Changeset - f734d107296e
Parent rev.
Child rev.
[Not reviewed]
default
0 2 0
Mads Kiilerich - 6 years ago 2020-03-30 12:07:06
mads@kiilerich.com
auth: for default permissions, use existing explicit query result values instead of following dot references in ORM result objects

There has been reports of spurious crashes on resolving references like
.repository from Permissions:

File ".../kallithea/lib/auth.py", line 678, in __wrapper
if self.check_permissions(user):
File ".../kallithea/lib/auth.py", line 718, in check_permissions
return user.has_repository_permission_level(repo_name, self.required_perm)
File ".../kallithea/lib/auth.py", line 450, in has_repository_permission_level
actual_perm = self.permissions['repositories'].get(repo_name)
File ".../kallithea/lib/vcs/utils/lazy.py", line 41, in __get__
value = self._func(obj)
File ".../kallithea/lib/auth.py", line 442, in permissions
return self.__get_perms(user=self, cache=False)
File ".../kallithea/lib/auth.py", line 498, in __get_perms
return compute(user_id, user_is_admin)
File ".../kallithea/lib/auth.py", line 190, in _cached_perms_data
r_k = perm.UserRepoToPerm.repository.repo_name
File ".../sqlalchemy/orm/attributes.py", line 285, in __get__
return self.impl.get(instance_state(instance), dict_)
File ".../sqlalchemy/orm/attributes.py", line 721, in get
value = self.callable_(state, passive)
File ".../sqlalchemy/orm/strategies.py", line 710, in _load_for_state
% (orm_util.state_str(state), self.key)

sqlalchemy.orm.exc.DetachedInstanceError: Parent instance <UserRepoToPerm at ...> is not bound to a Session; lazy load operation of attribute 'repository' cannot proceed (Background on this error at: http://sqlalche.me/e/bhk3)

Permissions are cached between requests: SA result records are stored in in
beaker.cache.sql_cache_short and resued in following requests after the initial
session as been removed. References in Permission objects would usually give
lazy lookup ... but not outside the original session, where we would get an
error like this.

Permissions are indeed implemented/used incorrectly. That might explain a part
of the problem. Even if not fully explaining or fixing this problem, it is
still worth fixing:

Permissions are fetched from the database using Session().query with multiple
class/table names (joined together in way that happens to match the references
specified in the table definitions) - including Repository. The results are
thus "structs" with selected objects. If repositories always were retrieved
using this selected repository, everything would be fine. In some places, this
was what we did.

But in some places, the code happened to do what was more intuitive: just use
.repository and rely on "lazy" resolving. SA was not aware that this one
already was present in the result struct, and would try to fetch it again. Best
case, that could be inefficient. Worst case, it would fail as we see here.

Fix this by only querying from one table but use the "joinedload" option to
also fetch other referenced tables in the same select. (This might
inefficiently return the main record multiple times ... but that was already
the case with the previous approach.)

This change is thus doing multiple things with circular dependencies that can't
be split up in minor parts without taking detours:

The existing repository join like:
.join((Repository, UserGroupRepoToPerm.repository_id == Repository.repo_id))
is thus replaced by:
.options(joinedload(UserGroupRepoToPerm.repository))

Since we only are doing Session.query() on one table, the results will be of
that type instead of "structs" with multiple objects. If only querying for
UserRepoToPerm this means:
- perm.UserRepoToPerm.repository becomes perm.repository
- perm.Permission.permission_name looked at the explicitly queried Permission
in the result struct - instead it should look in the the dereferenced
repository as perm.permission.permission_name
2 files changed with 41 insertions and 46 deletions:
kallithea/lib/auth.py
32
37
kallithea/model/db.py
9
9
0 comments (0 inline, 0 general)
kallithea/lib/auth.py
Show inline comments
 
# -*- coding: utf-8 -*-
 
# This program is free software: you can redistribute it and/or modify
 
# it under the terms of the GNU General Public License as published by
 
# the Free Software Foundation, either version 3 of the License, or
 
# (at your option) any later version.
 
#
 
# This program is distributed in the hope that it will be useful,
 
# but WITHOUT ANY WARRANTY; without even the implied warranty of
 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 
# GNU General Public License for more details.
 
#
 
# You should have received a copy of the GNU General Public License
 
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
"""
 
kallithea.lib.auth
 
~~~~~~~~~~~~~~~~~~
 

			




	
	
	
		
 
authentication and permission libraries

			




	
	
	
		
 

			




	
	
	
		
 
This file was forked by the Kallithea project in July 2014.

			




	
	
	
		
 
Original author and date, and relevant copyright and licensing information is below:

			




	
	
	
		
 
:created_on: Apr 4, 2010

			




	
	
	
		
 
:author: marcink

			




	
	
	
		
 
:copyright: (c) 2013 RhodeCode GmbH, and others.

			




	
	
	
		
 
:license: GPLv3, see LICENSE.md for more details.

			




	
	
	
		
 
"""

			




	
	
	
		
 
import hashlib

			




	
	
	
		
 
import itertools

			




	
	
	
		
 
import logging

			




	
	
	
		
 
import os

			




	
	
	
		
 
import string

			




	
	
	
		
 

			




	
	
	
		
 
import bcrypt

			




	
	
	
		
 
import ipaddr

			




	
	
	
		
 
from decorator import decorator

			




	
	
	
		
 
from sqlalchemy.orm import joinedload

			




	
	
	
		
 
from sqlalchemy.orm.exc import ObjectDeletedError

			




	
	
	
		
 
from tg import request

			




	
	
	
		
 
from tg.i18n import ugettext as _

			




	
	
	
		
 
from webob.exc import HTTPForbidden, HTTPFound

			




	
	
	
		
 

			




	
	
	
		
 
from kallithea.config.routing import url

			




	
	
	
		
 
from kallithea.lib.caching_query import FromCache

			




	
	
	
		
 
from kallithea.lib.utils import conditional_cache, get_repo_group_slug, get_repo_slug, get_user_group_slug

			




	
	
	
		
 
from kallithea.lib.utils2 import ascii_bytes, ascii_str, safe_bytes

			




	
	
	
		
 
from kallithea.lib.vcs.utils.lazy import LazyProperty

			




	
	
	
		
 
from kallithea.model.db import (Permission, RepoGroup, Repository, User, UserApiKeys, UserGroup, UserGroupMember, UserGroupRepoGroupToPerm, UserGroupRepoToPerm,

			




	
	
	
		
 
                                UserGroupToPerm, UserGroupUserGroupToPerm, UserIpMap, UserToPerm)

			




	
	
	
		
 
from kallithea.model.db import (Permission, User, UserApiKeys, UserGroup, UserGroupMember, UserGroupRepoGroupToPerm, UserGroupRepoToPerm, UserGroupToPerm,

			




	
	
	
		
 
                                UserGroupUserGroupToPerm, UserIpMap, UserToPerm)

			




	
	
	
		
 
from kallithea.model.meta import Session

			




	
	
	
		
 
from kallithea.model.user import UserModel

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
log = logging.getLogger(__name__)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class PasswordGenerator(object):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    This is a simple class for generating password from different sets of

			




	
	
	
		
 
    characters

			




	
	
	
		
 
    usage::

			




	
	
	
		
 

			




	
	
	
		
 
        passwd_gen = PasswordGenerator()

			




	
	
	
		
 
        #print 8-letter password containing only big and small letters

			




	
	
	
		
 
            of alphabet

			




	
	
	
		
 
        passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)

			




	
	
	
		
 
    """

			




	
	
	
		
 
    ALPHABETS_NUM = r'''1234567890'''

			




	
	
	
		
 
    ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''

			




	
	
	
		
 
    ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''

			




	
	
	
		
 
    ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''

			




	
	
	
		
 
    ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \

			




	
	
	
		
 
        + ALPHABETS_NUM + ALPHABETS_SPECIAL

			




	
	
	
		
 
    ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM

			




	
	
	
		
 
    ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL

			




	
	
	
		
 
    ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM

			




	
	
	
		
 
    ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM

			




	
	
	
		
 

			




	
	
	
		
 
    def gen_password(self, length, alphabet=ALPHABETS_FULL):

			




	
	
	
		
 
        assert len(alphabet) <= 256, alphabet

			




	
	
	
		
 
        l = []

			




	
	
	
		
 
        while len(l) < length:

			




	
	
	
		
 
            i = ord(os.urandom(1))

			




	
	
	
		
 
            if i < len(alphabet):

			




	
	
	
		
 
                l.append(alphabet[i])

			




	
	
	
		
 
        return ''.join(l)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def get_crypt_password(password):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Cryptographic function used for bcrypt password hashing.

			




	
	
	
		
 

			




	
	
	
		
 
    :param password: password to hash

			




	
	
	
		
 
    """

			




	
	
	
		
 
    return ascii_str(bcrypt.hashpw(safe_bytes(password), bcrypt.gensalt(10)))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def check_password(password, hashed):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Checks password match the hashed value using bcrypt.

			




	
	
	
		
 
    Remains backwards compatible and accept plain sha256 hashes which used to

			




	
	
	
		
 
    be used on Windows.

			




	
	
	
		
 

			




	
	
	
		
 
    :param password: password

			




	
	
	
		
 
    :param hashed: password in hashed form

			




	
	
	
		
 
    """

			




	
	
	
		
 
    # sha256 hashes will always be 64 hex chars

			




	
	
	
		
 
    # bcrypt hashes will always contain $ (and be shorter)

			




	
	
	
		
 
    if len(hashed) == 64 and all(x in string.hexdigits for x in hashed):

			




	
	
	
		
 
        return hashlib.sha256(password).hexdigest() == hashed

			




	
	
	
		
 
    try:

			




	
	
	
		
 
        return bcrypt.checkpw(safe_bytes(password), ascii_bytes(hashed))

			




	
	
	
		
 
    except ValueError as e:

			




	
	
	
		
 
        # bcrypt will throw ValueError 'Invalid hashed_password salt' on all password errors

			




	
	
	
		
 
        log.error('error from bcrypt checking password: %s', e)

			




	
	
	
		
 
        return False

			




	
	
	
		
 
    log.error('check_password failed - no method found for hash length %s', len(hashed))

			




	
	
	
		
 
    return False

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def _cached_perms_data(user_id, user_is_admin):

			




	
	
	
		
 
    RK = 'repositories'

			




	
	
	
		
 
    GK = 'repositories_groups'

			




	
	
	
		
 
    UK = 'user_groups'

			




	
	
	
		
 
    GLOBAL = 'global'

			




	
	
	
		
 
    PERM_WEIGHTS = Permission.PERM_WEIGHTS

			




	
	
	
		
 
    permissions = {RK: {}, GK: {}, UK: {}, GLOBAL: set()}

			




	
	
	
		
 

			




	
	
	
		
 
    def bump_permission(kind, key, new_perm):

			




	
	
	
		
 
        """Add a new permission for kind and key.

			




	
	
	
		
 
        Assuming the permissions are comparable, set the new permission if it

			




	
	
	
		
 
        has higher weight, else drop it and keep the old permission.

			




	
	
	
		
 
        """

			




	
	
	
		
 
        cur_perm = permissions[kind][key]

			




	
	
	
		
 
        new_perm_val = PERM_WEIGHTS[new_perm]

			




	
	
	
		
 
        cur_perm_val = PERM_WEIGHTS[cur_perm]

			




	
	
	
		
 
        if new_perm_val > cur_perm_val:

			




	
	
	
		
 
            permissions[kind][key] = new_perm

			




	
	
	
		
 

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    # fetch default permissions

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    default_user = User.get_by_username('default', cache=True)

			




	
	
	
		
 
    default_user_id = default_user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
    default_repo_perms = Permission.get_default_perms(default_user_id)

			




	
	
	
		
 
    default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)

			




	
	
	
		
 
    default_user_group_perms = Permission.get_default_user_group_perms(default_user_id)

			




	
	
	
		
 

			




	
	
	
		
 
    if user_is_admin:

			




	
	
	
		
 
        #==================================================================

			




	
	
	
		
 
        # admin users have all rights;

			




	
	
	
		
 
        # based on default permissions, just set everything to admin

			




	
	
	
		
 
        #==================================================================

			




	
	
	
		
 
        permissions[GLOBAL].add('hg.admin')

			




	
	
	
		
 
        permissions[GLOBAL].add('hg.create.write_on_repogroup.true')

			




	
	
	
		
 

			




	
	
	
		
 
        # repositories

			




	
	
	
		
 
        for perm in default_repo_perms:

			




	
	
	
		
 
            r_k = perm.UserRepoToPerm.repository.repo_name

			




	
	
	
		
 
            r_k = perm.repository.repo_name

			




	
	
	
		
 
            p = 'repository.admin'

			




	
	
	
		
 
            permissions[RK][r_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
        # repository groups

			




	
	
	
		
 
        for perm in default_repo_groups_perms:

			




	
	
	
		
 
            rg_k = perm.UserRepoGroupToPerm.group.group_name

			




	
	
	
		
 
            rg_k = perm.group.group_name

			




	
	
	
		
 
            p = 'group.admin'

			




	
	
	
		
 
            permissions[GK][rg_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
        # user groups

			




	
	
	
		
 
        for perm in default_user_group_perms:

			




	
	
	
		
 
            u_k = perm.UserUserGroupToPerm.user_group.users_group_name

			




	
	
	
		
 
            u_k = perm.user_group.users_group_name

			




	
	
	
		
 
            p = 'usergroup.admin'

			




	
	
	
		
 
            permissions[UK][u_k] = p

			




	
	
	
		
 
        return permissions

			




	
	
	
		
 

			




	
	
	
		
 
    #==================================================================

			




	
	
	
		
 
    # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS

			




	
	
	
		
 
    #==================================================================

			




	
	
	
		
 

			




	
	
	
		
 
    # default global permissions taken from the default user

			




	
	
	
		
 
    default_global_perms = UserToPerm.query() \

			




	
	
	
		
 
        .filter(UserToPerm.user_id == default_user_id) \

			




	
	
	
		
 
        .options(joinedload(UserToPerm.permission))

			




	
	
	
		
 

			




	
	
	
		
 
    for perm in default_global_perms:

			




	
	
	
		
 
        permissions[GLOBAL].add(perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
    # defaults for repositories, taken from default user

			




	
	
	
		
 
    for perm in default_repo_perms:

			




	
	
	
		
 
        r_k = perm.UserRepoToPerm.repository.repo_name

			




	
	
	
		
 
        if perm.Repository.owner_id == user_id:

			




	
	
	
		
 
        r_k = perm.repository.repo_name

			




	
	
	
		
 
        if perm.repository.owner_id == user_id:

			




	
	
	
		
 
            p = 'repository.admin'

			




	
	
	
		
 
        elif perm.Repository.private:

			




	
	
	
		
 
        elif perm.repository.private:

			




	
	
	
		
 
            p = 'repository.none'

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            p = perm.Permission.permission_name

			




	
	
	
		
 
            p = perm.permission.permission_name

			




	
	
	
		
 
        permissions[RK][r_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
    # defaults for repository groups taken from default user permission

			




	
	
	
		
 
    # on given group

			




	
	
	
		
 
    for perm in default_repo_groups_perms:

			




	
	
	
		
 
        rg_k = perm.UserRepoGroupToPerm.group.group_name

			




	
	
	
		
 
        p = perm.Permission.permission_name

			




	
	
	
		
 
        rg_k = perm.group.group_name

			




	
	
	
		
 
        p = perm.permission.permission_name

			




	
	
	
		
 
        permissions[GK][rg_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
    # defaults for user groups taken from default user permission

			




	
	
	
		
 
    # on given user group

			




	
	
	
		
 
    for perm in default_user_group_perms:

			




	
	
	
		
 
        u_k = perm.UserUserGroupToPerm.user_group.users_group_name

			




	
	
	
		
 
        p = perm.Permission.permission_name

			




	
	
	
		
 
        u_k = perm.user_group.users_group_name

			




	
	
	
		
 
        p = perm.permission.permission_name

			




	
	
	
		
 
        permissions[UK][u_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    # !! Augment GLOBALS with user permissions if any found !!

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 

			




	
	
	
		
 
    # USER GROUPS comes first

			




	
	
	
		
 
    # user group global permissions

			




	
	
	
		
 
    user_perms_from_users_groups = Session().query(UserGroupToPerm) \

			




	
	
	
		
 
        .options(joinedload(UserGroupToPerm.permission)) \

			




	
	
	
		
 
        .join((UserGroupMember, UserGroupToPerm.users_group_id ==

			




	
	
	
		
 
               UserGroupMember.users_group_id)) \

			




	
	
	
		
 
        .filter(UserGroupMember.user_id == user_id) \

			




	
	
	
		
 
        .join((UserGroup, UserGroupMember.users_group_id ==

			




	
	
	
		
 
               UserGroup.users_group_id)) \

			




	
	
	
		
 
        .filter(UserGroup.users_group_active == True) \

			




	
	
	
		
 
        .order_by(UserGroupToPerm.users_group_id) \

			




	
	
	
		
 
        .all()

			




	
	
	
		
 
    # need to group here by groups since user can be in more than

			




	
	
	
		
 
    # one group

			




	
	
	
		
 
    _grouped = [[x, list(y)] for x, y in

			




	
	
	
		
 
                itertools.groupby(user_perms_from_users_groups,

			




	
	
	
		
 
                                  lambda x:x.users_group)]

			




	
	
	
		
 
    for gr, perms in _grouped:

			




	
	
	
		
 
        for perm in perms:

			




	
	
	
		
 
            permissions[GLOBAL].add(perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
    # user specific global permissions

			




	
	
	
		
 
    user_perms = Session().query(UserToPerm) \

			




	
	
	
		
 
            .options(joinedload(UserToPerm.permission)) \

			




	
	
	
		
 
            .filter(UserToPerm.user_id == user_id).all()

			




	
	
	
		
 

			




	
	
	
		
 
    for perm in user_perms:

			




	
	
	
		
 
        permissions[GLOBAL].add(perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
    # for each kind of global permissions, only keep the one with heighest weight

			




	
	
	
		
 
    kind_max_perm = {}

			




	
	
	
		
 
    for perm in sorted(permissions[GLOBAL], key=lambda n: PERM_WEIGHTS[n]):

			




	
	
	
		
 
        kind = perm.rsplit('.', 1)[0]

			




	
	
	
		
 
        kind_max_perm[kind] = perm

			




	
	
	
		
 
    permissions[GLOBAL] = set(kind_max_perm.values())

			




	
	
	
		
 
    ## END GLOBAL PERMISSIONS

			




	
	
	
		
 

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    # !! PERMISSIONS FOR REPOSITORIES !!

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    # check if user is part of user groups for this repository and

			




	
	
	
		
 
    # fill in his permission from it.

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 

			




	
	
	
		
 
    # user group for repositories permissions

			




	
	
	
		
 
    user_repo_perms_from_users_groups = \

			




	
	
	
		
 
     Session().query(UserGroupRepoToPerm, Permission, Repository,) \

			




	
	
	
		
 
        .join((Repository, UserGroupRepoToPerm.repository_id ==

			




	
	
	
		
 
               Repository.repo_id)) \

			




	
	
	
		
 
        .join((Permission, UserGroupRepoToPerm.permission_id ==

			




	
	
	
		
 
               Permission.permission_id)) \

			




	
	
	
		
 
     Session().query(UserGroupRepoToPerm) \

			




	
	
	
		
 
        .join((UserGroup, UserGroupRepoToPerm.users_group_id ==

			




	
	
	
		
 
               UserGroup.users_group_id)) \

			




	
	
	
		
 
        .filter(UserGroup.users_group_active == True) \

			




	
	
	
		
 
        .join((UserGroupMember, UserGroupRepoToPerm.users_group_id ==

			




	
	
	
		
 
               UserGroupMember.users_group_id)) \

			




	
	
	
		
 
        .filter(UserGroupMember.user_id == user_id) \

			




	
	
	
		
 
        .options(joinedload(UserGroupRepoToPerm.repository)) \

			




	
	
	
		
 
        .options(joinedload(UserGroupRepoToPerm.permission)) \

			




	
	
	
		
 
        .all()

			




	
	
	
		
 

			




	
	
	
		
 
    for perm in user_repo_perms_from_users_groups:

			




	
	
	
		
 
        bump_permission(RK,

			




	
	
	
		
 
            perm.UserGroupRepoToPerm.repository.repo_name,

			




	
	
	
		
 
            perm.Permission.permission_name)

			




	
	
	
		
 
            perm.repository.repo_name,

			




	
	
	
		
 
            perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
    # user permissions for repositories

			




	
	
	
		
 
    user_repo_perms = Permission.get_default_perms(user_id)

			




	
	
	
		
 
    for perm in user_repo_perms:

			




	
	
	
		
 
        bump_permission(RK,

			




	
	
	
		
 
            perm.UserRepoToPerm.repository.repo_name,

			




	
	
	
		
 
            perm.Permission.permission_name)

			




	
	
	
		
 
            perm.repository.repo_name,

			




	
	
	
		
 
            perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    # !! PERMISSIONS FOR REPOSITORY GROUPS !!

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    # check if user is part of user groups for this repository groups and

			




	
	
	
		
 
    # fill in his permission from it.

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    # user group for repo groups permissions

			




	
	
	
		
 
    user_repo_group_perms_from_users_groups = \

			




	
	
	
		
 
     Session().query(UserGroupRepoGroupToPerm, Permission, RepoGroup) \

			




	
	
	
		
 
     .join((RepoGroup, UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id)) \

			




	
	
	
		
 
     .join((Permission, UserGroupRepoGroupToPerm.permission_id

			




	
	
	
		
 
            == Permission.permission_id)) \

			




	
	
	
		
 
     Session().query(UserGroupRepoGroupToPerm) \

			




	
	
	
		
 
     .join((UserGroup, UserGroupRepoGroupToPerm.users_group_id ==

			




	
	
	
		
 
            UserGroup.users_group_id)) \

			




	
	
	
		
 
     .filter(UserGroup.users_group_active == True) \

			




	
	
	
		
 
     .join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id

			




	
	
	
		
 
            == UserGroupMember.users_group_id)) \

			




	
	
	
		
 
     .filter(UserGroupMember.user_id == user_id) \

			




	
	
	
		
 
     .options(joinedload(UserGroupRepoGroupToPerm.permission)) \

			




	
	
	
		
 
     .all()

			




	
	
	
		
 

			




	
	
	
		
 
    for perm in user_repo_group_perms_from_users_groups:

			




	
	
	
		
 
        bump_permission(GK,

			




	
	
	
		
 
            perm.UserGroupRepoGroupToPerm.group.group_name,

			




	
	
	
		
 
            perm.Permission.permission_name)

			




	
	
	
		
 
            perm.group.group_name,

			




	
	
	
		
 
            perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
    # user explicit permissions for repository groups

			




	
	
	
		
 
    user_repo_groups_perms = Permission.get_default_group_perms(user_id)

			




	
	
	
		
 
    for perm in user_repo_groups_perms:

			




	
	
	
		
 
        bump_permission(GK,

			




	
	
	
		
 
            perm.UserRepoGroupToPerm.group.group_name,

			




	
	
	
		
 
            perm.Permission.permission_name)

			




	
	
	
		
 
            perm.group.group_name,

			




	
	
	
		
 
            perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    # !! PERMISSIONS FOR USER GROUPS !!

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    # user group for user group permissions

			




	
	
	
		
 
    user_group_user_groups_perms = \

			




	
	
	
		
 
     Session().query(UserGroupUserGroupToPerm, Permission, UserGroup) \

			




	
	
	
		
 
     Session().query(UserGroupUserGroupToPerm) \

			




	
	
	
		
 
     .join((UserGroup, UserGroupUserGroupToPerm.target_user_group_id

			




	
	
	
		
 
            == UserGroup.users_group_id)) \

			




	
	
	
		
 
     .join((Permission, UserGroupUserGroupToPerm.permission_id

			




	
	
	
		
 
            == Permission.permission_id)) \

			




	
	
	
		
 
     .join((UserGroupMember, UserGroupUserGroupToPerm.user_group_id

			




	
	
	
		
 
            == UserGroupMember.users_group_id)) \

			




	
	
	
		
 
     .filter(UserGroupMember.user_id == user_id) \

			




	
	
	
		
 
     .join((UserGroup, UserGroupMember.users_group_id ==

			




	
	
	
		
 
            UserGroup.users_group_id), aliased=True, from_joinpoint=True) \

			




	
	
	
		
 
     .filter(UserGroup.users_group_active == True) \

			




	
	
	
		
 
     .options(joinedload(UserGroupUserGroupToPerm.permission)) \

			




	
	
	
		
 
     .all()

			




	
	
	
		
 

			




	
	
	
		
 
    for perm in user_group_user_groups_perms:

			




	
	
	
		
 
        bump_permission(UK,

			




	
	
	
		
 
            perm.UserGroupUserGroupToPerm.target_user_group.users_group_name,

			




	
	
	
		
 
            perm.Permission.permission_name)

			




	
	
	
		
 
            perm.target_user_group.users_group_name,

			




	
	
	
		
 
            perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
    # user explicit permission for user groups

			




	
	
	
		
 
    user_user_groups_perms = Permission.get_default_user_group_perms(user_id)

			




	
	
	
		
 
    for perm in user_user_groups_perms:

			




	
	
	
		
 
        bump_permission(UK,

			




	
	
	
		
 
            perm.UserUserGroupToPerm.user_group.users_group_name,

			




	
	
	
		
 
            perm.Permission.permission_name)

			




	
	
	
		
 
            perm.user_group.users_group_name,

			




	
	
	
		
 
            perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
    return permissions

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class AuthUser(object):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Represents a Kallithea user, including various authentication and

			




	
	
	
		
 
    authorization information. Typically used to store the current user,

			




	
	
	
		
 
    but is also used as a generic user information data structure in

			




	
	
	
		
 
    parts of the code, e.g. user management.

			




	
	
	
		
 

			




	
	
	
		
 
    Constructed from a database `User` object, a user ID or cookie dict,

			




	
	
	
		
 
    it looks up the user (if needed) and copies all attributes to itself,

			




	
	
	
		
 
    adding various non-persistent data. If lookup fails but anonymous

			




	
	
	
		
 
    access to Kallithea is enabled, the default user is loaded instead.

			




	
	
	
		
 

			




	
	
	
		
 
    `AuthUser` does not by itself authenticate users. It's up to other parts of

			




	
	
	
		
 
    the code to check e.g. if a supplied password is correct, and if so, trust

			




	
	
	
		
 
    the AuthUser object as an authenticated user.

			




	
	
	
		
 

			




	
	
	
		
 
    However, `AuthUser` does refuse to load a user that is not `active`.

			




	
	
	
		
 

			




	
	
	
		
 
    Note that Kallithea distinguishes between the default user (an actual

			




	
	
	
		
 
    user in the database with username "default") and "no user" (no actual

			




	
	
	
		
 
    User object, AuthUser filled with blank values and username "None").

			




	
	
	
		
 

			




	
	
	
		
 
    If the default user is active, that will always be used instead of

			




	
	
	
		
 
    "no user". On the other hand, if the default user is disabled (and

			




	
	
	
		
 
    there is no login information), we instead get "no user"; this should

			




	
	
	
		
 
    only happen on the login page (as all other requests are redirected).

			




	
	
	
		
 

			




	
	
	
		
 
    `is_default_user` specifically checks if the AuthUser is the user named

			




	
	
	
		
 
    "default". Use `is_anonymous` to check for both "default" and "no user".

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def make(cls, dbuser=None, is_external_auth=False, ip_addr=None):

			




	
	
	
		
 
        """Create an AuthUser to be authenticated ... or return None if user for some reason can't be authenticated.

			




	
	
	
		
 
        Checks that a non-None dbuser is provided, is active, and that the IP address is ok.

			




	
	
	
		
 
        """

			




	
	
	
		
 
        assert ip_addr is not None

			




	
	
	
		
 
        if dbuser is None:

			




	
	
	
		
 
            log.info('No db user for authentication')

			




	
	
	
		
 
            return None

			




	
	
	
		
 
        if not dbuser.active:

			




	
	
	
		
 
            log.info('Db user %s not active', dbuser.username)

			




	
	
	
		
 
            return None

			




	
	
	
		
 
        allowed_ips = AuthUser.get_allowed_ips(dbuser.user_id, cache=True)

			




	
	
	
		
 
        if not check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips):

			




	
	
	
		
 
            log.info('Access for %s from %s forbidden - not in %s', dbuser.username, ip_addr, allowed_ips)

			




	
	
	
		
 
            return None

			




	
	
	
		
 
        return cls(dbuser=dbuser, is_external_auth=is_external_auth)

			




	
	
	
		
 

			




	
	
	
		
 
    def __init__(self, user_id=None, dbuser=None, is_external_auth=False):

			




	
	
	
		
 
        self.is_external_auth = is_external_auth # container auth - don't show logout option

			




	
	
	
		
 

			




	
	
	
		
 
        # These attributes will be overridden below if the requested user is

			




	
	
	
		
 
        # found or anonymous access (using the default user) is enabled.

			




	
	
	
		
 
        self.user_id = None

			




	
	
	
		
 
        self.username = None

			




	
	
	
		
 
        self.api_key = None

			




	
	
	
		
 
        self.name = ''

			




	
	
	
		
 
        self.lastname = ''

			




	
	
	
		
 
        self.email = ''

			




	
	
	
		
 
        self.admin = False

			




	
	
	
		
 

			




	
	
	
		
 
        # Look up database user, if necessary.

			




	
	
	
		
 
        if user_id is not None:

			




	
	
	
		
 
            assert dbuser is None

			




	
	
	
		
 
            log.debug('Auth User lookup by USER ID %s', user_id)

			




	
	
	
		
 
            dbuser = UserModel().get(user_id)

			




	
	
	
		
 
            assert dbuser is not None

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            assert dbuser is not None

			




	
	
	
		
 
            log.debug('Auth User lookup by database user %s', dbuser)

			




	
	
	
		
 

			




	
	
	
		
 
        log.debug('filling %s data', dbuser)

			




	
	
	
		
 
        self.is_anonymous = dbuser.is_default_user

			




	
	
	
		
 
        if dbuser.is_default_user and not dbuser.active:

			




	
	
	
		
 
            self.username = 'None'

			




	
	
	
		
 
            self.is_default_user = False

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            # copy non-confidential database fields from a `db.User` to this `AuthUser`.

			




	
	
	
		
 
            for k, v in dbuser.get_dict().items():

			




	
	
	
		
 
                assert k not in ['api_keys', 'permissions']

			




	
	
	
		
 
                setattr(self, k, v)

			




	
	
	
		
 
            self.is_default_user = dbuser.is_default_user

			




	
	
	
		
 
        log.debug('Auth User is now %s', self)

			




	
	
	
		
 

			




	
	
	
		
 
    @LazyProperty

			




	
	
	
		
 
    def permissions(self):

			




	
	
	
		
 
        return self.__get_perms(user=self, cache=False)

			




	
	
	
		
 

			




	
	
	
		
 
    def has_repository_permission_level(self, repo_name, level, purpose=None):

			




	
	
	
		
 
        required_perms = {

			




	
	
	
		
 
            'read': ['repository.read', 'repository.write', 'repository.admin'],

			




	
	
	
		
 
            'write': ['repository.write', 'repository.admin'],

			




	
	
	
		
 
            'admin': ['repository.admin'],

			




	
	
	
		
 
        }[level]

			




	
	
	
		
 
        actual_perm = self.permissions['repositories'].get(repo_name)

			




	
	
	
		
 
        ok = actual_perm in required_perms

			




	
	
	
		
 
        log.debug('Checking if user %r can %r repo %r (%s): %s (has %r)',

			




	
	
	
		
 
            self.username, level, repo_name, purpose, ok, actual_perm)

			




	
	
	
		
 
        return ok

			




	
	
	
		
 

			




	
	
	
		
 
    def has_repository_group_permission_level(self, repo_group_name, level, purpose=None):

			




	
	
	
		
 
        required_perms = {

			




	
	
	
		
 
            'read': ['group.read', 'group.write', 'group.admin'],

			




	
	
	
		
 
            'write': ['group.write', 'group.admin'],

			




	
	
	
		
 
            'admin': ['group.admin'],

			




	
	
	
		
 
        }[level]

			




	
	
	
		
 
        actual_perm = self.permissions['repositories_groups'].get(repo_group_name)

			




	
	
	
		
 
        ok = actual_perm in required_perms

			




	
	
	
		
 
        log.debug('Checking if user %r can %r repo group %r (%s): %s (has %r)',

			




	
	
	
		
 
            self.username, level, repo_group_name, purpose, ok, actual_perm)

			




	
	
	
		
 
        return ok

			




	
	
	
		
 

			




	
	
	
		
 
    def has_user_group_permission_level(self, user_group_name, level, purpose=None):

			




	
	
	
		
 
        required_perms = {

			




	
	
	
		
 
            'read': ['usergroup.read', 'usergroup.write', 'usergroup.admin'],

			




	
	
	
		
 
            'write': ['usergroup.write', 'usergroup.admin'],

			




	
	
	
		
 
            'admin': ['usergroup.admin'],

			




	
	
	
		
 
        }[level]

			




	
	
	
		
 
        actual_perm = self.permissions['user_groups'].get(user_group_name)

			




	
	
	
		
 
        ok = actual_perm in required_perms

			




	
	
	
		
 
        log.debug('Checking if user %r can %r user group %r (%s): %s (has %r)',

			




	
	
	
		
 
            self.username, level, user_group_name, purpose, ok, actual_perm)

			




	
	
	
		
 
        return ok

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def api_keys(self):

			




	
	
	
		
 
        return self._get_api_keys()

			




	
	
	
		
 

			




	
	
	
		
 
    def __get_perms(self, user, cache=False):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Fills user permission attribute with permissions taken from database

			




	
	
	
		
 
        works for permissions given for repositories, and for permissions that

			




	
	
	
		
 
        are granted to groups

			




	
	
	
		
 

			




	
	
	
		
 
        :param user: `AuthUser` instance

			




	
	
	
		
 
        """

			




	
	
	
		
 
        user_id = user.user_id

			




	
	
	
		
 
        user_is_admin = user.is_admin

			




	
	
	
		
 

			




	
	
	
		
 
        log.debug('Getting PERMISSION tree')

			




	
	
	
		
 
        compute = conditional_cache('short_term', 'cache_desc',

			




	
	
	
		
 
                                    condition=cache, func=_cached_perms_data)

			




	
	
	
		
 
        return compute(user_id, user_is_admin)

			




	
	
	
		
 

			




	
	
	
		
 
    def _get_api_keys(self):

			




	
	
	
		
 
        api_keys = [self.api_key]

			




	
	
	
		
 
        for api_key in UserApiKeys.query() \

			




	
	
	
		
 
                .filter_by(user_id=self.user_id, is_expired=False):

			




	
	
	
		
 
            api_keys.append(api_key.api_key)

			




	
	
	
		
 

			




	
	
	
		
 
        return api_keys

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def is_admin(self):

			




	
	
	
		
 
        return self.admin

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def repositories_admin(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Returns list of repositories you're an admin of

			




	
	
	
		
 
        """

			




	
	
	
		
 
        return [x[0] for x in self.permissions['repositories'].items()

			




	
	
	
		
 
                if x[1] == 'repository.admin']

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def repository_groups_admin(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Returns list of repository groups you're an admin of

			




	
	
	
		
 
        """

			




	
	
	
		
 
        return [x[0] for x in self.permissions['repositories_groups'].items()

			




	
	
	
		
 
                if x[1] == 'group.admin']

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def user_groups_admin(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Returns list of user groups you're an admin of

			




	
	
	
		
 
        """

			




	
	
	
		
 
        return [x[0] for x in self.permissions['user_groups'].items()

			




	
	
	
		
 
                if x[1] == 'usergroup.admin']

			




	
	
	
		
 

			




	
	
	
		
 
    def __repr__(self):

			




	
	
	
		
 
        return "<%s %s: %r>" % (self.__class__.__name__, self.user_id, self.username)

			




	
	
	
		
 

			




	
	
	
		
 
    def to_cookie(self):

			




	
	
	
		
 
        """ Serializes this login session to a cookie `dict`. """

			




	
	
	
		
 
        return {

			




	
	
	
		
 
            'user_id': self.user_id,

			




	
	
	
		
 
            'is_external_auth': self.is_external_auth,

			




	
	
	
		
 
        }

			




	
	
	
		
 

			




	
	
	
		
 
    @staticmethod

			




	
	
	
		
 
    def from_cookie(cookie, ip_addr):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Deserializes an `AuthUser` from a cookie `dict` ... or return None.

			




	
	
	
		
 
        """

			




	
	
	
		
 
        return AuthUser.make(

			




	
	
	
		
 
            dbuser=UserModel().get(cookie.get('user_id')),

			




	
	
	
		
 
            is_external_auth=cookie.get('is_external_auth', False),

			




	
	
	
		
 
            ip_addr=ip_addr,

			




	
	
	
		
 
        )

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def get_allowed_ips(cls, user_id, cache=False):

			




	
	
	
		
 
        _set = set()

			




	
	
	
		
 

			




	
	
	
		
 
        default_ips = UserIpMap.query().filter(UserIpMap.user_id ==

			




	
	
	
		
 
                                        User.get_default_user(cache=True).user_id)

			




	
	
	
		
 
        if cache:

			




	
	
	
		
 
            default_ips = default_ips.options(FromCache("sql_cache_short",

			




	
	
	
		
 
                                              "get_user_ips_default"))

			




	
	
	
		
 
        for ip in default_ips:

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                _set.add(ip.ip_addr)

			




	
	
	
		
 
            except ObjectDeletedError:

			




	
	
	
		
 
                # since we use heavy caching sometimes it happens that we get

			




	
	
	
		
 
                # deleted objects here, we just skip them

			




	
	
	
		
 
                pass

			




	
	
	
		
 

			




	
	
	
		
 
        user_ips = UserIpMap.query().filter(UserIpMap.user_id == user_id)

			




	
	
	
		
 
        if cache:

			




	
	
	
		
 
            user_ips = user_ips.options(FromCache("sql_cache_short",

			




	
	
	
		
 
                                                  "get_user_ips_%s" % user_id))

			




	
	
	
		
 
        for ip in user_ips:

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                _set.add(ip.ip_addr)

			




	
	
	
		
 
            except ObjectDeletedError:

			




	
	
	
		
 
                # since we use heavy caching sometimes it happens that we get

			




	
	
	
		
 
                # deleted objects here, we just skip them

			




	
	
	
		
 
                pass

			




	
	
	
		
 
        return _set or set(['0.0.0.0/0', '::/0'])

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
#==============================================================================

			




	
	
	
		
 
# CHECK DECORATORS

			




	
	
	
		
 
#==============================================================================

			




	
	
	
		
 

			




	
	
	
		
 
def _redirect_to_login(message=None):

			




	
	
	
		
 
    """Return an exception that must be raised. It will redirect to the login

			




	
	
	
		
 
    page which will redirect back to the current URL after authentication.

			




	
	
	
		
 
    The optional message will be shown in a flash message."""

			




	
	
	
		
 
    from kallithea.lib import helpers as h

			




	
	
	
		
 
    if message:

			




	
	
	
		
 
        h.flash(message, category='warning')

			




	
	
	
		
 
    p = request.path_qs

			




	
	
	
		
 
    log.debug('Redirecting to login page, origin: %s', p)

			




	
	
	
		
 
    return HTTPFound(location=url('login_home', came_from=p))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
# Use as decorator

			




	
	
	
		
 
class LoginRequired(object):

			




	
	
	
		
 
    """Client must be logged in as a valid User, or we'll redirect to the login

			




	
	
	
		
 
    page.

			




	
	
	
		
 

			




	
	
	
		
 
    If the "default" user is enabled and allow_default_user is true, that is

			




	
	
	
		
 
    considered valid too.

			




	
	
	
		
 

			




	
	
	
		
 
    Also checks that IP address is allowed.

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    def __init__(self, allow_default_user=False):

			




	
	
	
		
 
        self.allow_default_user = allow_default_user

			




	
	
	
		
 

			




	
	
	
		
 
    def __call__(self, func):

			




	
	
	
		
 
        return decorator(self.__wrapper, func)

			




	
	
	
		
 

			




	
	
	
		
 
    def __wrapper(self, func, *fargs, **fkwargs):

			




	
	
	
		
 
        controller = fargs[0]

			




	
	
	
		
 
        user = request.authuser

			




	
	
	
		
 
        loc = "%s:%s" % (controller.__class__.__name__, func.__name__)

			




	
	
	
		
 
        log.debug('Checking access for user %s @ %s', user, loc)

			




	
	
	
		
 

			




	
	
	
		
 
        # regular user authentication

			




	
	
	
		
 
        if user.is_default_user:

			




	
	
	
		
 
            if self.allow_default_user:

			




	
	
	
		
 
                log.info('default user @ %s', loc)

			




	
	
	
		
 
                return func(*fargs, **fkwargs)

			




	
	
	
		
 
            log.info('default user is not accepted here @ %s', loc)

			




	
	
	
		
 
        elif user.is_anonymous: # default user is disabled and no proper authentication

			




	
	
	
		
 
            log.warning('user is anonymous and NOT authenticated with regular auth @ %s', loc)

			




	
	
	
		
 
        else: # regular authentication

			




	
	
	
		
 
            log.info('user %s authenticated with regular auth @ %s', user, loc)

			




	
	
	
		
 
            return func(*fargs, **fkwargs)

			




	
	
	
		
 
        raise _redirect_to_login()

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
# Use as decorator

			




	
	
	
		
 
class NotAnonymous(object):

			




	
	
	
		
 
    """Ensures that client is not logged in as the "default" user, and

			




	
	
	
		
 
    redirects to the login page otherwise. Must be used together with

			




	
	
	
		
 
    LoginRequired."""

			




	
	
	
		
 

			




	
	
	
		
 
    def __call__(self, func):

			




	
	
	
		
 
        return decorator(self.__wrapper, func)

			




	
	
	
		
 

			




	
	
	
		
 
    def __wrapper(self, func, *fargs, **fkwargs):

			




	
	
	
		
 
        cls = fargs[0]

			




	
	
	
		
 
        user = request.authuser

			




	
	
	
		
 

			




	
	
	
		
 
        log.debug('Checking that user %s is not anonymous @%s', user.username, cls)

			




	
	
	
		
 

			




	
	
	
		
 
        if user.is_default_user:

			




	
	
	
		
 
            raise _redirect_to_login(_('You need to be a registered user to '

			




	
	
	
		
 
                                       'perform this action'))

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            return func(*fargs, **fkwargs)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class _PermsDecorator(object):

			




	
	
	
		
 
    """Base class for controller decorators with multiple permissions"""

			




	
	
	
		
 

			




	
	
	
		
 
    def __init__(self, *required_perms):

			




	
	
	
		
 
        self.required_perms = required_perms # usually very short - a list is thus fine

			




	
	
	
		
 

			




	
	
	
		
 
    def __call__(self, func):

			




	
	
	
		
 
        return decorator(self.__wrapper, func)

			




	
	
	
		
 

			




	
	
	
		
 
    def __wrapper(self, func, *fargs, **fkwargs):

			




	
	
	
		
 
        cls = fargs[0]

			




	
	
	
		
 
        user = request.authuser

			




	
	
	
		
 
        log.debug('checking %s permissions %s for %s %s',

			




	
	
	
		
 
          self.__class__.__name__, self.required_perms, cls, user)

			




	
	
	
		
 

			




	
	
	
		
 
        if self.check_permissions(user):

			




	
	
	
		
 
            log.debug('Permission granted for %s %s', cls, user)

			




	
	
	
		
 
            return func(*fargs, **fkwargs)

			




	
	
	
		
 

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            log.info('Permission denied for %s %s', cls, user)

			




	
	
	
		
 
            if user.is_default_user:

			




	
	
	
		
 
                raise _redirect_to_login(_('You need to be signed in to view this page'))

			




	
	
	
		
 
            else:

			




	
	
	
		
 
                raise HTTPForbidden()

			




	
	
	
		
 

			




	
	
	
		
 
    def check_permissions(self, user):

			




	
	
	
		
 
        raise NotImplementedError()

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class HasPermissionAnyDecorator(_PermsDecorator):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Checks the user has any of the given global permissions.

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    def check_permissions(self, user):

			




	
	
	
		
 
        global_permissions = user.permissions['global'] # usually very short

			




	
	
	
		
 
        return any(p in global_permissions for p in self.required_perms)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class _PermDecorator(_PermsDecorator):

			




	
	
	
		
 
    """Base class for controller decorators with a single permission"""

			




	
	
	
		
 

			




	
	
	
		
 
    def __init__(self, required_perm):

			




	
	
	
		
 
        _PermsDecorator.__init__(self, [required_perm])

			




	
	
	
		
 
        self.required_perm = required_perm

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class HasRepoPermissionLevelDecorator(_PermDecorator):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Checks the user has at least the specified permission level for the requested repository.

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    def check_permissions(self, user):

			




	
	
	
		
 
        repo_name = get_repo_slug(request)

			




	
	
	
		
 
        return user.has_repository_permission_level(repo_name, self.required_perm)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class HasRepoGroupPermissionLevelDecorator(_PermDecorator):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Checks the user has any of given permissions for the requested repository group.

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    def check_permissions(self, user):

			




	
	
	
		
 
        repo_group_name = get_repo_group_slug(request)

			




	
	
	
		
 
        return user.has_repository_group_permission_level(repo_group_name, self.required_perm)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class HasUserGroupPermissionLevelDecorator(_PermDecorator):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Checks for access permission for any of given predicates for specific

			




	
	
	
		
 
    user group. In order to fulfill the request any of predicates must be meet

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    def check_permissions(self, user):

			




	
	
	
		
 
        user_group_name = get_user_group_slug(request)

			




	
	
	
		
 
        return user.has_user_group_permission_level(user_group_name, self.required_perm)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
#==============================================================================

			




	
	
	
		
 
# CHECK FUNCTIONS

			




	
	
	
		
 
#==============================================================================

			




	
	
	
		
 

			




	
	
	
		
 
class _PermsFunction(object):

			




	
	
	
		
 
    """Base function for other check functions with multiple permissions"""

			




	
	
	
		
 

			




	
	
	
		
 
    def __init__(self, *required_perms):

			




	
	
	
		
 
        self.required_perms = required_perms # usually very short - a list is thus fine

			




	
	
	
		
 

			




	
	
	
		
 
    def __bool__(self):

			




	
	
	
		
 
        """ Defend against accidentally forgetting to call the object

			




	
	
	
		
 
            and instead evaluating it directly in a boolean context,

			




	
	
	
		
 
            which could have security implications.

			




	
	
	
		
 
        """

			




	
	
	
		
 
        raise AssertionError(self.__class__.__name__ + ' is not a bool and must be called!')

			




	
	
	
		
 

			




	
	
	
		
 
    def __call__(self, *a, **b):

			




	
	
	
		
 
        raise NotImplementedError()

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class HasPermissionAny(_PermsFunction):

			




	
	
	
		
 

			




	
	
	
		
 
    def __call__(self, purpose=None):

			




	
	
	
		
 
        global_permissions = request.authuser.permissions['global'] # usually very short

			




	
	
	
		
 
        ok = any(p in global_permissions for p in self.required_perms)

			




	
	
	
		
 

			




	
	
	
		
 
        log.debug('Check %s for global %s (%s): %s',

			




	
	
	
		
 
            request.authuser.username, self.required_perms, purpose, ok)

			




	
	
	
		
 
        return ok

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class _PermFunction(_PermsFunction):

			




	
	
	
		
 
    """Base function for other check functions with a single permission"""

			




	
	
	
		
 

			




	
	
	
		
 
    def __init__(self, required_perm):

			




	
	
	
		
 
        _PermsFunction.__init__(self, [required_perm])

			




	
	
	
		
 
        self.required_perm = required_perm

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class HasRepoPermissionLevel(_PermFunction):

			




	
	
	
		
 

			




	
	
	
		
 
    def __call__(self, repo_name, purpose=None):

			




	
	
	
		
 
        return request.authuser.has_repository_permission_level(repo_name, self.required_perm, purpose)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class HasRepoGroupPermissionLevel(_PermFunction):

			




	
	
	
		
 

			




	
	
	
		
 
    def __call__(self, group_name, purpose=None):

			




	
	
	
		
 
        return request.authuser.has_repository_group_permission_level(group_name, self.required_perm, purpose)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class HasUserGroupPermissionLevel(_PermFunction):

			




	
	
	
		
 

			




	
	
	
		
 
    def __call__(self, user_group_name, purpose=None):

			




	
	
	
		
 
        return request.authuser.has_user_group_permission_level(user_group_name, self.required_perm, purpose)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
#==============================================================================

			




	
	
	
		
 
# SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH

			




	
	
	
		
 
#==============================================================================

			




	
	
	
		
 

			




	
	
	
		
 
class HasPermissionAnyMiddleware(object):

			




	
	
	
		
 
    def __init__(self, *perms):

			




	
	
	
		
 
        self.required_perms = set(perms)

			




	
	
	
		
 

			




	
	
	
		
 
    def __call__(self, authuser, repo_name, purpose=None):

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            ok = authuser.permissions['repositories'][repo_name] in self.required_perms

			




	
	
	
		
 
        except KeyError:

			




	
	
	
		
 
            ok = False

			




	
	
	
		
 

			




	
	
	
		
 
        log.debug('Middleware check %s for %s for repo %s (%s): %s', authuser.username, self.required_perms, repo_name, purpose, ok)

			




	
	
	
		
 
        return ok

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def check_ip_access(source_ip, allowed_ips=None):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Checks if source_ip is a subnet of any of allowed_ips.

			




	
	
	
		
 

			




	
	
	
		
 
    :param source_ip:

			




	
	
	
		
 
    :param allowed_ips: list of allowed ips together with mask

			




	
	
	
		
 
    """

			




	
	
	
		
 
    source_ip = source_ip.split('%', 1)[0]

			




	
	
	
		
 
    log.debug('checking if ip:%s is subnet of %s', source_ip, allowed_ips)

			




	
	
	
		
 
    if isinstance(allowed_ips, (tuple, list, set)):

			




	
	
	
		
 
        for ip in allowed_ips:

			




	
	
	
		
 
            if ipaddr.IPAddress(source_ip) in ipaddr.IPNetwork(ip):

			




	
	
	
		
 
                log.debug('IP %s is network %s',

			




	
	
	
		
 
                          ipaddr.IPAddress(source_ip), ipaddr.IPNetwork(ip))

			




	
	
	
		
 
                return True

			




	
	
	
		
 
    return False

			




        

    


    
    

    

        

                

                    kallithea/model/db.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -978,1557 +978,1557 @@ class Repository(Base, BaseDbModel):

			




	
	
	
		
 
    updated_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

			




	
	
	
		
 
    _landing_revision = Column("landing_revision", String(255), nullable=False)

			




	
	
	
		
 
    _changeset_cache = Column("changeset_cache", LargeBinary(), nullable=True) # JSON data # FIXME: not nullable?

			




	
	
	
		
 

			




	
	
	
		
 
    fork_id = Column(Integer(), ForeignKey('repositories.repo_id'), nullable=True)

			




	
	
	
		
 
    group_id = Column(Integer(), ForeignKey('groups.group_id'), nullable=True)

			




	
	
	
		
 

			




	
	
	
		
 
    owner = relationship('User')

			




	
	
	
		
 
    fork = relationship('Repository', remote_side=repo_id)

			




	
	
	
		
 
    group = relationship('RepoGroup')

			




	
	
	
		
 
    repo_to_perm = relationship('UserRepoToPerm', cascade='all', order_by='UserRepoToPerm.repo_to_perm_id')

			




	
	
	
		
 
    users_group_to_perm = relationship('UserGroupRepoToPerm', cascade='all')

			




	
	
	
		
 
    stats = relationship('Statistics', cascade='all', uselist=False)

			




	
	
	
		
 

			




	
	
	
		
 
    followers = relationship('UserFollowing',

			




	
	
	
		
 
                             primaryjoin='UserFollowing.follows_repository_id==Repository.repo_id',

			




	
	
	
		
 
                             cascade='all')

			




	
	
	
		
 
    extra_fields = relationship('RepositoryField',

			




	
	
	
		
 
                                cascade="all, delete-orphan")

			




	
	
	
		
 

			




	
	
	
		
 
    logs = relationship('UserLog')

			




	
	
	
		
 
    comments = relationship('ChangesetComment', cascade="all, delete-orphan")

			




	
	
	
		
 

			




	
	
	
		
 
    pull_requests_org = relationship('PullRequest',

			




	
	
	
		
 
                    primaryjoin='PullRequest.org_repo_id==Repository.repo_id',

			




	
	
	
		
 
                    cascade="all, delete-orphan")

			




	
	
	
		
 

			




	
	
	
		
 
    pull_requests_other = relationship('PullRequest',

			




	
	
	
		
 
                    primaryjoin='PullRequest.other_repo_id==Repository.repo_id',

			




	
	
	
		
 
                    cascade="all, delete-orphan")

			




	
	
	
		
 

			




	
	
	
		
 
    def __repr__(self):

			




	
	
	
		
 
        return "<%s %s: %r>" % (self.__class__.__name__,

			




	
	
	
		
 
                                  self.repo_id, self.repo_name)

			




	
	
	
		
 

			




	
	
	
		
 
    @hybrid_property

			




	
	
	
		
 
    def landing_rev(self):

			




	
	
	
		
 
        # always should return [rev_type, rev]

			




	
	
	
		
 
        if self._landing_revision:

			




	
	
	
		
 
            _rev_info = self._landing_revision.split(':')

			




	
	
	
		
 
            if len(_rev_info) < 2:

			




	
	
	
		
 
                _rev_info.insert(0, 'rev')

			




	
	
	
		
 
            return [_rev_info[0], _rev_info[1]]

			




	
	
	
		
 
        return [None, None]

			




	
	
	
		
 

			




	
	
	
		
 
    @landing_rev.setter

			




	
	
	
		
 
    def landing_rev(self, val):

			




	
	
	
		
 
        if ':' not in val:

			




	
	
	
		
 
            raise ValueError('value must be delimited with `:` and consist '

			




	
	
	
		
 
                             'of <rev_type>:<rev>, got %s instead' % val)

			




	
	
	
		
 
        self._landing_revision = val

			




	
	
	
		
 

			




	
	
	
		
 
    @hybrid_property

			




	
	
	
		
 
    def changeset_cache(self):

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            cs_cache = ext_json.loads(self._changeset_cache) # might raise on bad data

			




	
	
	
		
 
            cs_cache['raw_id'] # verify data, raise exception on error

			




	
	
	
		
 
            return cs_cache

			




	
	
	
		
 
        except (TypeError, KeyError, ValueError):

			




	
	
	
		
 
            return EmptyChangeset().__json__()

			




	
	
	
		
 

			




	
	
	
		
 
    @changeset_cache.setter

			




	
	
	
		
 
    def changeset_cache(self, val):

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            self._changeset_cache = ascii_bytes(ext_json.dumps(val))

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def query(cls, sorted=False):

			




	
	
	
		
 
        """Add Repository-specific helpers for common query constructs.

			




	
	
	
		
 

			




	
	
	
		
 
        sorted: if True, apply the default ordering (name, case insensitive).

			




	
	
	
		
 
        """

			




	
	
	
		
 
        q = super(Repository, cls).query()

			




	
	
	
		
 

			




	
	
	
		
 
        if sorted:

			




	
	
	
		
 
            q = q.order_by(sqlalchemy.func.lower(Repository.repo_name))

			




	
	
	
		
 

			




	
	
	
		
 
        return q

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def url_sep(cls):

			




	
	
	
		
 
        return URL_SEP

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def normalize_repo_name(cls, repo_name):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Normalizes os specific repo_name to the format internally stored inside

			




	
	
	
		
 
        database using URL_SEP

			




	
	
	
		
 

			




	
	
	
		
 
        :param cls:

			




	
	
	
		
 
        :param repo_name:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        return cls.url_sep().join(repo_name.split(os.sep))

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def guess_instance(cls, value):

			




	
	
	
		
 
        return super(Repository, cls).guess_instance(value, Repository.get_by_repo_name)

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def get_by_repo_name(cls, repo_name, case_insensitive=False):

			




	
	
	
		
 
        """Get the repo, defaulting to database case sensitivity.

			




	
	
	
		
 
        case_insensitive will be slower and should only be specified if necessary."""

			




	
	
	
		
 
        if case_insensitive:

			




	
	
	
		
 
            q = Session().query(cls).filter(sqlalchemy.func.lower(cls.repo_name) == sqlalchemy.func.lower(repo_name))

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            q = Session().query(cls).filter(cls.repo_name == repo_name)

			




	
	
	
		
 
        q = q.options(joinedload(Repository.fork)) \

			




	
	
	
		
 
                .options(joinedload(Repository.owner)) \

			




	
	
	
		
 
                .options(joinedload(Repository.group))

			




	
	
	
		
 
        return q.scalar()

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def get_by_full_path(cls, repo_full_path):

			




	
	
	
		
 
        base_full_path = os.path.realpath(cls.base_path())

			




	
	
	
		
 
        repo_full_path = os.path.realpath(repo_full_path)

			




	
	
	
		
 
        assert repo_full_path.startswith(base_full_path + os.path.sep)

			




	
	
	
		
 
        repo_name = repo_full_path[len(base_full_path) + 1:]

			




	
	
	
		
 
        repo_name = cls.normalize_repo_name(repo_name)

			




	
	
	
		
 
        return cls.get_by_repo_name(repo_name.strip(URL_SEP))

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def get_repo_forks(cls, repo_id):

			




	
	
	
		
 
        return cls.query().filter(Repository.fork_id == repo_id)

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def base_path(cls):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Returns base path where all repos are stored

			




	
	
	
		
 

			




	
	
	
		
 
        :param cls:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        q = Session().query(Ui) \

			




	
	
	
		
 
            .filter(Ui.ui_key == cls.url_sep())

			




	
	
	
		
 
        q = q.options(FromCache("sql_cache_short", "repository_repo_path"))

			




	
	
	
		
 
        return q.one().ui_value

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def forks(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Return forks of this repo

			




	
	
	
		
 
        """

			




	
	
	
		
 
        return Repository.get_repo_forks(self.repo_id)

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def parent(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Returns fork parent

			




	
	
	
		
 
        """

			




	
	
	
		
 
        return self.fork

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def just_name(self):

			




	
	
	
		
 
        return self.repo_name.split(Repository.url_sep())[-1]

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def groups_with_parents(self):

			




	
	
	
		
 
        groups = []

			




	
	
	
		
 
        group = self.group

			




	
	
	
		
 
        while group is not None:

			




	
	
	
		
 
            groups.append(group)

			




	
	
	
		
 
            group = group.parent_group

			




	
	
	
		
 
            assert group not in groups, group # avoid recursion on bad db content

			




	
	
	
		
 
        groups.reverse()

			




	
	
	
		
 
        return groups

			




	
	
	
		
 

			




	
	
	
		
 
    @LazyProperty

			




	
	
	
		
 
    def repo_path(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Returns base full path for that repository means where it actually

			




	
	
	
		
 
        exists on a filesystem

			




	
	
	
		
 
        """

			




	
	
	
		
 
        q = Session().query(Ui).filter(Ui.ui_key ==

			




	
	
	
		
 
                                              Repository.url_sep())

			




	
	
	
		
 
        q = q.options(FromCache("sql_cache_short", "repository_repo_path"))

			




	
	
	
		
 
        return q.one().ui_value

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def repo_full_path(self):

			




	
	
	
		
 
        p = [self.repo_path]

			




	
	
	
		
 
        # we need to split the name by / since this is how we store the

			




	
	
	
		
 
        # names in the database, but that eventually needs to be converted

			




	
	
	
		
 
        # into a valid system path

			




	
	
	
		
 
        p += self.repo_name.split(Repository.url_sep())

			




	
	
	
		
 
        return os.path.join(*p)

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def cache_keys(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Returns associated cache keys for that repo

			




	
	
	
		
 
        """

			




	
	
	
		
 
        return CacheInvalidation.query() \

			




	
	
	
		
 
            .filter(CacheInvalidation.cache_args == self.repo_name) \

			




	
	
	
		
 
            .order_by(CacheInvalidation.cache_key) \

			




	
	
	
		
 
            .all()

			




	
	
	
		
 

			




	
	
	
		
 
    def get_new_name(self, repo_name):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        returns new full repository name based on assigned group and new new

			




	
	
	
		
 

			




	
	
	
		
 
        :param group_name:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        path_prefix = self.group.full_path_splitted if self.group else []

			




	
	
	
		
 
        return Repository.url_sep().join(path_prefix + [repo_name])

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def _ui(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Creates an db based ui object for this repository

			




	
	
	
		
 
        """

			




	
	
	
		
 
        from kallithea.lib.utils import make_ui

			




	
	
	
		
 
        return make_ui()

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def is_valid(cls, repo_name):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        returns True if given repo name is a valid filesystem repository

			




	
	
	
		
 

			




	
	
	
		
 
        :param cls:

			




	
	
	
		
 
        :param repo_name:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        from kallithea.lib.utils import is_valid_repo

			




	
	
	
		
 

			




	
	
	
		
 
        return is_valid_repo(repo_name, cls.base_path())

			




	
	
	
		
 

			




	
	
	
		
 
    def get_api_data(self, with_revision_names=False,

			




	
	
	
		
 
                           with_pullrequests=False):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Common function for generating repo api data.

			




	
	
	
		
 
        Optionally, also return tags, branches, bookmarks and PRs.

			




	
	
	
		
 
        """

			




	
	
	
		
 
        repo = self

			




	
	
	
		
 
        data = dict(

			




	
	
	
		
 
            repo_id=repo.repo_id,

			




	
	
	
		
 
            repo_name=repo.repo_name,

			




	
	
	
		
 
            repo_type=repo.repo_type,

			




	
	
	
		
 
            clone_uri=repo.clone_uri,

			




	
	
	
		
 
            private=repo.private,

			




	
	
	
		
 
            created_on=repo.created_on,

			




	
	
	
		
 
            description=repo.description,

			




	
	
	
		
 
            landing_rev=repo.landing_rev,

			




	
	
	
		
 
            owner=repo.owner.username,

			




	
	
	
		
 
            fork_of=repo.fork.repo_name if repo.fork else None,

			




	
	
	
		
 
            enable_statistics=repo.enable_statistics,

			




	
	
	
		
 
            enable_downloads=repo.enable_downloads,

			




	
	
	
		
 
            last_changeset=repo.changeset_cache,

			




	
	
	
		
 
        )

			




	
	
	
		
 
        if with_revision_names:

			




	
	
	
		
 
            scm_repo = repo.scm_instance_no_cache()

			




	
	
	
		
 
            data.update(dict(

			




	
	
	
		
 
                tags=scm_repo.tags,

			




	
	
	
		
 
                branches=scm_repo.branches,

			




	
	
	
		
 
                bookmarks=scm_repo.bookmarks,

			




	
	
	
		
 
            ))

			




	
	
	
		
 
        if with_pullrequests:

			




	
	
	
		
 
            data['pull_requests'] = repo.pull_requests_other

			




	
	
	
		
 
        rc_config = Setting.get_app_settings()

			




	
	
	
		
 
        repository_fields = str2bool(rc_config.get('repository_fields'))

			




	
	
	
		
 
        if repository_fields:

			




	
	
	
		
 
            for f in self.extra_fields:

			




	
	
	
		
 
                data[f.field_key_prefixed] = f.field_value

			




	
	
	
		
 

			




	
	
	
		
 
        return data

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def last_db_change(self):

			




	
	
	
		
 
        return self.updated_on

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def clone_uri_hidden(self):

			




	
	
	
		
 
        clone_uri = self.clone_uri

			




	
	
	
		
 
        if clone_uri:

			




	
	
	
		
 
            import urlobject

			




	
	
	
		
 
            url_obj = urlobject.URLObject(self.clone_uri)

			




	
	
	
		
 
            if url_obj.password:

			




	
	
	
		
 
                clone_uri = url_obj.with_password('*****')

			




	
	
	
		
 
        return clone_uri

			




	
	
	
		
 

			




	
	
	
		
 
    def clone_url(self, clone_uri_tmpl, with_id=False, username=None):

			




	
	
	
		
 
        if '{repo}' not in clone_uri_tmpl and '_{repoid}' not in clone_uri_tmpl:

			




	
	
	
		
 
            log.error("Configured clone_uri_tmpl %r has no '{repo}' or '_{repoid}' and cannot toggle to use repo id URLs", clone_uri_tmpl)

			




	
	
	
		
 
        elif with_id:

			




	
	
	
		
 
            clone_uri_tmpl = clone_uri_tmpl.replace('{repo}', '_{repoid}')

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            clone_uri_tmpl = clone_uri_tmpl.replace('_{repoid}', '{repo}')

			




	
	
	
		
 

			




	
	
	
		
 
        import kallithea.lib.helpers as h

			




	
	
	
		
 
        prefix_url = h.canonical_url('home')

			




	
	
	
		
 

			




	
	
	
		
 
        return get_clone_url(clone_uri_tmpl=clone_uri_tmpl,

			




	
	
	
		
 
                             prefix_url=prefix_url,

			




	
	
	
		
 
                             repo_name=self.repo_name,

			




	
	
	
		
 
                             repo_id=self.repo_id,

			




	
	
	
		
 
                             username=username)

			




	
	
	
		
 

			




	
	
	
		
 
    def set_state(self, state):

			




	
	
	
		
 
        self.repo_state = state

			




	
	
	
		
 

			




	
	
	
		
 
    #==========================================================================

			




	
	
	
		
 
    # SCM PROPERTIES

			




	
	
	
		
 
    #==========================================================================

			




	
	
	
		
 

			




	
	
	
		
 
    def get_changeset(self, rev=None):

			




	
	
	
		
 
        return get_changeset_safe(self.scm_instance, rev)

			




	
	
	
		
 

			




	
	
	
		
 
    def get_landing_changeset(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Returns landing changeset, or if that doesn't exist returns the tip

			




	
	
	
		
 
        """

			




	
	
	
		
 
        _rev_type, _rev = self.landing_rev

			




	
	
	
		
 
        cs = self.get_changeset(_rev)

			




	
	
	
		
 
        if isinstance(cs, EmptyChangeset):

			




	
	
	
		
 
            return self.get_changeset()

			




	
	
	
		
 
        return cs

			




	
	
	
		
 

			




	
	
	
		
 
    def update_changeset_cache(self, cs_cache=None):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Update cache of last changeset for repository, keys should be::

			




	
	
	
		
 

			




	
	
	
		
 
            short_id

			




	
	
	
		
 
            raw_id

			




	
	
	
		
 
            revision

			




	
	
	
		
 
            message

			




	
	
	
		
 
            date

			




	
	
	
		
 
            author

			




	
	
	
		
 

			




	
	
	
		
 
        :param cs_cache:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        from kallithea.lib.vcs.backends.base import BaseChangeset

			




	
	
	
		
 
        if cs_cache is None:

			




	
	
	
		
 
            cs_cache = EmptyChangeset()

			




	
	
	
		
 
            # use no-cache version here

			




	
	
	
		
 
            scm_repo = self.scm_instance_no_cache()

			




	
	
	
		
 
            if scm_repo:

			




	
	
	
		
 
                cs_cache = scm_repo.get_changeset()

			




	
	
	
		
 

			




	
	
	
		
 
        if isinstance(cs_cache, BaseChangeset):

			




	
	
	
		
 
            cs_cache = cs_cache.__json__()

			




	
	
	
		
 

			




	
	
	
		
 
        if (not self.changeset_cache or cs_cache['raw_id'] != self.changeset_cache['raw_id']):

			




	
	
	
		
 
            _default = datetime.datetime.fromtimestamp(0)

			




	
	
	
		
 
            last_change = cs_cache.get('date') or _default

			




	
	
	
		
 
            log.debug('updated repo %s with new cs cache %s',

			




	
	
	
		
 
                      self.repo_name, cs_cache)

			




	
	
	
		
 
            self.updated_on = last_change

			




	
	
	
		
 
            self.changeset_cache = cs_cache

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            log.debug('changeset_cache for %s already up to date with %s',

			




	
	
	
		
 
                      self.repo_name, cs_cache['raw_id'])

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def tip(self):

			




	
	
	
		
 
        return self.get_changeset('tip')

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def author(self):

			




	
	
	
		
 
        return self.tip.author

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def last_change(self):

			




	
	
	
		
 
        return self.scm_instance.last_change

			




	
	
	
		
 

			




	
	
	
		
 
    def get_comments(self, revisions=None):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Returns comments for this repository grouped by revisions

			




	
	
	
		
 

			




	
	
	
		
 
        :param revisions: filter query by revisions only

			




	
	
	
		
 
        """

			




	
	
	
		
 
        cmts = ChangesetComment.query() \

			




	
	
	
		
 
            .filter(ChangesetComment.repo == self)

			




	
	
	
		
 
        if revisions is not None:

			




	
	
	
		
 
            if not revisions:

			




	
	
	
		
 
                return {} # don't use sql 'in' on empty set

			




	
	
	
		
 
            cmts = cmts.filter(ChangesetComment.revision.in_(revisions))

			




	
	
	
		
 
        grouped = collections.defaultdict(list)

			




	
	
	
		
 
        for cmt in cmts.all():

			




	
	
	
		
 
            grouped[cmt.revision].append(cmt)

			




	
	
	
		
 
        return grouped

			




	
	
	
		
 

			




	
	
	
		
 
    def statuses(self, revisions):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Returns statuses for this repository.

			




	
	
	
		
 
        PRs without any votes do _not_ show up as unreviewed.

			




	
	
	
		
 

			




	
	
	
		
 
        :param revisions: list of revisions to get statuses for

			




	
	
	
		
 
        """

			




	
	
	
		
 
        if not revisions:

			




	
	
	
		
 
            return {}

			




	
	
	
		
 

			




	
	
	
		
 
        statuses = ChangesetStatus.query() \

			




	
	
	
		
 
            .filter(ChangesetStatus.repo == self) \

			




	
	
	
		
 
            .filter(ChangesetStatus.version == 0) \

			




	
	
	
		
 
            .filter(ChangesetStatus.revision.in_(revisions))

			




	
	
	
		
 

			




	
	
	
		
 
        grouped = {}

			




	
	
	
		
 
        for stat in statuses.all():

			




	
	
	
		
 
            pr_id = pr_nice_id = pr_repo = None

			




	
	
	
		
 
            if stat.pull_request:

			




	
	
	
		
 
                pr_id = stat.pull_request.pull_request_id

			




	
	
	
		
 
                pr_nice_id = PullRequest.make_nice_id(pr_id)

			




	
	
	
		
 
                pr_repo = stat.pull_request.other_repo.repo_name

			




	
	
	
		
 
            grouped[stat.revision] = [str(stat.status), stat.status_lbl,

			




	
	
	
		
 
                                      pr_id, pr_repo, pr_nice_id,

			




	
	
	
		
 
                                      stat.author]

			




	
	
	
		
 
        return grouped

			




	
	
	
		
 

			




	
	
	
		
 
    def _repo_size(self):

			




	
	
	
		
 
        from kallithea.lib import helpers as h

			




	
	
	
		
 
        log.debug('calculating repository size...')

			




	
	
	
		
 
        return h.format_byte_size(self.scm_instance.size)

			




	
	
	
		
 

			




	
	
	
		
 
    #==========================================================================

			




	
	
	
		
 
    # SCM CACHE INSTANCE

			




	
	
	
		
 
    #==========================================================================

			




	
	
	
		
 

			




	
	
	
		
 
    def set_invalidate(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Mark caches of this repo as invalid.

			




	
	
	
		
 
        """

			




	
	
	
		
 
        CacheInvalidation.set_invalidate(self.repo_name)

			




	
	
	
		
 

			




	
	
	
		
 
    _scm_instance = None

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def scm_instance(self):

			




	
	
	
		
 
        if self._scm_instance is None:

			




	
	
	
		
 
            self._scm_instance = self.scm_instance_cached()

			




	
	
	
		
 
        return self._scm_instance

			




	
	
	
		
 

			




	
	
	
		
 
    def scm_instance_cached(self, valid_cache_keys=None):

			




	
	
	
		
 
        @cache_region('long_term', 'scm_instance_cached')

			




	
	
	
		
 
        def _c(repo_name): # repo_name is just for the cache key

			




	
	
	
		
 
            log.debug('Creating new %s scm_instance and populating cache', repo_name)

			




	
	
	
		
 
            return self.scm_instance_no_cache()

			




	
	
	
		
 
        rn = self.repo_name

			




	
	
	
		
 

			




	
	
	
		
 
        valid = CacheInvalidation.test_and_set_valid(rn, None, valid_cache_keys=valid_cache_keys)

			




	
	
	
		
 
        if not valid:

			




	
	
	
		
 
            log.debug('Cache for %s invalidated, getting new object', rn)

			




	
	
	
		
 
            region_invalidate(_c, None, 'scm_instance_cached', rn)

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            log.debug('Trying to get scm_instance of %s from cache', rn)

			




	
	
	
		
 
        return _c(rn)

			




	
	
	
		
 

			




	
	
	
		
 
    def scm_instance_no_cache(self):

			




	
	
	
		
 
        repo_full_path = self.repo_full_path

			




	
	
	
		
 
        alias = get_scm(repo_full_path)[0]

			




	
	
	
		
 
        log.debug('Creating instance of %s repository from %s',

			




	
	
	
		
 
                  alias, self.repo_full_path)

			




	
	
	
		
 
        backend = get_backend(alias)

			




	
	
	
		
 

			




	
	
	
		
 
        if alias == 'hg':

			




	
	
	
		
 
            repo = backend(repo_full_path, create=False,

			




	
	
	
		
 
                           baseui=self._ui)

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            repo = backend(repo_full_path, create=False)

			




	
	
	
		
 

			




	
	
	
		
 
        return repo

			




	
	
	
		
 

			




	
	
	
		
 
    def __json__(self):

			




	
	
	
		
 
        return dict(

			




	
	
	
		
 
            repo_id=self.repo_id,

			




	
	
	
		
 
            repo_name=self.repo_name,

			




	
	
	
		
 
            landing_rev=self.landing_rev,

			




	
	
	
		
 
        )

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class RepoGroup(Base, BaseDbModel):

			




	
	
	
		
 
    __tablename__ = 'groups'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
        _table_args_default_dict,

			




	
	
	
		
 
    )

			




	
	
	
		
 

			




	
	
	
		
 
    SEP = ' &raquo; '

			




	
	
	
		
 

			




	
	
	
		
 
    group_id = Column(Integer(), primary_key=True)

			




	
	
	
		
 
    group_name = Column(Unicode(255), nullable=False, unique=True) # full path

			




	
	
	
		
 
    parent_group_id = Column('group_parent_id', Integer(), ForeignKey('groups.group_id'), nullable=True)

			




	
	
	
		
 
    group_description = Column(Unicode(10000), nullable=False)

			




	
	
	
		
 
    owner_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)

			




	
	
	
		
 
    created_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

			




	
	
	
		
 

			




	
	
	
		
 
    repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')

			




	
	
	
		
 
    users_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')

			




	
	
	
		
 
    parent_group = relationship('RepoGroup', remote_side=group_id)

			




	
	
	
		
 
    owner = relationship('User')

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def query(cls, sorted=False):

			




	
	
	
		
 
        """Add RepoGroup-specific helpers for common query constructs.

			




	
	
	
		
 

			




	
	
	
		
 
        sorted: if True, apply the default ordering (name, case insensitive).

			




	
	
	
		
 
        """

			




	
	
	
		
 
        q = super(RepoGroup, cls).query()

			




	
	
	
		
 

			




	
	
	
		
 
        if sorted:

			




	
	
	
		
 
            q = q.order_by(sqlalchemy.func.lower(RepoGroup.group_name))

			




	
	
	
		
 

			




	
	
	
		
 
        return q

			




	
	
	
		
 

			




	
	
	
		
 
    def __init__(self, group_name='', parent_group=None):

			




	
	
	
		
 
        self.group_name = group_name

			




	
	
	
		
 
        self.parent_group = parent_group

			




	
	
	
		
 

			




	
	
	
		
 
    def __repr__(self):

			




	
	
	
		
 
        return "<%s %s: %s>" % (self.__class__.__name__,

			




	
	
	
		
 
                                self.group_id, self.group_name)

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def _generate_choice(cls, repo_group):

			




	
	
	
		
 
        """Return tuple with group_id and name as html literal"""

			




	
	
	
		
 
        from webhelpers2.html import literal

			




	
	
	
		
 
        if repo_group is None:

			




	
	
	
		
 
            return (-1, '-- %s --' % _('top level'))

			




	
	
	
		
 
        return repo_group.group_id, literal(cls.SEP.join(repo_group.full_path_splitted))

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def groups_choices(cls, groups):

			




	
	
	
		
 
        """Return tuples with group_id and name as html literal."""

			




	
	
	
		
 
        return sorted((cls._generate_choice(g) for g in groups),

			




	
	
	
		
 
                      key=lambda c: c[1].split(cls.SEP))

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def url_sep(cls):

			




	
	
	
		
 
        return URL_SEP

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def guess_instance(cls, value):

			




	
	
	
		
 
        return super(RepoGroup, cls).guess_instance(value, RepoGroup.get_by_group_name)

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):

			




	
	
	
		
 
        group_name = group_name.rstrip('/')

			




	
	
	
		
 
        if case_insensitive:

			




	
	
	
		
 
            gr = cls.query() \

			




	
	
	
		
 
                .filter(sqlalchemy.func.lower(cls.group_name) == sqlalchemy.func.lower(group_name))

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            gr = cls.query() \

			




	
	
	
		
 
                .filter(cls.group_name == group_name)

			




	
	
	
		
 
        if cache:

			




	
	
	
		
 
            gr = gr.options(FromCache(

			




	
	
	
		
 
                            "sql_cache_short",

			




	
	
	
		
 
                            "get_group_%s" % _hash_key(group_name)

			




	
	
	
		
 
                            )

			




	
	
	
		
 
            )

			




	
	
	
		
 
        return gr.scalar()

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def parents(self):

			




	
	
	
		
 
        groups = []

			




	
	
	
		
 
        group = self.parent_group

			




	
	
	
		
 
        while group is not None:

			




	
	
	
		
 
            groups.append(group)

			




	
	
	
		
 
            group = group.parent_group

			




	
	
	
		
 
            assert group not in groups, group # avoid recursion on bad db content

			




	
	
	
		
 
        groups.reverse()

			




	
	
	
		
 
        return groups

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def children(self):

			




	
	
	
		
 
        return RepoGroup.query().filter(RepoGroup.parent_group == self)

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def name(self):

			




	
	
	
		
 
        return self.group_name.split(RepoGroup.url_sep())[-1]

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def full_path(self):

			




	
	
	
		
 
        return self.group_name

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def full_path_splitted(self):

			




	
	
	
		
 
        return self.group_name.split(RepoGroup.url_sep())

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def repositories(self):

			




	
	
	
		
 
        return Repository.query(sorted=True).filter_by(group=self)

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def repositories_recursive_count(self):

			




	
	
	
		
 
        cnt = self.repositories.count()

			




	
	
	
		
 

			




	
	
	
		
 
        def children_count(group):

			




	
	
	
		
 
            cnt = 0

			




	
	
	
		
 
            for child in group.children:

			




	
	
	
		
 
                cnt += child.repositories.count()

			




	
	
	
		
 
                cnt += children_count(child)

			




	
	
	
		
 
            return cnt

			




	
	
	
		
 

			




	
	
	
		
 
        return cnt + children_count(self)

			




	
	
	
		
 

			




	
	
	
		
 
    def _recursive_objects(self, include_repos=True):

			




	
	
	
		
 
        all_ = []

			




	
	
	
		
 

			




	
	
	
		
 
        def _get_members(root_gr):

			




	
	
	
		
 
            if include_repos:

			




	
	
	
		
 
                for r in root_gr.repositories:

			




	
	
	
		
 
                    all_.append(r)

			




	
	
	
		
 
            childs = root_gr.children.all()

			




	
	
	
		
 
            if childs:

			




	
	
	
		
 
                for gr in childs:

			




	
	
	
		
 
                    all_.append(gr)

			




	
	
	
		
 
                    _get_members(gr)

			




	
	
	
		
 

			




	
	
	
		
 
        _get_members(self)

			




	
	
	
		
 
        return [self] + all_

			




	
	
	
		
 

			




	
	
	
		
 
    def recursive_groups_and_repos(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Recursive return all groups, with repositories in those groups

			




	
	
	
		
 
        """

			




	
	
	
		
 
        return self._recursive_objects()

			




	
	
	
		
 

			




	
	
	
		
 
    def recursive_groups(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Returns all children groups for this group including children of children

			




	
	
	
		
 
        """

			




	
	
	
		
 
        return self._recursive_objects(include_repos=False)

			




	
	
	
		
 

			




	
	
	
		
 
    def get_new_name(self, group_name):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        returns new full group name based on parent and new name

			




	
	
	
		
 

			




	
	
	
		
 
        :param group_name:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        path_prefix = (self.parent_group.full_path_splitted if

			




	
	
	
		
 
                       self.parent_group else [])

			




	
	
	
		
 
        return RepoGroup.url_sep().join(path_prefix + [group_name])

			




	
	
	
		
 

			




	
	
	
		
 
    def get_api_data(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Common function for generating api data

			




	
	
	
		
 

			




	
	
	
		
 
        """

			




	
	
	
		
 
        group = self

			




	
	
	
		
 
        data = dict(

			




	
	
	
		
 
            group_id=group.group_id,

			




	
	
	
		
 
            group_name=group.group_name,

			




	
	
	
		
 
            group_description=group.group_description,

			




	
	
	
		
 
            parent_group=group.parent_group.group_name if group.parent_group else None,

			




	
	
	
		
 
            repositories=[x.repo_name for x in group.repositories],

			




	
	
	
		
 
            owner=group.owner.username

			




	
	
	
		
 
        )

			




	
	
	
		
 
        return data

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class Permission(Base, BaseDbModel):

			




	
	
	
		
 
    __tablename__ = 'permissions'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
        Index('p_perm_name_idx', 'permission_name'),

			




	
	
	
		
 
        _table_args_default_dict,

			




	
	
	
		
 
    )

			




	
	
	
		
 

			




	
	
	
		
 
    PERMS = (

			




	
	
	
		
 
        ('hg.admin', _('Kallithea Administrator')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('repository.none', _('Default user has no access to new repositories')),

			




	
	
	
		
 
        ('repository.read', _('Default user has read access to new repositories')),

			




	
	
	
		
 
        ('repository.write', _('Default user has write access to new repositories')),

			




	
	
	
		
 
        ('repository.admin', _('Default user has admin access to new repositories')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('group.none', _('Default user has no access to new repository groups')),

			




	
	
	
		
 
        ('group.read', _('Default user has read access to new repository groups')),

			




	
	
	
		
 
        ('group.write', _('Default user has write access to new repository groups')),

			




	
	
	
		
 
        ('group.admin', _('Default user has admin access to new repository groups')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('usergroup.none', _('Default user has no access to new user groups')),

			




	
	
	
		
 
        ('usergroup.read', _('Default user has read access to new user groups')),

			




	
	
	
		
 
        ('usergroup.write', _('Default user has write access to new user groups')),

			




	
	
	
		
 
        ('usergroup.admin', _('Default user has admin access to new user groups')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.repogroup.create.false', _('Only admins can create repository groups')),

			




	
	
	
		
 
        ('hg.repogroup.create.true', _('Non-admins can create repository groups')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.usergroup.create.false', _('Only admins can create user groups')),

			




	
	
	
		
 
        ('hg.usergroup.create.true', _('Non-admins can create user groups')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.create.none', _('Only admins can create top level repositories')),

			




	
	
	
		
 
        ('hg.create.repository', _('Non-admins can create top level repositories')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.create.write_on_repogroup.true', _('Repository creation enabled with write permission to a repository group')),

			




	
	
	
		
 
        ('hg.create.write_on_repogroup.false', _('Repository creation disabled with write permission to a repository group')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.fork.none', _('Only admins can fork repositories')),

			




	
	
	
		
 
        ('hg.fork.repository', _('Non-admins can fork repositories')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.register.none', _('Registration disabled')),

			




	
	
	
		
 
        ('hg.register.manual_activate', _('User registration with manual account activation')),

			




	
	
	
		
 
        ('hg.register.auto_activate', _('User registration with automatic account activation')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.extern_activate.manual', _('Manual activation of external account')),

			




	
	
	
		
 
        ('hg.extern_activate.auto', _('Automatic activation of external account')),

			




	
	
	
		
 
    )

			




	
	
	
		
 

			




	
	
	
		
 
    # definition of system default permissions for DEFAULT user

			




	
	
	
		
 
    DEFAULT_USER_PERMISSIONS = (

			




	
	
	
		
 
        'repository.read',

			




	
	
	
		
 
        'group.read',

			




	
	
	
		
 
        'usergroup.read',

			




	
	
	
		
 
        'hg.create.repository',

			




	
	
	
		
 
        'hg.create.write_on_repogroup.true',

			




	
	
	
		
 
        'hg.fork.repository',

			




	
	
	
		
 
        'hg.register.manual_activate',

			




	
	
	
		
 
        'hg.extern_activate.auto',

			




	
	
	
		
 
    )

			




	
	
	
		
 

			




	
	
	
		
 
    # defines which permissions are more important higher the more important

			




	
	
	
		
 
    # Weight defines which permissions are more important.

			




	
	
	
		
 
    # The higher number the more important.

			




	
	
	
		
 
    PERM_WEIGHTS = {

			




	
	
	
		
 
        'repository.none': 0,

			




	
	
	
		
 
        'repository.read': 1,

			




	
	
	
		
 
        'repository.write': 3,

			




	
	
	
		
 
        'repository.admin': 4,

			




	
	
	
		
 

			




	
	
	
		
 
        'group.none': 0,

			




	
	
	
		
 
        'group.read': 1,

			




	
	
	
		
 
        'group.write': 3,

			




	
	
	
		
 
        'group.admin': 4,

			




	
	
	
		
 

			




	
	
	
		
 
        'usergroup.none': 0,

			




	
	
	
		
 
        'usergroup.read': 1,

			




	
	
	
		
 
        'usergroup.write': 3,

			




	
	
	
		
 
        'usergroup.admin': 4,

			




	
	
	
		
 

			




	
	
	
		
 
        'hg.repogroup.create.false': 0,

			




	
	
	
		
 
        'hg.repogroup.create.true': 1,

			




	
	
	
		
 

			




	
	
	
		
 
        'hg.usergroup.create.false': 0,

			




	
	
	
		
 
        'hg.usergroup.create.true': 1,

			




	
	
	
		
 

			




	
	
	
		
 
        'hg.fork.none': 0,

			




	
	
	
		
 
        'hg.fork.repository': 1,

			




	
	
	
		
 

			




	
	
	
		
 
        'hg.create.none': 0,

			




	
	
	
		
 
        'hg.create.repository': 1,

			




	
	
	
		
 

			




	
	
	
		
 
        'hg.create.write_on_repogroup.false': 0,

			




	
	
	
		
 
        'hg.create.write_on_repogroup.true': 1,

			




	
	
	
		
 

			




	
	
	
		
 
        'hg.register.none': 0,

			




	
	
	
		
 
        'hg.register.manual_activate': 1,

			




	
	
	
		
 
        'hg.register.auto_activate': 2,

			




	
	
	
		
 

			




	
	
	
		
 
        'hg.extern_activate.manual': 0,

			




	
	
	
		
 
        'hg.extern_activate.auto': 1,

			




	
	
	
		
 
    }

			




	
	
	
		
 

			




	
	
	
		
 
    permission_id = Column(Integer(), primary_key=True)

			




	
	
	
		
 
    permission_name = Column(String(255), nullable=False)

			




	
	
	
		
 

			




	
	
	
		
 
    def __repr__(self):

			




	
	
	
		
 
        return "<%s %s: %r>" % (

			




	
	
	
		
 
            self.__class__.__name__, self.permission_id, self.permission_name

			




	
	
	
		
 
        )

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def guess_instance(cls, value):

			




	
	
	
		
 
        return super(Permission, cls).guess_instance(value, Permission.get_by_key)

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def get_by_key(cls, key):

			




	
	
	
		
 
        return cls.query().filter(cls.permission_name == key).scalar()

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def get_default_perms(cls, default_user_id):

			




	
	
	
		
 
        q = Session().query(UserRepoToPerm, Repository, cls) \

			




	
	
	
		
 
         .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id)) \

			




	
	
	
		
 
         .join((cls, UserRepoToPerm.permission_id == cls.permission_id)) \

			




	
	
	
		
 
        q = Session().query(UserRepoToPerm) \

			




	
	
	
		
 
         .options(joinedload(UserRepoToPerm.repository)) \

			




	
	
	
		
 
         .options(joinedload(UserRepoToPerm.permission)) \

			




	
	
	
		
 
         .filter(UserRepoToPerm.user_id == default_user_id)

			




	
	
	
		
 

			




	
	
	
		
 
        return q.all()

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def get_default_group_perms(cls, default_user_id):

			




	
	
	
		
 
        q = Session().query(UserRepoGroupToPerm, RepoGroup, cls) \

			




	
	
	
		
 
         .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id)) \

			




	
	
	
		
 
         .join((cls, UserRepoGroupToPerm.permission_id == cls.permission_id)) \

			




	
	
	
		
 
        q = Session().query(UserRepoGroupToPerm) \

			




	
	
	
		
 
         .options(joinedload(UserRepoGroupToPerm.group)) \

			




	
	
	
		
 
         .options(joinedload(UserRepoGroupToPerm.permission)) \

			




	
	
	
		
 
         .filter(UserRepoGroupToPerm.user_id == default_user_id)

			




	
	
	
		
 

			




	
	
	
		
 
        return q.all()

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def get_default_user_group_perms(cls, default_user_id):

			




	
	
	
		
 
        q = Session().query(UserUserGroupToPerm, UserGroup, cls) \

			




	
	
	
		
 
         .join((UserGroup, UserUserGroupToPerm.user_group_id == UserGroup.users_group_id)) \

			




	
	
	
		
 
         .join((cls, UserUserGroupToPerm.permission_id == cls.permission_id)) \

			




	
	
	
		
 
        q = Session().query(UserUserGroupToPerm) \

			




	
	
	
		
 
         .options(joinedload(UserUserGroupToPerm.user_group)) \

			




	
	
	
		
 
         .options(joinedload(UserUserGroupToPerm.permission)) \

			




	
	
	
		
 
         .filter(UserUserGroupToPerm.user_id == default_user_id)

			




	
	
	
		
 

			




	
	
	
		
 
        return q.all()

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class UserRepoToPerm(Base, BaseDbModel):

			




	
	
	
		
 
    __tablename__ = 'repo_to_perm'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
        UniqueConstraint('user_id', 'repository_id', 'permission_id'),

			




	
	
	
		
 
        _table_args_default_dict,

			




	
	
	
		
 
    )

			




	
	
	
		
 

			




	
	
	
		
 
    repo_to_perm_id = Column(Integer(), primary_key=True)

			




	
	
	
		
 
    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

			




	
	
	
		
 
    permission_id = Column(Integer(), ForeignKey('permissions.permission_id'), nullable=False)

			




	
	
	
		
 
    repository_id = Column(Integer(), ForeignKey('repositories.repo_id'), nullable=False)

			




	
	
	
		
 

			




	
	
	
		
 
    user = relationship('User')

			




	
	
	
		
 
    repository = relationship('Repository')

			




	
	
	
		
 
    permission = relationship('Permission')

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def create(cls, user, repository, permission):

			




	
	
	
		
 
        n = cls()

			




	
	
	
		
 
        n.user = user

			




	
	
	
		
 
        n.repository = repository

			




	
	
	
		
 
        n.permission = permission

			




	
	
	
		
 
        Session().add(n)

			




	
	
	
		
 
        return n

			




	
	
	
		
 

			




	
	
	
		
 
    def __repr__(self):

			




	
	
	
		
 
        return '<%s %s at %s: %s>' % (

			




	
	
	
		
 
            self.__class__.__name__, self.user, self.repository, self.permission)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class UserUserGroupToPerm(Base, BaseDbModel):

			




	
	
	
		
 
    __tablename__ = 'user_user_group_to_perm'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
        UniqueConstraint('user_id', 'user_group_id', 'permission_id'),

			




	
	
	
		
 
        _table_args_default_dict,

			




	
	
	
		
 
    )

			




	
	
	
		
 

			




	
	
	
		
 
    user_user_group_to_perm_id = Column(Integer(), primary_key=True)

			




	
	
	
		
 
    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

			




	
	
	
		
 
    permission_id = Column(Integer(), ForeignKey('permissions.permission_id'), nullable=False)

			




	
	
	
		
 
    user_group_id = Column(Integer(), ForeignKey('users_groups.users_group_id'), nullable=False)

			




	
	
	
		
 

			




	
	
	
		
 
    user = relationship('User')

			




	
	
	
		
 
    user_group = relationship('UserGroup')

			




	
	
	
		
 
    permission = relationship('Permission')

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def create(cls, user, user_group, permission):

			




	
	
	
		
 
        n = cls()

			




	
	
	
		
 
        n.user = user

			




	
	
	
		
 
        n.user_group = user_group

			




	
	
	
		
 
        n.permission = permission

			




	
	
	
		
 
        Session().add(n)

			




	
	
	
		
 
        return n

			




	
	
	
		
 

			




	
	
	
		
 
    def __repr__(self):

			




	
	
	
		
 
        return '<%s %s at %s: %s>' % (

			




	
	
	
		
 
            self.__class__.__name__, self.user, self.user_group, self.permission)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class UserToPerm(Base, BaseDbModel):

			




	
	
	
		
 
    __tablename__ = 'user_to_perm'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
        UniqueConstraint('user_id', 'permission_id'),

			




	
	
	
		
 
        _table_args_default_dict,

			




	
	
	
		
 
    )

			




	
	
	
		
 

			




	
	
	
		
 
    user_to_perm_id = Column(Integer(), primary_key=True)

			




	
	
	
		
 
    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

			




	
	
	
		
 
    permission_id = Column(Integer(), ForeignKey('permissions.permission_id'), nullable=False)

			




	
	
	
		
 

			




	
	
	
		
 
    user = relationship('User')

			




	
	
	
		
 
    permission = relationship('Permission')

			




	
	
	
		
 

			




	
	
	
		
 
    def __repr__(self):

			




	
	
	
		
 
        return '<%s %s: %s>' % (

			




	
	
	
		
 
            self.__class__.__name__, self.user, self.permission)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class UserGroupRepoToPerm(Base, BaseDbModel):

			




	
	
	
		
 
    __tablename__ = 'users_group_repo_to_perm'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
        UniqueConstraint('repository_id', 'users_group_id', 'permission_id'),

			




	
	
	
		
 
        _table_args_default_dict,

			




	
	
	
		
 
    )

			




	
	
	
		
 

			




	
	
	
		
 
    users_group_to_perm_id = Column(Integer(), primary_key=True)

			




	
	
	
		
 
    users_group_id = Column(Integer(), ForeignKey('users_groups.users_group_id'), nullable=False)

			




	
	
	
		
 
    permission_id = Column(Integer(), ForeignKey('permissions.permission_id'), nullable=False)

			




	
	
	
		
 
    repository_id = Column(Integer(), ForeignKey('repositories.repo_id'), nullable=False)

			




	
	
	
		
 

			




	
	
	
		
 
    users_group = relationship('UserGroup')

			




	
	
	
		
 
    permission = relationship('Permission')

			




	
	
	
		
 
    repository = relationship('Repository')

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def create(cls, users_group, repository, permission):

			




	
	
	
		
 
        n = cls()

			




	
	
	
		
 
        n.users_group = users_group

			




	
	
	
		
 
        n.repository = repository

			




	
	
	
		
 
        n.permission = permission

			




	
	
	
		
 
        Session().add(n)

			




	
	
	
		
 
        return n

			




	
	
	
		
 

			




	
	
	
		
 
    def __repr__(self):

			




	
	
	
		
 
        return '<%s %s at %s: %s>' % (

			




	
	
	
		
 
            self.__class__.__name__, self.users_group, self.repository, self.permission)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class UserGroupUserGroupToPerm(Base, BaseDbModel):

			




	
	
	
		
 
    __tablename__ = 'user_group_user_group_to_perm'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
        UniqueConstraint('target_user_group_id', 'user_group_id', 'permission_id'),

			




	
	
	
		
 
        _table_args_default_dict,

			




	
	
	
		
 
    )

			




	
	
	
		
 

			




	
	
	
		
 
    user_group_user_group_to_perm_id = Column(Integer(), primary_key=True)

			




	
	
	
		
 
    target_user_group_id = Column(Integer(), ForeignKey('users_groups.users_group_id'), nullable=False)

			




	
	
	
		
 
    permission_id = Column(Integer(), ForeignKey('permissions.permission_id'), nullable=False)

			




	
	
	
		
 
    user_group_id = Column(Integer(), ForeignKey('users_groups.users_group_id'), nullable=False)

			




	
	
	
		
 

			




	
	
	
		
 
    target_user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id')

			




	
	
	
		
 
    user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.user_group_id==UserGroup.users_group_id')

			




	
	
	
		
 
    permission = relationship('Permission')

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def create(cls, target_user_group, user_group, permission):

			




	
	
	
		
 
        n = cls()

			




	
	
	
		
 
        n.target_user_group = target_user_group

			




	
	
	
		
 
        n.user_group = user_group

			




	
	
	
		
 
        n.permission = permission

			




	
	
	
		
 
        Session().add(n)

			




	
	
	
		
 
        return n

			




	
	
	
		
 

			




	
	
	
		
 
    def __repr__(self):

			




	
	
	
		
 
        return '<%s %s at %s: %s>' % (

			




	
	
	
		
 
            self.__class__.__name__, self.user_group, self.target_user_group, self.permission)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class UserGroupToPerm(Base, BaseDbModel):

			




	
	
	
		
 
    __tablename__ = 'users_group_to_perm'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
        UniqueConstraint('users_group_id', 'permission_id',),

			




	
	
	
		
 
        _table_args_default_dict,

			




	
	
	
		
 
    )

			




	
	
	
		
 

			




	
	
	
		
 
    users_group_to_perm_id = Column(Integer(), primary_key=True)

			




	
	
	
		
 
    users_group_id = Column(Integer(), ForeignKey('users_groups.users_group_id'), nullable=False)

			




	
	
	
		
 
    permission_id = Column(Integer(), ForeignKey('permissions.permission_id'), nullable=False)

			




	
	
	
		
 

			




	
	
	
		
 
    users_group = relationship('UserGroup')

			




	
	
	
		
 
    permission = relationship('Permission')

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class UserRepoGroupToPerm(Base, BaseDbModel):

			




	
	
	
		
 
    __tablename__ = 'user_repo_group_to_perm'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
        UniqueConstraint('user_id', 'group_id', 'permission_id'),

			




	
	
	
		
 
        _table_args_default_dict,

			




	
	
	
		
 
    )

			




	
	
	
		
 

			




	
	
	
		
 
    group_to_perm_id = Column(Integer(), primary_key=True)

			




	
	
	
		
 
    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

			




	
	
	
		
 
    group_id = Column(Integer(), ForeignKey('groups.group_id'), nullable=False)

			




	
	
	
		
 
    permission_id = Column(Integer(), ForeignKey('permissions.permission_id'), nullable=False)

			




	
	
	
		
 

			




	
	
	
		
 
    user = relationship('User')

			




	
	
	
		
 
    group = relationship('RepoGroup')

			




	
	
	
		
 
    permission = relationship('Permission')

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def create(cls, user, repository_group, permission):

			




	
	
	
		
 
        n = cls()

			




	
	
	
		
 
        n.user = user

			




	
	
	
		
 
        n.group = repository_group

			




	
	
	
		
 
        n.permission = permission

			




	
	
	
		
 
        Session().add(n)

			




	
	
	
		
 
        return n

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class UserGroupRepoGroupToPerm(Base, BaseDbModel):

			




	
	
	
		
 
    __tablename__ = 'users_group_repo_group_to_perm'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
        UniqueConstraint('users_group_id', 'group_id'),

			




	
	
	
		
 
        _table_args_default_dict,

			




	
	
	
		
 
    )

			




	
	
	
		
 

			




	
	
	
		
 
    users_group_repo_group_to_perm_id = Column(Integer(), primary_key=True)

			




	
	
	
		
 
    users_group_id = Column(Integer(), ForeignKey('users_groups.users_group_id'), nullable=False)

			




	
	
	
		
 
    group_id = Column(Integer(), ForeignKey('groups.group_id'), nullable=False)

			




	
	
	
		
 
    permission_id = Column(Integer(), ForeignKey('permissions.permission_id'), nullable=False)

			




	
	
	
		
 

			




	
	
	
		
 
    users_group = relationship('UserGroup')

			




	
	
	
		
 
    permission = relationship('Permission')

			




	
	
	
		
 
    group = relationship('RepoGroup')

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def create(cls, user_group, repository_group, permission):

			




	
	
	
		
 
        n = cls()

			




	
	
	
		
 
        n.users_group = user_group

			




	
	
	
		
 
        n.group = repository_group

			




	
	
	
		
 
        n.permission = permission

			




	
	
	
		
 
        Session().add(n)

			




	
	
	
		
 
        return n

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class Statistics(Base, BaseDbModel):

			




	
	
	
		
 
    __tablename__ = 'statistics'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
         _table_args_default_dict,

			




	
	
	
		
 
    )

			




	
	
	
		
 

			




	
	
	
		
 
    stat_id = Column(Integer(), primary_key=True)

			




	
	
	
		
 
    repository_id = Column(Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=True)

			




	
	
	
		
 
    stat_on_revision = Column(Integer(), nullable=False)

			




	
	
	
		
 
    commit_activity = Column(LargeBinary(1000000), nullable=False) # JSON data

			




	
	
	
		
 
    commit_activity_combined = Column(LargeBinary(), nullable=False) # JSON data

			




	
	
	
		
 
    languages = Column(LargeBinary(1000000), nullable=False) # JSON data

			




	
	
	
		
 

			




	
	
	
		
 
    repository = relationship('Repository', single_parent=True)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class UserFollowing(Base, BaseDbModel):

			




	
	
	
		
 
    __tablename__ = 'user_followings'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
        UniqueConstraint('user_id', 'follows_repository_id', name='uq_user_followings_user_repo'),

			




	
	
	
		
 
        UniqueConstraint('user_id', 'follows_user_id', name='uq_user_followings_user_user'),

			




	
	
	
		
 
        _table_args_default_dict,

			




	
	
	
		
 
    )

			




	
	
	
		
 

			




	
	
	
		
 
    user_following_id = Column(Integer(), primary_key=True)

			




	
	
	
		
 
    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

			




	
	
	
		
 
    follows_repository_id = Column(Integer(), ForeignKey('repositories.repo_id'), nullable=True)

			




	
	
	
		
 
    follows_user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=True)

			




	
	
	
		
 
    follows_from = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

			




	
	
	
		
 

			




	
	
	
		
 
    user = relationship('User', primaryjoin='User.user_id==UserFollowing.user_id')

			




	
	
	
		
 

			




	
	
	
		
 
    follows_user = relationship('User', primaryjoin='User.user_id==UserFollowing.follows_user_id')

			




	
	
	
		
 
    follows_repository = relationship('Repository', order_by=lambda: sqlalchemy.func.lower(Repository.repo_name))

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def get_repo_followers(cls, repo_id):

			




	
	
	
		
 
        return cls.query().filter(cls.follows_repository_id == repo_id)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class CacheInvalidation(Base, BaseDbModel):

			




	
	
	
		
 
    __tablename__ = 'cache_invalidation'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
        Index('key_idx', 'cache_key'),

			




	
	
	
		
 
        _table_args_default_dict,

			




	
	
	
		
 
    )

			




	
	
	
		
 

			




	
	
	
		
 
    # cache_id, not used

			




	
	
	
		
 
    cache_id = Column(Integer(), primary_key=True)

			




	
	
	
		
 
    # cache_key as created by _get_cache_key

			




	
	
	
		
 
    cache_key = Column(Unicode(255), nullable=False, unique=True)

			




	
	
	
		
 
    # cache_args is a repo_name

			




	
	
	
		
 
    cache_args = Column(Unicode(255), nullable=False)

			




	
	
	
		
 
    # instance sets cache_active True when it is caching, other instances set

			




	
	
	
		
 
    # cache_active to False to indicate that this cache is invalid

			




	
	
	
		
 
    cache_active = Column(Boolean(), nullable=False, default=False)

			




	
	
	
		
 

			




	
	
	
		
 
    def __init__(self, cache_key, repo_name=''):

			




	
	
	
		
 
        self.cache_key = cache_key

			




	
	
	
		
 
        self.cache_args = repo_name

			




	
	
	
		
 
        self.cache_active = False

			




	
	
	
		
 

			




	
	
	
		
 
    def __repr__(self):

			




	
	
	
		
 
        return "<%s %s: %s=%s" % (

			




	
	
	
		
 
            self.__class__.__name__,

			




	
	
	
		
 
            self.cache_id, self.cache_key, self.cache_active)

			




	
	
	
		
 

			




	
	
	
		
 
    def _cache_key_partition(self):

			




	
	
	
		
 
        prefix, repo_name, suffix = self.cache_key.partition(self.cache_args)

			




	
	
	
		
 
        return prefix, repo_name, suffix

			




	
	
	
		
 

			




	
	
	
		
 
    def get_prefix(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        get prefix that might have been used in _get_cache_key to

			




	
	
	
		
 
        generate self.cache_key. Only used for informational purposes

			




	
	
	
		
 
        in repo_edit.html.

			




	
	
	
		
 
        """

			




	
	
	
		
 
        # prefix, repo_name, suffix

			




	
	
	
		
 
        return self._cache_key_partition()[0]

			




	
	
	
		
 

			




	
	
	
		
 
    def get_suffix(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        get suffix that might have been used in _get_cache_key to

			




	
	
	
		
 
        generate self.cache_key. Only used for informational purposes

			




	
	
	
		
 
        in repo_edit.html.

			




	
	
	
		
 
        """

			




	
	
	
		
 
        # prefix, repo_name, suffix

			




	
	
	
		
 
        return self._cache_key_partition()[2]

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def clear_cache(cls):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Delete all cache keys from database.

			




	
	
	
		
 
        Should only be run when all instances are down and all entries thus stale.

			




	
	
	
		
 
        """

			




	
	
	
		
 
        cls.query().delete()

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def _get_cache_key(cls, key):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Wrapper for generating a unique cache key for this instance and "key".

			




	
	
	
		
 
        key must / will start with a repo_name which will be stored in .cache_args .

			




	
	
	
		
 
        """

			




	
	
	
		
 
        prefix = kallithea.CONFIG.get('instance_id', '')

			




	
	
	
		
 
        return "%s%s" % (prefix, key)

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def set_invalidate(cls, repo_name):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Mark all caches of a repo as invalid in the database.

			




	
	
	
		
 
        """

			




	
	
	
		
 
        inv_objs = Session().query(cls).filter(cls.cache_args == repo_name).all()

			




	
	
	
		
 
        log.debug('for repo %s got %s invalidation objects',

			




	
	
	
		
 
                  repo_name, inv_objs)

			




	
	
	
		
 

			




	
	
	
		
 
        for inv_obj in inv_objs:

			




	
	
	
		
 
            log.debug('marking %s key for invalidation based on repo_name=%s',

			




	
	
	
		
 
                      inv_obj, repo_name)

			




	
	
	
		
 
            Session().delete(inv_obj)

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def test_and_set_valid(cls, repo_name, kind, valid_cache_keys=None):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Mark this cache key as active and currently cached.

			




	
	
	
		
 
        Return True if the existing cache registration still was valid.

			




	
	
	
		
 
        Return False to indicate that it had been invalidated and caches should be refreshed.

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        key = (repo_name + '_' + kind) if kind else repo_name

			




	
	
	
		
 
        cache_key = cls._get_cache_key(key)

			




	
	
	
		
 

			




	
	
	
		
 
        if valid_cache_keys and cache_key in valid_cache_keys:

			




	
	
	
		
 
            return True

			




	
	
	
		
 

			




	
	
	
		
 
        inv_obj = cls.query().filter(cls.cache_key == cache_key).scalar()

			




	
	
	
		
 
        if inv_obj is None:

			




	
	
	
		
 
            inv_obj = cls(cache_key, repo_name)

			




	
	
	
		
 
            Session().add(inv_obj)

			




	
	
	
		
 
        elif inv_obj.cache_active:

			




	
	
	
		
 
            return True

			




	
	
	
		
 
        inv_obj.cache_active = True

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 
        except sqlalchemy.exc.IntegrityError:

			




	
	
	
		
 
            log.error('commit of CacheInvalidation failed - retrying')

			




	
	
	
		
 
            Session().rollback()

			




	
	
	
		
 
            inv_obj = cls.query().filter(cls.cache_key == cache_key).scalar()

			




	
	
	
		
 
            if inv_obj is None:

			




	
	
	
		
 
                log.error('failed to create CacheInvalidation entry')

			




	
	
	
		
 
                # TODO: fail badly?

			




	
	
	
		
 
            # else: TOCTOU - another thread added the key at the same time; no further action required

			




	
	
	
		
 
        return False

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def get_valid_cache_keys(cls):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Return opaque object with information of which caches still are valid

			




	
	
	
		
 
        and can be used without checking for invalidation.

			




	
	
	
		
 
        """

			




	
	
	
		
 
        return set(inv_obj.cache_key for inv_obj in cls.query().filter(cls.cache_active).all())

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class ChangesetComment(Base, BaseDbModel):

			




	
	
	
		
 
    __tablename__ = 'changeset_comments'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
        Index('cc_revision_idx', 'revision'),

			




	
	
	
		
 
        Index('cc_pull_request_id_idx', 'pull_request_id'),

			




	
	
	
		
 
        _table_args_default_dict,

			




	
	
	
		
 
    )

			




	
	
	
		
 

			




	
	
	
		
 
    comment_id = Column(Integer(), primary_key=True)

			




	
	
	
		
 
    repo_id = Column(Integer(), ForeignKey('repositories.repo_id'), nullable=False)

			




	
	
	
		
 
    revision = Column(String(40), nullable=True)

			




	
	
	
		
 
    pull_request_id = Column(Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)

			




	
	
	
		
 
    line_no = Column(Unicode(10), nullable=True)

			




	
	
	
		
 
    f_path = Column(Unicode(1000), nullable=True)

			




	
	
	
		
 
    author_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)

			




	
	
	
		
 
    text = Column(UnicodeText(), nullable=False)

			




	
	
	
		
 
    created_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

			




	
	
	
		
 
    modified_at = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

			




	
	
	
		
 

			




	
	
	
		
 
    author = relationship('User')

			




	
	
	
		
 
    repo = relationship('Repository')

			




	
	
	
		
 
    # status_change is frequently used directly in templates - make it a lazy

			




	
	
	
		
 
    # join to avoid fetching each related ChangesetStatus on demand.

			




	
	
	
		
 
    # There will only be one ChangesetStatus referencing each comment so the join will not explode.

			




	
	
	
		
 
    status_change = relationship('ChangesetStatus',

			




	
	
	
		
 
                                 cascade="all, delete-orphan", lazy='joined')

			




	
	
	
		
 
    pull_request = relationship('PullRequest')

			




	
	
	
		
 

			




	
	
	
		
 
    def url(self):

			




	
	
	
		
 
        anchor = "comment-%s" % self.comment_id

			




	
	
	
		
 
        import kallithea.lib.helpers as h

			




	
	
	
		
 
        if self.revision:

			




	
	
	
		
 
            return h.url('changeset_home', repo_name=self.repo.repo_name, revision=self.revision, anchor=anchor)

			




	
	
	
		
 
        elif self.pull_request_id is not None:

			




	
	
	
		
 
            return self.pull_request.url(anchor=anchor)

			




	
	
	
		
 

			




	
	
	
		
 
    def __json__(self):

			




	
	
	
		
 
        return dict(

			




	
	
	
		
 
            comment_id=self.comment_id,

			




	
	
	
		
 
            username=self.author.username,

			




	
	
	
		
 
            text=self.text,

			




	
	
	
		
 
        )

			




	
	
	
		
 

			




	
	
	
		
 
    def deletable(self):

			




	
	
	
		
 
        return self.created_on > datetime.datetime.now() - datetime.timedelta(minutes=5)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class ChangesetStatus(Base, BaseDbModel):

			




	
	
	
		
 
    __tablename__ = 'changeset_statuses'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
        Index('cs_revision_idx', 'revision'),

			




	
	
	
		
 
        Index('cs_version_idx', 'version'),

			




	
	
	
		
 
        Index('cs_pull_request_id_idx', 'pull_request_id'),

			




	
	
	
		
 
        Index('cs_changeset_comment_id_idx', 'changeset_comment_id'),

			




	
	
	
		
 
        Index('cs_pull_request_id_user_id_version_idx', 'pull_request_id', 'user_id', 'version'),

			




	
	
	
		
 
        Index('cs_repo_id_pull_request_id_idx', 'repo_id', 'pull_request_id'),

			




	
	
	
		
 
        UniqueConstraint('repo_id', 'revision', 'version'),

			




	
	
	
		
 
        _table_args_default_dict,

			




	
	
	
		
 
    )

			




	
	
	
		
 

			




	
	
	
		
 
    STATUS_NOT_REVIEWED = DEFAULT = 'not_reviewed'

			




	
	
	
		
 
    STATUS_APPROVED = 'approved'

			




	
	
	
		
 
    STATUS_REJECTED = 'rejected' # is shown as "Not approved" - TODO: change database content / scheme

			




	
	
	
		
 
    STATUS_UNDER_REVIEW = 'under_review'

			




	
	
	
		
 

			




	
	
	
		
 
    STATUSES = [

			




	
	
	
		
 
        (STATUS_NOT_REVIEWED, _("Not reviewed")),  # (no icon) and default

			




	
	
	
		
 
        (STATUS_UNDER_REVIEW, _("Under review")),

			




	
	
	
		
 
        (STATUS_REJECTED, _("Not approved")),

			




	
	
	
		
 
        (STATUS_APPROVED, _("Approved")),

			




	
	
	
		
 
    ]

			




	
	
	
		
 
    STATUSES_DICT = dict(STATUSES)

			




	
	
	
		
 

			




	
	
	
		
 
    changeset_status_id = Column(Integer(), primary_key=True)

			




	
	
	
		
 
    repo_id = Column(Integer(), ForeignKey('repositories.repo_id'), nullable=False)

			




	
	
	
		
 
    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

			




	
	
	
		
 
    revision = Column(String(40), nullable=True)

			




	
	
	
		
 
    status = Column(String(128), nullable=False, default=DEFAULT)

			




	
	
	
		
 
    comment_id = Column('changeset_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'), nullable=False)

			




	
	
	
		
 
    modified_at = Column(DateTime(), nullable=False, default=datetime.datetime.now)

			




	
	
	
		
 
    version = Column(Integer(), nullable=False, default=0)

			




	
	
	
		
 
    pull_request_id = Column(Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)

			




	
	
	
		
 

			




	
	
	
		
 
    author = relationship('User')

			




	
	
	
		
 
    repo = relationship('Repository')

			




	
	
	
		
 
    comment = relationship('ChangesetComment')

			




	
	
	
		
 
    pull_request = relationship('PullRequest')

			




	
	
	
		
 

			




	
	
	
		
 
    def __repr__(self):

			




	
	
	
		
 
        return "<%s %r by %r>" % (

			




	
	
	
		
 
            self.__class__.__name__,

			




	
	
	
		
 
            self.status, self.author

			




	
	
	
		
 
        )

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def get_status_lbl(cls, value):

			




	
	
	
		
 
        return cls.STATUSES_DICT.get(value)

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def status_lbl(self):

			




	
	
	
		
 
        return ChangesetStatus.get_status_lbl(self.status)

			




	
	
	
		
 

			




	
	
	
		
 
    def __json__(self):

			




	
	
	
		
 
        return dict(

			




	
	
	
		
 
            status=self.status,

			




	
	
	
		
 
            modified_at=self.modified_at.replace(microsecond=0),

			




	
	
	
		
 
            reviewer=self.author.username,

			




	
	
	
		
 
            )

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class PullRequest(Base, BaseDbModel):

			




	
	
	
		
 
    __tablename__ = 'pull_requests'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
        Index('pr_org_repo_id_idx', 'org_repo_id'),

			




	
	
	
		
 
        Index('pr_other_repo_id_idx', 'other_repo_id'),

			




	
	
	
		
 
        _table_args_default_dict,

			




	
	
	
		
 
    )

			




	
	
	
		
 

			




	
	
	
		
 
    # values for .status

			




	
	
	
		
 
    STATUS_NEW = 'new'

			




	
	
	
		
 
    STATUS_CLOSED = 'closed'

			




	
	
	
		
 

			




	
	
	
		
 
    pull_request_id = Column(Integer(), primary_key=True)

			




	
	
	
		
 
    title = Column(Unicode(255), nullable=False)

			




	
	
	
		
 
    description = Column(UnicodeText(), nullable=False)

			




	
	
	
		
 
    status = Column(Unicode(255), nullable=False, default=STATUS_NEW) # only for closedness, not approve/reject/etc

			




	
	
	
		
 
    created_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

			




	
	
	
		
 
    updated_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

			




	
	
	
		
 
    owner_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)

			




	
	
	
		
 
    _revisions = Column('revisions', UnicodeText(), nullable=False)

			




	
	
	
		
 
    org_repo_id = Column(Integer(), ForeignKey('repositories.repo_id'), nullable=False)

			




	
	
	
		
 
    org_ref = Column(Unicode(255), nullable=False)

			




	
	
	
		
 
    other_repo_id = Column(Integer(), ForeignKey('repositories.repo_id'), nullable=False)

			




	
	
	
		
 
    other_ref = Column(Unicode(255), nullable=False)

			




	
	
	
		
 

			




	
	
	
		
 
    @hybrid_property

			




	
	
	
		
 
    def revisions(self):

			




	
	
	
		
 
        return self._revisions.split(':')

			




	
	
	
		
 

			




	
	
	
		
 
    @revisions.setter

			




	
	
	
		
 
    def revisions(self, val):

			




	
	
	
		
 
        self._revisions = ':'.join(val)

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def org_ref_parts(self):

			




	
	
	
		
 
        return self.org_ref.split(':')

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def other_ref_parts(self):

			




	
	
	
		
 
        return self.other_ref.split(':')

			




	
	
	
		
 

			




	
	
	
		
 
    owner = relationship('User')

			




	
	
	
		
 
    reviewers = relationship('PullRequestReviewer',

			




	
	
	
		
 
                             cascade="all, delete-orphan")

			




	
	
	
		
 
    org_repo = relationship('Repository', primaryjoin='PullRequest.org_repo_id==Repository.repo_id')

			




	
	
	
		
 
    other_repo = relationship('Repository', primaryjoin='PullRequest.other_repo_id==Repository.repo_id')

			




	
	
	
		
 
    statuses = relationship('ChangesetStatus', order_by='ChangesetStatus.changeset_status_id')

			




	
	
	
		
 
    comments = relationship('ChangesetComment', order_by='ChangesetComment.comment_id',

			




	
	
	
		
 
                             cascade="all, delete-orphan")

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def query(cls, reviewer_id=None, include_closed=True, sorted=False):

			




	
	
	
		
 
        """Add PullRequest-specific helpers for common query constructs.

			




	
	
	
		
 

			




	
	
	
		
 
        reviewer_id: only PRs with the specified user added as reviewer.

			




	
	
	
		
 

			




	
	
	
		
 
        include_closed: if False, do not include closed PRs.

			




	
	
	
		
 

			




	
	
	
		
 
        sorted: if True, apply the default ordering (newest first).

			




	
	
	
		
 
        """

			




	
	
	
		
 
        q = super(PullRequest, cls).query()

			




	
	
	
		
 

			




	
	
	
		
 
        if reviewer_id is not None:

			




	
	
	
		
 
            q = q.join(PullRequestReviewer).filter(PullRequestReviewer.user_id == reviewer_id)

			




	
	
	
		
 

			




	
	
	
		
 
        if not include_closed:

			




	
	
	
		
 
            q = q.filter(PullRequest.status != PullRequest.STATUS_CLOSED)

			




	
	
	
		
 

			




	
	
	
		
 
        if sorted:

			




	
	
	
		
 
            q = q.order_by(PullRequest.created_on.desc())

			




	
	
	
		
 

			




	
	
	
		
 
        return q

			




	
	
	
		
 

			




	
	
	
		
 
    def get_reviewer_users(self):

			




	
	
	
		
 
        """Like .reviewers, but actually returning the users"""

			




	
	
	
		
 
        return User.query() \

			




	
	
	
		
 
            .join(PullRequestReviewer) \

			




	
	
	
		
 
            .filter(PullRequestReviewer.pull_request == self) \

			




	
	
	
		
 
            .order_by(PullRequestReviewer.pull_request_reviewers_id) \

			




	
	
	
		
 
            .all()

			




	
	
	
		
 

			




	
	
	
		
 
    def is_closed(self):

			




	
	
	
		
 
        return self.status == self.STATUS_CLOSED

			




	
	
	
		
 

			




	
	
	
		
 
    def user_review_status(self, user_id):

			




	
	
	
		
 
        """Return the user's latest status votes on PR"""

			




	
	
	
		
 
        # note: no filtering on repo - that would be redundant

			




	
	
	
		
 
        status = ChangesetStatus.query() \

			




	
	
	
		
 
            .filter(ChangesetStatus.pull_request == self) \

			




	
	
	
		
 
            .filter(ChangesetStatus.user_id == user_id) \

			




	
	
	
		
 
            .order_by(ChangesetStatus.version) \

			




	
	
	
		
 
            .first()

			




	
	
	
		
 
        return str(status.status) if status else ''

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def make_nice_id(cls, pull_request_id):

			




	
	
	
		
 
        '''Return pull request id nicely formatted for displaying'''

			




	
	
	
		
 
        return '#%s' % pull_request_id

			




	
	
	
		
 

			




	
	
	
		
 
    def nice_id(self):

			




	
	
	
		
 
        '''Return the id of this pull request, nicely formatted for displaying'''

			




	
	
	
		
 
        return self.make_nice_id(self.pull_request_id)

			




	
	
	
		
 

			




	
	
	
		
 
    def get_api_data(self):

			




	
	
	
		
 
        return self.__json__()

			




	
	
	
		
 

			




	
	
	
		
 
    def __json__(self):

			




	
	
	
		
 
        clone_uri_tmpl = kallithea.CONFIG.get('clone_uri_tmpl') or Repository.DEFAULT_CLONE_URI

			




	
	
	
		
 
        return dict(

			




	
	
	
		
 
            pull_request_id=self.pull_request_id,

			




	
	
	
		
 
            url=self.url(),

			




	
	
	
		
 
            reviewers=self.reviewers,

			




	
	
	
		
 
            revisions=self.revisions,

			




	
	
	
		
 
            owner=self.owner.username,

			




	
	
	
		
 
            title=self.title,

			




	
	
	
		
 
            description=self.description,

			




	
	
	
		
 
            org_repo_url=self.org_repo.clone_url(clone_uri_tmpl=clone_uri_tmpl),

			




	
	
	
		
 
            org_ref_parts=self.org_ref_parts,

			




	
	
	
		
 
            other_ref_parts=self.other_ref_parts,

			




	
	
	
		
 
            status=self.status,

			




	
	
	
		
 
            comments=self.comments,

			




	
	
	
		
 
            statuses=self.statuses,

			




	
	
	
		
 
        )

			




	
	
	
		
 

			




	
	
	
		
 
    def url(self, **kwargs):

			




	
	
	
		
 
        canonical = kwargs.pop('canonical', None)

			




	
	
	
		
 
        import kallithea.lib.helpers as h

			




	
	
	
		
 
        b = self.org_ref_parts[1]

			




	
	
	
		
 
        if b != self.other_ref_parts[1]:

			




	
	
	
		
 
            s = '/_/' + b

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            s = '/_/' + self.title

			




	
	
	
		
 
        kwargs['extra'] = urlreadable(s)

			




	
	
	
		
 
        if canonical:

			




	
	
	
		
 
            return h.canonical_url('pullrequest_show', repo_name=self.other_repo.repo_name,

			




	
	
	
		
 
                                   pull_request_id=self.pull_request_id, **kwargs)

			




	
	
	
		
 
        return h.url('pullrequest_show', repo_name=self.other_repo.repo_name,

			




	
	
	
		
 
                     pull_request_id=self.pull_request_id, **kwargs)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class PullRequestReviewer(Base, BaseDbModel):

			




	
	
	
		
 
    __tablename__ = 'pull_request_reviewers'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
        Index('pull_request_reviewers_user_id_idx', 'user_id'),

			




	
	
	
		
 
        _table_args_default_dict,

			




	
	
	
		
 
    )

			




	
	
	
		
 

			




	
	
	
		
 
    def __init__(self, user=None, pull_request=None):

			




	
	
	
		
 
        self.user = user

			




	
	
	
		
 
        self.pull_request = pull_request

			




	
	
	
		
 

			




	
	
	
		
 
    pull_request_reviewers_id = Column('pull_requests_reviewers_id', Integer(), primary_key=True)

			




	
	
	
		
 
    pull_request_id = Column(Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=False)

			




	
	
	
		
 
    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

			




	
	
	
		
 

			




	
	
	
		
 
    user = relationship('User')

			




	
	
	
		
 
    pull_request = relationship('PullRequest')

			




	
	
	
		
 

			




	
	
	
		
 
    def __json__(self):

			




	
	
	
		
 
        return dict(

			




	
	
	
		
 
            username=self.user.username if self.user else None,

			




	
	
	
		
 
        )

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class Notification(object):

			




	
	
	
		
 
    __tablename__ = 'notifications'

			




	
	
	
		
 

			




	
	
	
		
 
class UserNotification(object):

			




	
	
	
		
 
    __tablename__ = 'user_to_notification'

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class Gist(Base, BaseDbModel):

			




	
	
	
		
 
    __tablename__ = 'gists'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
        Index('g_gist_access_id_idx', 'gist_access_id'),

			




	
	
	
		
 
        Index('g_created_on_idx', 'created_on'),

			




	
	
	
		
 
        _table_args_default_dict,

			




	
	
	
		
 
    )

			




	
	
	
		
 

			




	
	
	
		
 
    GIST_PUBLIC = 'public'

			




	
	
	
		
 
    GIST_PRIVATE = 'private'

			




	
	
	
		
 
    DEFAULT_FILENAME = 'gistfile1.txt'

			




	
	
	
		
 

			




	
	
	
		
 
    gist_id = Column(Integer(), primary_key=True)

			




	
	
	
		
 
    gist_access_id = Column(Unicode(250), nullable=False)

			




	
	
	
		
 
    gist_description = Column(UnicodeText(), nullable=False)

			




	
	
	
		
 
    owner_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)

			




	
	
	
		
 
    gist_expires = Column(Float(53), nullable=False)

			




	
	
	
		
 
    gist_type = Column(Unicode(128), nullable=False)

			




	
	
	
		
 
    created_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

			




	
	
	
		
 
    modified_at = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

			




	
	
	
		
 

			




	
	
	
		
 
    owner = relationship('User')

			




	
	
	
		
 

			




	
	
	
		
 
    @hybrid_property

			




	
	
	
		
 
    def is_expired(self):

			




	
	
	
		
 
        return (self.gist_expires != -1) & (time.time() > self.gist_expires)

			




	
	
	
		
 

			




	
	
	
		
 
    def __repr__(self):

			




	
	
	
		
 
        return "<%s %s %s>" % (

			




	
	
	
		
 
            self.__class__.__name__,

			




	
	
	
		
 
            self.gist_type, self.gist_access_id)

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def guess_instance(cls, value):

			




	
	
	
		
 
        return super(Gist, cls).guess_instance(value, Gist.get_by_access_id)

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def get_or_404(cls, id_):

			




	
	
	
		
 
        res = cls.query().filter(cls.gist_access_id == id_).scalar()

			




	
	
	
		
 
        if res is None:

			




	
	
	
		
 
            raise HTTPNotFound

			




	
	
	
		
 
        return res

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def get_by_access_id(cls, gist_access_id):

			




	
	
	
		
 
        return cls.query().filter(cls.gist_access_id == gist_access_id).scalar()

			




	
	
	
		
 

			




	
	
	
		
 
    def gist_url(self):

			




	
	
	
		
 
        alias_url = kallithea.CONFIG.get('gist_alias_url')

			




	
	
	
		
 
        if alias_url:

			




	
	
	
		
 
            return alias_url.replace('{gistid}', self.gist_access_id)

			




	
	
	
		
 

			




	
	
	
		
 
        import kallithea.lib.helpers as h

			




	
	
	
		
 
        return h.canonical_url('gist', gist_id=self.gist_access_id)

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def base_path(cls):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Returns base path where all gists are stored

			




	
	
	
		
 

			




	
	
	
		
 
        :param cls:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        from kallithea.model.gist import GIST_STORE_LOC

			




	
	
	
		
 
        q = Session().query(Ui) \

			




	
	
	
		
 
            .filter(Ui.ui_key == URL_SEP)

			




	
	
	
		
 
        q = q.options(FromCache("sql_cache_short", "repository_repo_path"))

			




	
	
	
		
 
        return os.path.join(q.one().ui_value, GIST_STORE_LOC)

			




	
	
	
		
 

			




	
	
	
		
 
    def get_api_data(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Common function for generating gist related data for API

			




	
	
	
		
 
        """

			




	
	
	
		
 
        gist = self

			




	
	
	
		
 
        data = dict(

			




	
	
	
		
 
            gist_id=gist.gist_id,

			




	
	
	
		
 
            type=gist.gist_type,

			




	
	
	
		
 
            access_id=gist.gist_access_id,

			




	
	
	
		
 
            description=gist.gist_description,

			




	
	
	
		
 
            url=gist.gist_url(),

			




	
	
	
		
 
            expires=gist.gist_expires,

			




	
	
	
		
 
            created_on=gist.created_on,

			




	
	
	
		
 
        )

			




	
	
	
		
 
        return data

			




	
	
	
		
 

			




	
	
	
		
 
    def __json__(self):

			




	
	
	
		
 
        data = dict(

			




	
	
	
		
 
        )

			




	
	
	
		
 
        data.update(self.get_api_data())

			




	
	
	
		
 
        return data

			




	
	
	
		
 
    ## SCM functions

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def scm_instance(self):

			




	
	
	
		
 
        from kallithea.lib.vcs import get_repo

			




	
	
	
		
 
        base_path = self.base_path()

			




	
	
	
		
 
        return get_repo(os.path.join(base_path, self.gist_access_id))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class UserSshKeys(Base, BaseDbModel):

			




	
	
	
		
 
    __tablename__ = 'user_ssh_keys'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
        Index('usk_fingerprint_idx', 'fingerprint'),

			




	
	
	
		
 
        UniqueConstraint('fingerprint'),

			




	
	
	
		
 
        _table_args_default_dict

			




	
	
	
		
 
    )

			




	
	
	
		
 
    __mapper_args__ = {}

			




	
	
	
		
 

			




	
	
	
		
 
    user_ssh_key_id = Column(Integer(), primary_key=True)

			




	
	
	
		
 
    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

			




	
	
	
		
 
    _public_key = Column('public_key', UnicodeText(), nullable=False)

			




	
	
	
		
 
    description = Column(UnicodeText(), nullable=False)

			




	
	
	
		
 
    fingerprint = Column(String(255), nullable=False, unique=True)

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.