if require_ssl and org_proto == 'http':

            log.debug('proto is %s and SSL is required BAD REQUEST !'

                      % org_proto)

            return False

        return True

    def _check_locking_state(self, environ, action, repo, user_id):

        """

        Checks locking on this repository, if locking is enabled and lock is

        present returns a tuple of make_lock, locked, locked_by.

        make_lock can have 3 states None (do nothing) True, make lock

        False release lock, This value is later propagated to hooks, which

        do the locking. Think about this as signals passed to hooks what to do.

        """

        locked = False  # defines that locked error should be thrown to user

        make_lock = None

        repo = Repository.get_by_repo_name(repo)

        user = User.get(user_id)

        # this is kind of hacky, but due to how mercurial handles client-server

        # server see all operation on changeset; bookmarks, phases and

        # obsolescence marker in different transaction, we don't want to check

        # locking on those

        obsolete_call = environ['QUERY_STRING'] in ['cmd=listkeys',]

        locked_by = repo.locked

        if repo and repo.enable_locking and not obsolete_call:

            if action == 'push':

                #check if it's already locked !, if it is compare users

                user_id, _date = repo.locked

                if user.user_id == user_id:

                    log.debug('Got push from user %s, now unlocking' % (user))

                    # unlock if we have push from user who locked

                    make_lock = False

                else:

                    # we're not the same user who locked, ban with 423 !

                    locked = True

            if action == 'pull':

                if repo.locked[0] and repo.locked[1]:

                    locked = True

                else:

                    log.debug('Setting lock on repo %s by %s' % (repo, user))

                    make_lock = True

        else:

            log.debug('Repository %s do not have locking enabled' % (repo))

        log.debug('FINAL locking values make_lock:%s,locked:%s,locked_by:%s'

                  % (make_lock, locked, locked_by))

        return make_lock, locked, locked_by

    def __call__(self, environ, start_response):

        start = time.time()

        try:

            return self._handle_request(environ, start_response)

        finally:

            log = logging.getLogger('kallithea.' + self.__class__.__name__)

            log.debug('Request time: %.3fs' % (time.time() - start))

            meta.Session.remove()

class BaseController(WSGIController):

    def __before__(self):

        """

        __before__ is called before controller methods and after __call__

        """

        c.kallithea_version = __version__

        rc_config = Setting.get_app_settings()

        # Visual options

        c.visual = AttributeDict({})

        ## DB stored

        c.visual.show_public_icon = str2bool(rc_config.get('show_public_icon'))

        c.visual.show_private_icon = str2bool(rc_config.get('show_private_icon'))

        c.visual.stylify_metatags = str2bool(rc_config.get('stylify_metatags'))

        c.visual.dashboard_items = safe_int(rc_config.get('dashboard_items', 100))

        c.visual.admin_grid_items = safe_int(rc_config.get('admin_grid_items', 100))

        c.visual.repository_fields = str2bool(rc_config.get('repository_fields'))

        c.visual.show_version = str2bool(rc_config.get('show_version'))

        c.visual.use_gravatar = str2bool(rc_config.get('use_gravatar'))

        c.visual.gravatar_url = rc_config.get('gravatar_url')

        c.ga_code = rc_config.get('ga_code')

        c.site_name = rc_config.get('title')

        c.clone_uri_tmpl = rc_config.get('clone_uri_tmpl')

        ## INI stored

        c.visual.allow_repo_location_change = str2bool(config.get('allow_repo_location_change', True))

        c.visual.allow_custom_hooks_settings = str2bool(config.get('allow_custom_hooks_settings', True))

        c.instance_id = config.get('instance_id')

        c.issues_url = config.get('bugtracker', url('issues_url'))

        # END CONFIG VARS

        c.repo_name = get_repo_slug(request)  # can be empty

        c.backends = BACKENDS.keys()

        c.unread_notifications = NotificationModel()\

                        .get_unread_cnt_for_user(c.authuser.user_id)

        self.cut_off_limit = safe_int(config.get('cut_off_limit'))

        c.my_pr_count = PullRequestModel().get_pullrequest_cnt_for_user(c.authuser.user_id)

        self.sa = meta.Session

        self.scm_model = ScmModel(self.sa)

    def __call__(self, environ, start_response):

        """Invoke the Controller"""

        # WSGIController.__call__ dispatches to the Controller method

        # the request is routed to. This routing information is

        # available in environ['pylons.routes_dict']

        try:

            self.ip_addr = _get_ip_addr(environ)

            # make sure that we update permissions each time we call controller

            api_key = request.GET.get('api_key')

            if api_key:

                # when using API_KEY we are sure user exists.

                auth_user = AuthUser(api_key=api_key, ip_addr=self.ip_addr)

                authenticated = False

            else:

                cookie_store = CookieStoreWrapper(session.get('authuser'))

                try:

                    auth_user = AuthUser(user_id=cookie_store.get('user_id', None),

                                         ip_addr=self.ip_addr)

                except UserCreationError, e:

                    from kallithea.lib import helpers as h

                    h.flash(e, 'error')

                    # container auth or other auth functions that create users on

                    # the fly can throw this exception signaling that there's issue

                    # with user creation, explanation should be provided in

                    # Exception itself

                    auth_user = AuthUser(ip_addr=self.ip_addr)

                authenticated = cookie_store.get('is_authenticated')

            if not auth_user.is_authenticated and auth_user.user_id is not None:

                # user is not authenticated and not empty

                auth_user.set_authenticated(authenticated)

            request.user = auth_user

            #set globals for auth user

            self.authuser = c.authuser = auth_user

            log.info('IP: %s User: %s accessed %s' % (

               self.ip_addr, auth_user, safe_unicode(_get_access_path(environ)))

            )

            return WSGIController.__call__(self, environ, start_response)

        finally:

            meta.Session.remove()

class BaseRepoController(BaseController):

    """

    Base class for controllers responsible for loading all needed data for

    repository loaded items are

    c.db_repo_scm_instance: instance of scm repository

    c.db_repo: instance of db

    c.repository_followers: number of followers

    c.repository_forks: number of forks

    c.repository_following: weather the current user is following the current repo

    """

    def __before__(self):

        super(BaseRepoController, self).__before__()

        if c.repo_name:  # extracted from routes

            _dbr = Repository.get_by_repo_name(c.repo_name)

            if not _dbr:

                return

            log.debug('Found repository in database %s with state `%s`'

                      % (safe_unicode(_dbr), safe_unicode(_dbr.repo_state)))

            route = getattr(request.environ.get('routes.route'), 'name', '')

            # allow to delete repos that are somehow damages in filesystem

            if route in ['delete_repo']:

                return

            if _dbr.repo_state in [Repository.STATE_PENDING]:

                if route in ['repo_creating_home']:

                    return

                check_url = url('repo_creating_home', repo_name=c.repo_name)

                return redirect(check_url)

            dbr = c.db_repo = _dbr

            c.db_repo_scm_instance = c.db_repo.scm_instance

            if c.db_repo_scm_instance is None:

                log.error('%s this repository is present in database but it '

                          'cannot be created as an scm instance', c.repo_name)

                redirect(url('home'))

            # some globals counter for menu

            c.repository_followers = self.scm_model.get_followers(dbr)

            c.repository_forks = self.scm_model.get_forks(dbr)

            c.repository_pull_requests = self.scm_model.get_pull_requests(dbr)

            c.repository_following = self.scm_model.is_following_repo(

                                    c.repo_name, self.authuser.user_id)

        q = Session().query(Ui).filter(Ui.ui_key ==

                                              Repository.url_sep())

        q = q.options(FromCache("sql_cache_short", "repository_repo_path"))

        return q.one().ui_value

    @property

    def repo_full_path(self):

        p = [self.repo_path]

        # we need to split the name by / since this is how we store the

        # names in the database, but that eventually needs to be converted

        # into a valid system path

        p += self.repo_name.split(Repository.url_sep())

        return os.path.join(*map(safe_unicode, p))

    @property

    def cache_keys(self):

        """

        Returns associated cache keys for that repo

        """

        return CacheInvalidation.query()\

            .filter(CacheInvalidation.cache_args == self.repo_name)\

            .order_by(CacheInvalidation.cache_key)\

            .all()

    def get_new_name(self, repo_name):

        """

        returns new full repository name based on assigned group and new new

        :param group_name:

        """

        path_prefix = self.group.full_path_splitted if self.group else []

        return Repository.url_sep().join(path_prefix + [repo_name])

    @property

    def _ui(self):

        """

        Creates an db based ui object for this repository

        """

        from kallithea.lib.utils import make_ui

        return make_ui('db', clear_session=False)

    @classmethod

    def is_valid(cls, repo_name):

        """

        returns True if given repo name is a valid filesystem repository

        :param cls:

        :param repo_name:

        """

        from kallithea.lib.utils import is_valid_repo

        return is_valid_repo(repo_name, cls.base_path())

    def get_api_data(self):

        """

        Common function for generating repo api data

        """

        repo = self

        data = dict(

            repo_id=repo.repo_id,

            repo_name=repo.repo_name,

            repo_type=repo.repo_type,

            clone_uri=repo.clone_uri,

            private=repo.private,

            created_on=repo.created_on,

            description=repo.description,

            landing_rev=repo.landing_rev,

            owner=repo.user.username,

            fork_of=repo.fork.repo_name if repo.fork else None,

            enable_statistics=repo.enable_statistics,

            enable_locking=repo.enable_locking,

            enable_downloads=repo.enable_downloads,

            last_changeset=repo.changeset_cache,

            locked_by=User.get(self.locked[0]).get_api_data() \

                if self.locked[0] else None,

            locked_date=time_to_datetime(self.locked[1]) \

                if self.locked[1] else None

        )

        rc_config = Setting.get_app_settings()

        repository_fields = str2bool(rc_config.get('repository_fields'))

        if repository_fields:

            for f in self.extra_fields:

                data[f.field_key_prefixed] = f.field_value

        return data

    @classmethod

    def lock(cls, repo, user_id, lock_time=None):

        if not lock_time:

            lock_time = time.time()

        repo.locked = [user_id, lock_time]

        Session().add(repo)

        Session().commit()

    @classmethod

    def unlock(cls, repo):

        repo.locked = None

        Session().add(repo)

        Session().commit()

    @classmethod

    def getlock(cls, repo):

        return repo.locked

    @property

    def last_db_change(self):

        return self.updated_on

    @property

    def clone_uri_hidden(self):

        clone_uri = self.clone_uri

        if clone_uri:

            import urlobject

            url_obj = urlobject.URLObject(self.clone_uri)

            if url_obj.password:

                clone_uri = url_obj.with_password('*****')

        return clone_uri

    def clone_url(self, **override):

        from pylons import url

        qualified_home_url = url('home', qualified=True)

        uri_tmpl = None

        if 'with_id' in override:

            uri_tmpl = self.DEFAULT_CLONE_URI_ID

            del override['with_id']

        if 'uri_tmpl' in override:

            uri_tmpl = override['uri_tmpl']

            del override['uri_tmpl']

        # we didn't override our tmpl from **overrides

        if not uri_tmpl:

            uri_tmpl = self.DEFAULT_CLONE_URI

            try:

                from pylons import tmpl_context as c

                uri_tmpl = c.clone_uri_tmpl

            except Exception:

                # in any case if we call this outside of request context,

                # ie, not having tmpl_context set up

                pass

        return get_clone_url(uri_tmpl=uri_tmpl,

                             qualifed_home_url=qualified_home_url,

                             repo_name=self.repo_name,

                             repo_id=self.repo_id, **override)

    def set_state(self, state):

        self.repo_state = state

        Session().add(self)

    #==========================================================================

    # SCM PROPERTIES

    #==========================================================================

    def get_changeset(self, rev=None):

        return get_changeset_safe(self.scm_instance, rev)

    def get_landing_changeset(self):

        """

        Returns landing changeset, or if that doesn't exist returns the tip

        """

        _rev_type, _rev = self.landing_rev

        cs = self.get_changeset(_rev)

        if isinstance(cs, EmptyChangeset):

            return self.get_changeset()

        return cs

    def update_changeset_cache(self, cs_cache=None):

        """

        Update cache of last changeset for repository, keys should be::

            short_id

            raw_id

            revision

            message

            date

            author

        :param cs_cache:

        """

        from kallithea.lib.vcs.backends.base import BaseChangeset

        if cs_cache is None:

            cs_cache = EmptyChangeset()

            # use no-cache version here

            scm_repo = self.scm_instance_no_cache()

            if scm_repo:

                cs_cache = scm_repo.get_changeset()

        if isinstance(cs_cache, BaseChangeset):

            cs_cache = cs_cache.__json__()

            _default = datetime.datetime.fromtimestamp(0)

            last_change = cs_cache.get('date') or _default

            log.debug('updated repo %s with new cs cache %s'

                      % (self.repo_name, cs_cache))

            self.updated_on = last_change

            self.changeset_cache = cs_cache

            Session().add(self)

            Session().commit()

        else:

    @property

    def tip(self):

        return self.get_changeset('tip')

    @property

    def author(self):

        return self.tip.author

    @property

    def last_change(self):

        return self.scm_instance.last_change

    def get_comments(self, revisions=None):

        """

        Returns comments for this repository grouped by revisions

        :param revisions: filter query by revisions only

        """

        cmts = ChangesetComment.query()\

            .filter(ChangesetComment.repo == self)

        if revisions:

            cmts = cmts.filter(ChangesetComment.revision.in_(revisions))

        grouped = collections.defaultdict(list)

        for cmt in cmts.all():

            grouped[cmt.revision].append(cmt)

        return grouped

    def statuses(self, revisions):

        """

        Returns statuses for this repository

        :param revisions: list of revisions to get statuses for

        """

        if not revisions:

            return {}

        statuses = ChangesetStatus.query()\

            .filter(ChangesetStatus.repo == self)\

            .filter(ChangesetStatus.version == 0)\

            .filter(ChangesetStatus.revision.in_(revisions))

        grouped = {}

        #maybe we have open new pullrequest without a status ?

        stat = ChangesetStatus.STATUS_UNDER_REVIEW

        status_lbl = ChangesetStatus.get_status_lbl(stat)

        for pr in PullRequest.query().filter(PullRequest.org_repo == self).all():

            for rev in pr.revisions:

                pr_id = pr.pull_request_id

                pr_repo = pr.other_repo.repo_name

                grouped[rev] = [stat, status_lbl, pr_id, pr_repo]

        for stat in statuses.all():

            pr_id = pr_repo = None

            if stat.pull_request:

                pr_id = stat.pull_request.pull_request_id

                pr_repo = stat.pull_request.other_repo.repo_name

            grouped[stat.revision] = [str(stat.status), stat.status_lbl,

                                      pr_id, pr_repo]

        return grouped

    def _repo_size(self):

        from kallithea.lib import helpers as h

        log.debug('calculating repository size...')

        return h.format_byte_size(self.scm_instance.size)

    #==========================================================================

    # SCM CACHE INSTANCE

    #==========================================================================

    def set_invalidate(self):

        """

        Mark caches of this repo as invalid.

        """

        CacheInvalidation.set_invalidate(self.repo_name)

    def scm_instance_no_cache(self):

        return self.__get_instance()

    @property

    def scm_instance(self):

        import kallithea

        full_cache = str2bool(kallithea.CONFIG.get('vcs_full_cache'))

        if full_cache:

            return self.scm_instance_cached()

        return self.__get_instance()

    def scm_instance_cached(self, valid_cache_keys=None):

        @cache_region('long_term')

        def _c(repo_name):

            return self.__get_instance()

        rn = self.repo_name

        valid = CacheInvalidation.test_and_set_valid(rn, None, valid_cache_keys=valid_cache_keys)

        if not valid:

            log.debug('Cache for %s invalidated, getting new object' % (rn))

            region_invalidate(_c, None, rn)

        else:

            log.debug('Getting scm_instance of %s from cache' % (rn))

        return _c(rn)

    def __get_instance(self):

        repo_full_path = self.repo_full_path

        try:

            alias = get_scm(repo_full_path)[0]

            log.debug('Creating instance of %s repository from %s'

                      % (alias, repo_full_path))

            backend = get_backend(alias)

        except VCSError:

            log.error(traceback.format_exc())

            log.error('Perhaps this repository is in db and not in '

                      'filesystem run rescan repositories with '

                      '"destroy old data " option from admin panel')

            return

        if alias == 'hg':

            repo = backend(safe_str(repo_full_path), create=False,

                           baseui=self._ui)

            # skip hidden web repository

            if repo._get_hidden():

                return

        else:

            repo = backend(repo_full_path, create=False)

        return repo

    def __json__(self):

        return dict(landing_rev = self.landing_rev)

class RepoGroup(Base, BaseModel):

    __tablename__ = 'groups'

    __table_args__ = (

        UniqueConstraint('group_name', 'group_parent_id'),

        CheckConstraint('group_id != group_parent_id'),

        {'extend_existing': True, 'mysql_engine': 'InnoDB',

         'mysql_charset': 'utf8', 'sqlite_autoincrement': True},

    )

    __mapper_args__ = {'order_by': 'group_name'}

    SEP = ' » '

    group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    group_name = Column("group_name", String(255, convert_unicode=False), nullable=False, unique=True, default=None)

    group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)

    group_description = Column("group_description", String(10000, convert_unicode=False), nullable=True, unique=None, default=None)

    enable_locking = Column("enable_locking", Boolean(), nullable=False, unique=None, default=False)

    user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)

    created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')

    users_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')

    parent_group = relationship('RepoGroup', remote_side=group_id)

    user = relationship('User')

    def __init__(self, group_name='', parent_group=None):

        self.group_name = group_name

        self.parent_group = parent_group

    def __unicode__(self):

        return u"<%s('id:%s:%s')>" % (self.__class__.__name__, self.group_id,

                                      self.group_name)

    @classmethod

    def _generate_choice(cls, repo_group):

        from webhelpers.html import literal as _literal

        _name = lambda k: _literal(cls.SEP.join(k))

        return repo_group.group_id, _name(repo_group.full_path_splitted)

    @classmethod

    def groups_choices(cls, groups=None, show_empty_group=True):

        if not groups:

            groups = cls.query().all()

        repo_groups = []

        if show_empty_group:

            repo_groups = [('-1', u'-- %s --' % _('top level'))]

        repo_groups.extend([cls._generate_choice(x) for x in groups])

        repo_groups = sorted(repo_groups, key=lambda t: t[1].split(cls.SEP)[0])

        return repo_groups

    @classmethod

    def url_sep(cls):

        return URL_SEP

    @classmethod

    def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):

        if case_insensitive:

            gr = cls.query()\

                .filter(cls.group_name.ilike(group_name))