def repositories_admin(self):

        """

        Returns list of repositories you're an admin of

        """

        return [x[0] for x in self.permissions['repositories'].iteritems()

                if x[1] == 'repository.admin']

    @property

    def repository_groups_admin(self):

        """

        Returns list of repository groups you're an admin of

        """

        return [x[0] for x in self.permissions['repositories_groups'].iteritems()

                if x[1] == 'group.admin']

    @property

    def user_groups_admin(self):

        """

        Returns list of user groups you're an admin of

        """

        return [x[0] for x in self.permissions['user_groups'].iteritems()

                if x[1] == 'usergroup.admin']

    def __repr__(self):

    def to_cookie(self):

        """ Serializes this login session to a cookie `dict`. """

        return {

            'user_id': self.user_id,

            'is_external_auth': self.is_external_auth,

        }

    @staticmethod

    def from_cookie(cookie, ip_addr):

        """

        Deserializes an `AuthUser` from a cookie `dict` ... or return None.

        """

        return AuthUser.make(

            dbuser=UserModel().get(cookie.get('user_id')),

            is_external_auth=cookie.get('is_external_auth', False),

            ip_addr=ip_addr,

        )

    @classmethod

    def get_allowed_ips(cls, user_id, cache=False):

        _set = set()

        default_ips = UserIpMap.query().filter(UserIpMap.user_id ==

        ``nodes``

            combined list of ``Node`` objects

        ``author``

            author of the changeset, as unicode

        ``message``

            message of the changeset, as unicode

        ``parents``

            list of parent changesets

        ``last``

            ``True`` if this is last changeset in repository, ``False``

            otherwise; trying to access this attribute while there is no

            changesets would raise ``EmptyRepositoryError``

    """

    def __str__(self):

        return '<%s at %s:%s>' % (self.__class__.__name__, self.revision,

            self.short_id)

    def __repr__(self):

        return self.__str__()

    def __eq__(self, other):

        if type(self) is not type(other):

            return False

        return self.raw_id == other.raw_id

    def __json__(self, with_file_list=False):

        if with_file_list:

            return dict(

                short_id=self.short_id,

                raw_id=self.raw_id,

                revision=self.revision,

                message=self.message,

                date=self.date,

                author=self.author,

                added=[safe_unicode(el.path) for el in self.added],

                changed=[safe_unicode(el.path) for el in self.changed],

                removed=[safe_unicode(el.path) for el in self.removed],

            )

        else:

            return dict(

                short_id=self.short_id,

                raw_id=self.raw_id,

                revision=self.revision,

                message=self.message,

            self_nodes_paths = list(sorted(n.path for n in self.nodes))

            other_nodes_paths = list(sorted(n.path for n in self.nodes))

            return self_nodes_paths == other_nodes_paths

    def __lt__(self, other):

        if self._kind < other._kind:

            return True

        if self._kind > other._kind:

            return False

        if self.path < other.path:

            return True

        if self.path > other.path:

            return False

        if self.is_file():

            return self.content < other.content

        else:

            # For DirNode's check without entering each dir

            self_nodes_paths = list(sorted(n.path for n in self.nodes))

            other_nodes_paths = list(sorted(n.path for n in self.nodes))

            return self_nodes_paths < other_nodes_paths

    def __repr__(self):

        return '<%s %r>' % (self.__class__.__name__, self.path)

    def get_parent_path(self):

        """

        Returns node's parent path or empty string if node is root.

        """

        if self.is_root():

            return ''

        return posixpath.dirname(self.path.rstrip('/')) + '/'

    def is_file(self):

        """

        Returns ``True`` if node's kind is ``NodeKind.FILE``, ``False``

        otherwise.

        """

        return self.kind == NodeKind.FILE

    def is_dir(self):

        """

        Returns ``True`` if node's kind is ``NodeKind.DIR``, ``False``

        otherwise.

        """

        return self.kind == NodeKind.DIR

    def is_root(self):

        """

        raise Exception(

            'given object must be int, long or Instance of %s '

            'got %s, no callback provided' % (cls, type(value))

        )

    @classmethod

    def get_or_404(cls, id_):

        try:

            id_ = int(id_)

        except (TypeError, ValueError):

            raise HTTPNotFound

        res = cls.query().get(id_)

        if res is None:

            raise HTTPNotFound

        return res

    @classmethod

    def delete(cls, id_):

        obj = cls.query().get(id_)

        Session().delete(obj)

    def __repr__(self):

        return '<DB:%s>' % (self.__class__.__name__)

_table_args_default_dict = {'extend_existing': True,

                            'mysql_engine': 'InnoDB',

                            'mysql_charset': 'utf8',

                            'sqlite_autoincrement': True,

                           }

class Setting(Base, BaseDbModel):

    __tablename__ = 'settings'

    __table_args__ = (

        _table_args_default_dict,

    )

    SETTINGS_TYPES = {

        'str': safe_str,

        'int': safe_int,

        'unicode': safe_unicode,

        'bool': str2bool,

        'list': functools.partial(aslist, sep=',')

    }

    DEFAULT_UPDATE_URL = ''

        _type = self.app_settings_type

        converter = self.SETTINGS_TYPES.get(_type) or self.SETTINGS_TYPES['unicode']

        return converter(v)

    @app_settings_value.setter

    def app_settings_value(self, val):

        """

        Setter that will always make sure we use unicode in app_settings_value

        :param val:

        """

        self._app_settings_value = safe_unicode(val)

    @hybrid_property

    def app_settings_type(self):

        return self._app_settings_type

    @app_settings_type.setter

    def app_settings_type(self, val):

        if val not in self.SETTINGS_TYPES:

            raise Exception('type must be one of %s got %s'

                            % (list(self.SETTINGS_TYPES), val))

        self._app_settings_type = val

            self.__class__.__name__,

        )

    @classmethod

    def get_by_name(cls, key):

        return cls.query() \

            .filter(cls.app_settings_name == key).scalar()

    @classmethod

    def get_by_name_or_create(cls, key, val='', type='unicode'):

        res = cls.get_by_name(key)

        if res is None:

            res = cls(key, val, type)

        return res

    @classmethod

    def create_or_update(cls, key, val=Optional(''), type=Optional('unicode')):

        """

        Creates or updates Kallithea setting. If updates are triggered, it will only

        update parameters that are explicitly set. Optional instance will be skipped.

        :param key:

        :param val:

        :param type:

        :return:

    def get_builtin_hooks(cls):

        q = cls.query()

        q = q.filter(cls.ui_key.in_([cls.HOOK_UPDATE, cls.HOOK_REPO_SIZE]))

        q = q.filter(cls.ui_section == 'hooks')

        return q.all()

    @classmethod

    def get_custom_hooks(cls):

        q = cls.query()

        q = q.filter(~cls.ui_key.in_([cls.HOOK_UPDATE, cls.HOOK_REPO_SIZE]))

        q = q.filter(cls.ui_section == 'hooks')

        return q.all()

    @classmethod

    def get_repos_location(cls):

        return cls.get_by_key('paths', '/').ui_value

    @classmethod

    def create_or_update_hook(cls, key, val):

        new_ui = cls.get_or_create('hooks', key)

        new_ui.ui_active = True

        new_ui.ui_value = val

    def __repr__(self):

class User(Base, BaseDbModel):

    __tablename__ = 'users'

    __table_args__ = (

        Index('u_username_idx', 'username'),

        Index('u_email_idx', 'email'),

        _table_args_default_dict,

    )

    DEFAULT_USER = 'default'

    DEFAULT_GRAVATAR_URL = 'https://secure.gravatar.com/avatar/{md5email}?d=identicon&s={size}'

    # The name of the default auth type in extern_type, 'internal' lives in auth_internal.py

    DEFAULT_AUTH_TYPE = 'internal'

    user_id = Column(Integer(), primary_key=True)

    username = Column(String(255), nullable=False, unique=True)

    password = Column(String(255), nullable=False)

    active = Column(Boolean(), nullable=False, default=True)

    admin = Column(Boolean(), nullable=False, default=False)

    name = Column("firstname", Unicode(255), nullable=False)

    lastname = Column(Unicode(255), nullable=False)

    _email = Column("email", String(255), nullable=True, unique=True) # FIXME: not nullable?

    last_login = Column(DateTime(timezone=False), nullable=True)

    def is_admin(self):

        return self.admin

    @hybrid_property

    def is_default_user(self):

        return self.username == User.DEFAULT_USER

    @hybrid_property

    def user_data(self):

        if not self._user_data:

            return {}

        try:

            return json.loads(self._user_data)

        except TypeError:

            return {}

    @user_data.setter

    def user_data(self, val):

        try:

            self._user_data = json.dumps(val)

        except Exception:

            log.error(traceback.format_exc())

    @classmethod

    def guess_instance(cls, value):

        return super(User, cls).guess_instance(value, User.get_by_username)

    @classmethod

    def get_or_404(cls, id_, allow_default=True):

        '''

        Overridden version of BaseDbModel.get_or_404, with an extra check on

        the default user.

        '''

        user = super(User, cls).get_or_404(id_)

        if not allow_default and user.is_default_user:

            raise DefaultUserException()

        return user

    @classmethod

    def get_by_username_or_email(cls, username_or_email, case_insensitive=False, cache=False):

        """

        For anything that looks like an email address, look up by the email address (matching

        case insensitively).

        For anything else, try to look up by the user name.

        This assumes no normal username can have '@' symbol.

class UserIpMap(Base, BaseDbModel):

    __tablename__ = 'user_ip_map'

    __table_args__ = (

        UniqueConstraint('user_id', 'ip_addr'),

        _table_args_default_dict,

    )

    ip_id = Column(Integer(), primary_key=True)

    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

    ip_addr = Column(String(255), nullable=False)

    active = Column(Boolean(), nullable=False, default=True)

    user = relationship('User')

    @classmethod

    def _get_ip_range(cls, ip_addr):

        net = ipaddr.IPNetwork(address=ip_addr)

        return [str(net.network), str(net.broadcast)]

    def __json__(self):

        return dict(

          ip_addr=self.ip_addr,

          ip_range=self._get_ip_range(self.ip_addr)

        )

class UserLog(Base, BaseDbModel):

    __tablename__ = 'user_logs'

    __table_args__ = (

        _table_args_default_dict,

    )

    user_log_id = Column(Integer(), primary_key=True)

    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=True)

    username = Column(String(255), nullable=False)

    repository_id = Column(Integer(), ForeignKey('repositories.repo_id'), nullable=True)

    repository_name = Column(Unicode(255), nullable=False)

    user_ip = Column(String(255), nullable=True)

    action = Column(UnicodeText(), nullable=False)

    action_date = Column(DateTime(timezone=False), nullable=False)

                                      self.repository_name,

                                      self.action)

    @property

    def action_as_day(self):

        return datetime.date(*self.action_date.timetuple()[:3])

    user = relationship('User')

    repository = relationship('Repository', cascade='')

class UserGroup(Base, BaseDbModel):

    __tablename__ = 'users_groups'

    __table_args__ = (

        _table_args_default_dict,

    )

    users_group_id = Column(Integer(), primary_key=True)

    users_group_name = Column(Unicode(255), nullable=False, unique=True)

    user_group_description = Column(Unicode(10000), nullable=True) # FIXME: not nullable?

    users_group_active = Column(Boolean(), nullable=False)

    owner_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)

    created_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    _group_data = Column("group_data", LargeBinary(), nullable=True)  # JSON data # FIXME: not nullable?

    users_group_repo_to_perm = relationship('UserGroupRepoToPerm', cascade='all')

    users_group_repo_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')

    user_user_group_to_perm = relationship('UserUserGroupToPerm ', cascade='all')

    user_group_user_group_to_perm = relationship('UserGroupUserGroupToPerm ', primaryjoin="UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id", cascade='all')

    owner = relationship('User')

    @hybrid_property

    def group_data(self):

        if not self._group_data:

            return {}

        try:

            return json.loads(self._group_data)

        except TypeError:

            return {}

    @group_data.setter

    def group_data(self, val):

        try:

            self._group_data = json.dumps(val)

        except Exception:

            log.error(traceback.format_exc())

                                      self.users_group_id,

                                      self.users_group_name)

    @classmethod

    def guess_instance(cls, value):

        return super(UserGroup, cls).guess_instance(value, UserGroup.get_by_group_name)

    @classmethod

    def get_by_group_name(cls, group_name, cache=False,

                          case_insensitive=False):

        if case_insensitive:

            q = cls.query().filter(func.lower(cls.users_group_name) == func.lower(group_name))

        else:

            q = cls.query().filter(cls.users_group_name == group_name)

        if cache:

            q = q.options(FromCache(

                            "sql_cache_short",

                            "get_group_%s" % _hash_key(group_name)

                          )

            )

        return q.scalar()

    @classmethod

    def get(cls, user_group_id, cache=False):

    owner = relationship('User')

    fork = relationship('Repository', remote_side=repo_id)

    group = relationship('RepoGroup')

    repo_to_perm = relationship('UserRepoToPerm', cascade='all', order_by='UserRepoToPerm.repo_to_perm_id')

    users_group_to_perm = relationship('UserGroupRepoToPerm', cascade='all')

    stats = relationship('Statistics', cascade='all', uselist=False)

    followers = relationship('UserFollowing',

                             primaryjoin='UserFollowing.follows_repository_id==Repository.repo_id',

                             cascade='all')

    extra_fields = relationship('RepositoryField',

                                cascade="all, delete-orphan")

    logs = relationship('UserLog')

    comments = relationship('ChangesetComment', cascade="all, delete-orphan")

    pull_requests_org = relationship('PullRequest',

                    primaryjoin='PullRequest.org_repo_id==Repository.repo_id',

                    cascade="all, delete-orphan")

    pull_requests_other = relationship('PullRequest',

                    primaryjoin='PullRequest.other_repo_id==Repository.repo_id',

                    cascade="all, delete-orphan")

    @hybrid_property

    def landing_rev(self):

        # always should return [rev_type, rev]

        if self._landing_revision:

            _rev_info = self._landing_revision.split(':')

            if len(_rev_info) < 2:

                _rev_info.insert(0, 'rev')

            return [_rev_info[0], _rev_info[1]]

        return [None, None]

    @landing_rev.setter

    def landing_rev(self, val):

        if ':' not in val:

            raise ValueError('value must be delimited with `:` and consist '

                             'of <rev_type>:<rev>, got %s instead' % val)

        self._landing_revision = val

    @hybrid_property

    def changeset_cache(self):

        try:

            cs_cache = json.loads(self._changeset_cache) # might raise on bad data

            cs_cache['raw_id'] # verify data, raise exception on error

            return cs_cache

    created_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')

    users_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')

    parent_group = relationship('RepoGroup', remote_side=group_id)

    owner = relationship('User')

    @classmethod

    def query(cls, sorted=False):

        """Add RepoGroup-specific helpers for common query constructs.

        sorted: if True, apply the default ordering (name, case insensitive).

        """

        q = super(RepoGroup, cls).query()

        if sorted:

            q = q.order_by(func.lower(RepoGroup.group_name))

        return q

    def __init__(self, group_name='', parent_group=None):

        self.group_name = group_name

        self.parent_group = parent_group

    @classmethod

    def _generate_choice(cls, repo_group):

        """Return tuple with group_id and name as html literal"""

        from webhelpers2.html import literal

        if repo_group is None:

            return (-1, u'-- %s --' % _('top level'))

        return repo_group.group_id, literal(cls.SEP.join(repo_group.full_path_splitted))

    @classmethod

    def groups_choices(cls, groups):

        """Return tuples with group_id and name as html literal."""

        return sorted((cls._generate_choice(g) for g in groups),

                      key=lambda c: c[1].split(cls.SEP))

    @classmethod

    def url_sep(cls):

        return URL_SEP

    @classmethod

    def guess_instance(cls, value):

        return super(RepoGroup, cls).guess_instance(value, RepoGroup.get_by_group_name)

    @classmethod

        'hg.usergroup.create.false': 0,

        'hg.usergroup.create.true': 1,

        'hg.fork.none': 0,

        'hg.fork.repository': 1,

        'hg.create.none': 0,

        'hg.create.repository': 1,

        'hg.create.write_on_repogroup.false': 0,

        'hg.create.write_on_repogroup.true': 1,

        'hg.register.none': 0,

        'hg.register.manual_activate': 1,

        'hg.register.auto_activate': 2,

        'hg.extern_activate.manual': 0,

        'hg.extern_activate.auto': 1,

    }

    permission_id = Column(Integer(), primary_key=True)

    permission_name = Column(String(255), nullable=False)

            self.__class__.__name__, self.permission_id, self.permission_name

        )

    @classmethod

    def guess_instance(cls, value):

        return super(Permission, cls).guess_instance(value, Permission.get_by_key)

    @classmethod

    def get_by_key(cls, key):

        return cls.query().filter(cls.permission_name == key).scalar()

    @classmethod

    def get_default_perms(cls, default_user_id):

        q = Session().query(UserRepoToPerm, Repository, cls) \

         .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id)) \

         .join((cls, UserRepoToPerm.permission_id == cls.permission_id)) \

         .filter(UserRepoToPerm.user_id == default_user_id)

        return q.all()

    @classmethod

    def get_default_group_perms(cls, default_user_id):

        q = Session().query(UserRepoGroupToPerm, RepoGroup, cls) \

         .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id)) \

    __tablename__ = 'repo_to_perm'

    __table_args__ = (

        UniqueConstraint('user_id', 'repository_id', 'permission_id'),

        _table_args_default_dict,

    )

    repo_to_perm_id = Column(Integer(), primary_key=True)

    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

    permission_id = Column(Integer(), ForeignKey('permissions.permission_id'), nullable=False)

    repository_id = Column(Integer(), ForeignKey('repositories.repo_id'), nullable=False)

    user = relationship('User')

    repository = relationship('Repository')

    permission = relationship('Permission')

    @classmethod

    def create(cls, user, repository, permission):

        n = cls()

        n.user = user

        n.repository = repository

        n.permission = permission

        Session().add(n)

        return n

class UserUserGroupToPerm(Base, BaseDbModel):

    __tablename__ = 'user_user_group_to_perm'

    __table_args__ = (

        UniqueConstraint('user_id', 'user_group_id', 'permission_id'),

        _table_args_default_dict,

    )

    user_user_group_to_perm_id = Column(Integer(), primary_key=True)

    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

    permission_id = Column(Integer(), ForeignKey('permissions.permission_id'), nullable=False)

    user_group_id = Column(Integer(), ForeignKey('users_groups.users_group_id'), nullable=False)

    user = relationship('User')

    user_group = relationship('UserGroup')

    permission = relationship('Permission')

    @classmethod

    def create(cls, user, user_group, permission):

        n = cls()

        n.user = user

        n.user_group = user_group

        n.permission = permission

        Session().add(n)

        return n

class UserToPerm(Base, BaseDbModel):

    __tablename__ = 'user_to_perm'

    __table_args__ = (

        UniqueConstraint('user_id', 'permission_id'),

        _table_args_default_dict,

    )

    user_to_perm_id = Column(Integer(), primary_key=True)

    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

    permission_id = Column(Integer(), ForeignKey('permissions.permission_id'), nullable=False)

    user = relationship('User')

    permission = relationship('Permission')

class UserGroupRepoToPerm(Base, BaseDbModel):

    __tablename__ = 'users_group_repo_to_perm'

    __table_args__ = (

        UniqueConstraint('repository_id', 'users_group_id', 'permission_id'),

        _table_args_default_dict,

    )

    users_group_to_perm_id = Column(Integer(), primary_key=True)

    users_group_id = Column(Integer(), ForeignKey('users_groups.users_group_id'), nullable=False)

    permission_id = Column(Integer(), ForeignKey('permissions.permission_id'), nullable=False)

    repository_id = Column(Integer(), ForeignKey('repositories.repo_id'), nullable=False)

    users_group = relationship('UserGroup')

    permission = relationship('Permission')

    repository = relationship('Repository')

    @classmethod

    def create(cls, users_group, repository, permission):

        n = cls()

        n.users_group = users_group

        n.repository = repository

        n.permission = permission

        Session().add(n)

        return n

class UserGroupUserGroupToPerm(Base, BaseDbModel):

    __tablename__ = 'user_group_user_group_to_perm'

    __table_args__ = (

        UniqueConstraint('target_user_group_id', 'user_group_id', 'permission_id'),

        _table_args_default_dict,

    )

    user_group_user_group_to_perm_id = Column(Integer(), primary_key=True)

    target_user_group_id = Column(Integer(), ForeignKey('users_groups.users_group_id'), nullable=False)

    permission_id = Column(Integer(), ForeignKey('permissions.permission_id'), nullable=False)

    user_group_id = Column(Integer(), ForeignKey('users_groups.users_group_id'), nullable=False)

    target_user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id')

    user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.user_group_id==UserGroup.users_group_id')

    permission = relationship('Permission')

    @classmethod

    def create(cls, target_user_group, user_group, permission):

        n = cls()

        n.target_user_group = target_user_group

        n.user_group = user_group

        n.permission = permission

        Session().add(n)

        return n

class UserGroupToPerm(Base, BaseDbModel):

    __tablename__ = 'users_group_to_perm'

    __table_args__ = (

        UniqueConstraint('users_group_id', 'permission_id',),

        _table_args_default_dict,

    )

    users_group_to_perm_id = Column(Integer(), primary_key=True)

    users_group_id = Column(Integer(), ForeignKey('users_groups.users_group_id'), nullable=False)

    permission_id = Column(Integer(), ForeignKey('permissions.permission_id'), nullable=False)

    users_group = relationship('UserGroup')

    permission = relationship('Permission')

class UserRepoGroupToPerm(Base, BaseDbModel):

    __tablename__ = 'user_repo_group_to_perm'

    __table_args__ = (

        UniqueConstraint('user_id', 'group_id', 'permission_id'),

        _table_args_default_dict,

    )

class CacheInvalidation(Base, BaseDbModel):

    __tablename__ = 'cache_invalidation'

    __table_args__ = (

        Index('key_idx', 'cache_key'),

        _table_args_default_dict,

    )

    # cache_id, not used

    cache_id = Column(Integer(), primary_key=True)

    # cache_key as created by _get_cache_key

    cache_key = Column(Unicode(255), nullable=False, unique=True)

    # cache_args is a repo_name

    cache_args = Column(Unicode(255), nullable=False)

    # instance sets cache_active True when it is caching, other instances set

    # cache_active to False to indicate that this cache is invalid

    cache_active = Column(Boolean(), nullable=False, default=False)

    def __init__(self, cache_key, repo_name=''):

        self.cache_key = cache_key

        self.cache_args = repo_name

        self.cache_active = False

            self.__class__.__name__,