# To properly map this controller, ensure your config/routing.py

    # file has a resource setup:

    #     map.resource('setting', 'settings', controller='admin/settings',

    #         path_prefix='/admin', name_prefix='admin_')

    @LoginRequired()

    @NotAnonymous()

    def __before__(self):

        super(MyAccountController, self).__before__()

    def __load_data(self):

        c.user = User.get(request.authuser.user_id)

            h.flash(_("You can't edit this user since it's"

                      " crucial for entire application"), category='warning')

            raise HTTPFound(location=url('users'))

    def _load_my_repos_data(self, watched=False):

        if watched:

            admin = False

            repos_list = Session().query(Repository) \

                         .join(UserFollowing) \

                         .filter(UserFollowing.user_id ==

                                 request.authuser.user_id).all()

        else:

class UsersController(BaseController):

    """REST Controller styled on the Atom Publishing Protocol"""

    @LoginRequired()

    @HasPermissionAnyDecorator('hg.admin')

    def __before__(self):

        super(UsersController, self).__before__()

        c.available_permissions = config['available_permissions']

    def index(self, format='html'):

        c.users_list = User.query().order_by(User.username) \

                        .order_by(func.lower(User.username)) \

                        .all()

        users_data = []

        total_records = len(c.users_list)

        _tmpl_lookup = kallithea.CONFIG['pylons.app_globals'].mako_lookup

        template = _tmpl_lookup.get_template('data_table/_dt_elements.html')

        grav_tmpl = '<div class="gravatar">%s</div>'

        username = lambda user_id, username: (

                template.get_def("user_name")

        OUTPUT::

            id : <id_given_in_input>

            result: [<user_object>, ...]

            error:  null

        """

        return [

            user.get_api_data()

            for user in User.query()

                .order_by(User.username)

        ]

    @HasPermissionAnyDecorator('hg.admin')

    def create_user(self, username, email, password=Optional(''),

                    firstname=Optional(''), lastname=Optional(''),

                    active=Optional(True), admin=Optional(False),

                    extern_type=Optional(User.DEFAULT_AUTH_TYPE),

                    extern_name=Optional('')):

        """

        Creates new user. Returns new user object. This command can

        be executed only using api_key belonging to user with admin rights.

            "groups": [],

            "email": userobj.email,

            "admin": userobj.admin,

            "active": userobj.active,

            "active_from_extern": userobj.active,

            "extern_name": userobj.user_id,

        }

        log.debug(formatted_json(user_data))

        if userobj.active:

            from kallithea.lib import auth

            password_match = auth.check_password(password, userobj.password)

                log.info('user %s authenticated correctly as anonymous user',

                         username)

                return user_data

            elif userobj.username == username and password_match:

                log.info('user %s authenticated correctly', user_data['username'])

                return user_data

            log.error("user %s had a bad password", username)

            return None

        else:

            log.warning('user %s tried auth but is disabled', username)

            return None

                .scalar()

        paths.ui_value = paths.ui_value.replace('*', '')

        self.sa.add(paths)

        self.sa.commit()

    def fix_default_user(self):

        """

        Fixes a old default user with some 'nicer' default values,

        used mostly for anonymous access

        """

        def_user.name = 'Anonymous'

        def_user.lastname = 'User'

        def_user.email = 'anonymous@kallithea-scm.org'

        self.sa.add(def_user)

        self.sa.commit()

    def fix_settings(self):

        """

        Fixes kallithea settings adds ga_code key for google analytics

        """

            'server_url': server_url,

            'make_lock': None,

            'locked_by': [None, None]

        }

        #===================================================================

        # GIT REQUEST HANDLING

        #===================================================================

        repo_path = os.path.join(safe_str(self.basepath),str_repo_name)

        log.debug('Repository path is %s', repo_path)

        # CHECK LOCKING only if it's not ANONYMOUS USER

            log.debug('Checking locking on repository')

            (make_lock,

             locked,

             locked_by) = self._check_locking_state(

                            environ=environ, action=action,

                            repo=repo_name, user_id=user.user_id

                       )

            # store the make_lock for later evaluation in hooks

            extras.update({'make_lock': make_lock,

                           'locked_by': locked_by})

        fix_PATH()

            'config': CONFIG['__file__'],

            'server_url': server_url,

            'make_lock': None,

            'locked_by': [None, None]

        }

        #======================================================================

        # MERCURIAL REQUEST HANDLING

        #======================================================================

        repo_path = os.path.join(safe_str(self.basepath), str_repo_name)

        log.debug('Repository path is %s', repo_path)

        # CHECK LOCKING only if it's not ANONYMOUS USER

            log.debug('Checking locking on repository')

            (make_lock,

             locked,

             locked_by) = self._check_locking_state(

                            environ=environ, action=action,

                            repo=repo_name, user_id=user.user_id

                       )

            # store the make_lock for later evaluation in hooks

            extras.update({'make_lock': make_lock,

                           'locked_by': locked_by})

        fix_PATH()

    >>> extract_mentioned_usernames('@1-2.a_X,@1234 not@not @ddd@not @n @ee @ff @gg, @gg;@hh @n\n@zz,')

    ['1-2.a_X', '1234', 'ddd', 'ee', 'ff', 'gg', 'hh', 'zz']

    """

    return MENTIONS_REGEX.findall(text)

def extract_mentioned_users(text):

    """ Returns set of actual database Users @mentioned in given text. """

    from kallithea.model.db import User

    result = set()

    for name in extract_mentioned_usernames(text):

        user = User.get_by_username(name, case_insensitive=True)

            result.add(user)

    return result

class AttributeDict(dict):

    def __getattr__(self, attr):

        return self.get(attr, None)

    __setattr__ = dict.__setitem__

    __delattr__ = dict.__delitem__

def fix_PATH(os_=None):

    @property

    def full_contact(self):

        return '%s %s <%s>' % (self.firstname, self.lastname, self.email)

    @property

    def short_contact(self):

        return '%s %s' % (self.firstname, self.lastname)

    @property

    def is_admin(self):

        return self.admin

    @property

    def AuthUser(self):

        """

        Returns instance of AuthUser for this user

        """

        from kallithea.lib.auth import AuthUser

        return AuthUser(dbuser=self)

    @hybrid_property

    def user_data(self):

        if not self._user_data:

            return {}

    @classmethod

    def guess_instance(cls, value):

        return super(User, cls).guess_instance(value, User.get_by_username)

    @classmethod

    def get_or_404(cls, id_, allow_default=True):

        '''

        Overridden version of BaseDbModel.get_or_404, with an extra check on

        the default user.

        '''

        user = super(User, cls).get_or_404(id_)

        return user

    @classmethod

    def get_by_username_or_email(cls, username_or_email, case_insensitive=False, cache=False):

        """

        For anything that looks like an email address, look up by the email address (matching

        case insensitively).

        For anything else, try to look up by the user name.

        This assumes no normal username can have '@' symbol.

        """

        if '@' in username_or_email:

            gr = _get_group(perm_name)

            if gr not in defined_perms_groups:

                log.debug('GR:%s not found, creating permission %s',

                          gr, perm_name)

                new_perm = _make_perm(perm_name)

                self.sa.add(new_perm)

    def update(self, form_result):

        perm_user = User.get_by_username(username=form_result['perm_user_name'])

        try:

            # stage 1 set anonymous access

                perm_user.active = str2bool(form_result['anonymous'])

                self.sa.add(perm_user)

            # stage 2 reset defaults and set them from form data

            def _make_new(usr, perm_name):

                log.debug('Creating new permission:%s', perm_name)

                new = UserToPerm()

                new.user = usr

                new.permission = Permission.get_by_key(perm_name)

                return new

            # clear current entries, to make this function idempotent

            # it will fix even if we define more permissions or permissions

log = logging.getLogger(__name__)

class PullRequestModel(BaseModel):

    def _get_valid_reviewers(self, seq):

        """ Generate User objects from a sequence of user IDs, usernames or

        User objects. Raises UserInvalidException if the DEFAULT user is

        specified, or if a given ID or username does not match any user.

        """

        for user_spec in seq:

            user = User.guess_instance(user_spec)

                raise UserInvalidException(user_spec)

            yield user

    def create(self, created_by, org_repo, org_ref, other_repo, other_ref,

               revisions, title, description, reviewers):

        pr = PullRequest()

        pr.org_repo = org_repo

        pr.org_ref = org_ref

        pr.other_repo = other_repo

        pr.other_ref = other_ref

        pr.revisions = revisions

        pr.title = title

            perms_new = []

        if not perms_updates:

            perms_updates = []

        def _set_perm_user(obj, user, perm):

            if isinstance(obj, RepoGroup):

                self.grant_user_permission(repo_group=obj, user=user, perm=perm)

            elif isinstance(obj, Repository):

                user = User.guess_instance(user)

                # private repos will not allow to change the default permissions

                # using recursive mode

                    return

                # we set group permission but we have to switch to repo

                # permission

                perm = perm.replace('group.', 'repository.')

                RepoModel().grant_user_permission(

                    repo=obj, user=user, perm=perm

                )

        def _set_perm_group(obj, users_group, perm):

            if isinstance(obj, RepoGroup):

                self.grant_user_group_permission(repo_group=obj,

            'new_username': new_user.username,

            'new_email': new_user.email,

            'new_full_name': new_user.full_name}

        NotificationModel().create(created_by=new_user, subject=subject,

                                   body=body, recipients=None,

                                   type_=Notification.TYPE_REGISTRATION,

                                   email_kwargs=email_kwargs)

    def update(self, user_id, form_data, skip_attrs=None):

        from kallithea.lib.auth import get_crypt_password

        skip_attrs = skip_attrs or []

        user = self.get(user_id, cache=False)

            raise DefaultUserException(

                            _("You can't edit this user since it's "

                              "crucial for entire application"))

        for k, v in form_data.items():

            if k in skip_attrs:

                continue

            if k == 'new_password' and v:

                user.password = get_crypt_password(v)

            else:

                # old legacy thing orm models store firstname as name,

                # need proper refactor to username

                if k == 'firstname':

                    k = 'name'

                setattr(user, k, v)

        self.sa.add(user)

    def update_user(self, user, **kwargs):

        from kallithea.lib.auth import get_crypt_password

        user = User.guess_instance(user)

            raise DefaultUserException(

                _("You can't edit this user since it's"

                  " crucial for entire application")

            )

        for k, v in kwargs.items():

            if k == 'password' and v:

                v = get_crypt_password(v)

            setattr(user, k, v)

        self.sa.add(user)

        return user

    def delete(self, user, cur_user=None):

        if cur_user is None:

            cur_user = getattr(get_current_authuser(), 'username', None)

        user = User.guess_instance(user)

            raise DefaultUserException(

                _("You can't remove this user since it is"

                  " crucial for the entire application"))

        if user.repositories:

            repos = [x.repo_name for x in user.repositories]

            raise UserOwnsReposException(

                _('User "%s" still owns %s repositories and cannot be '

                  'removed. Switch owners or remove those repositories: %s')

                % (user.username, len(repos), ', '.join(repos)))

        if user.repo_groups:

            repogroups = [x.group_name for x in user.repo_groups]

            raise UserOwnsReposException(_(

            'ws': string.whitespace,

            'printables': string.printable

        }

        id_, params = _build_data(self.apikey, 'test', args=expected)

        response = api_call(self, params)

        assert response.status == '200 OK'

        self._compare_ok(id_, expected, response.body)

    def test_api_get_users(self):

        id_, params = _build_data(self.apikey, 'get_users', )

        response = api_call(self, params)

        ret_all = []

            .order_by(User.username).all()

        for usr in _users:

            ret = usr.get_api_data()

            ret_all.append(jsonify(ret))

        expected = ret_all

        self._compare_ok(id_, expected, given=response.body)

    def test_api_get_user(self):

        id_, params = _build_data(self.apikey, 'get_user',

                                  userid=TEST_USER_ADMIN_LOGIN)

        response = api_call(self, params)

    if 'clone_url' in kwargs:

        clone_url = kwargs['clone_url']

    stdout = stderr = None

    if vcs == 'hg':

        stdout, stderr = Command(cwd).execute('hg push --verbose', clone_url)

    elif vcs == 'git':

        stdout, stderr = Command(cwd).execute('git push --verbose', clone_url + " master")

    return stdout, stderr

def set_anonymous_access(enable=True):

    user.active = enable

    Session().commit()

    print '\tanonymous access is now:', enable

        raise Exception('Cannot set anonymous access')

#==============================================================================

# TESTS

#==============================================================================

def _check_proper_git_push(stdout, stderr):

    #WTF Git stderr is output ?!

    assert 'fatal' not in stderr

    assert 'rejected' not in stderr