" % api_key))

        return q.scalar()

    @classmethod

    def get_by_email(cls, email, case_insensitive=False, cache=False):

        if case_insensitive:

            q = cls.query().filter(cls.email.ilike(email))

        else:

            q = cls.query().filter(cls.email == email)

        if cache:

            q = q.options(FromCache("sql_cache_short",

                                    "get_email_key_%s" % email))

        ret = q.scalar()

        if ret is None:

            q = UserEmailMap.query()

            # try fetching in alternate email map

            if case_insensitive:

                q = q.filter(UserEmailMap.email.ilike(email))

            else:

                q = q.filter(UserEmailMap.email == email)

            q = q.options(joinedload(UserEmailMap.user))

            if cache:

                q = q.options(FromCache("sql_cache_short",

                                        "get_email_map_key_%s" % email))