@classmethod

    def get(cls, user_group_id):

        user_group = cls.query()

        return user_group.get(user_group_id)

    def get_api_data(self, with_members=True):

        user_group = self

        data = dict(

            users_group_id=user_group.users_group_id,

            group_name=user_group.users_group_name,

            group_description=user_group.user_group_description,

            active=user_group.users_group_active,

            owner=user_group.owner.username,

        )

        if with_members:

            data['members'] = [

                ugm.user.get_api_data()

                for ugm in user_group.members

            ]

        return data

class UserGroupMember(meta.Base, BaseDbModel):

    __tablename__ = 'users_groups_members'

    __table_args__ = (

        _table_args_default_dict,

    )

    users_group_member_id = Column(Integer(), primary_key=True)

    users_group_id = Column(Integer(), ForeignKey('users_groups.users_group_id'), nullable=False)

    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

    user = relationship('User')

    users_group = relationship('UserGroup')

    def __init__(self, gr_id='', u_id=''):

        self.users_group_id = gr_id

        self.user_id = u_id

class RepositoryField(meta.Base, BaseDbModel):

    __tablename__ = 'repositories_fields'

    __table_args__ = (

        UniqueConstraint('repository_id', 'field_key'),  # no-multi field

        _table_args_default_dict,

    )

    PREFIX = 'ex_'  # prefix used in form to not conflict with already existing fields

    repo_field_id = Column(Integer(), primary_key=True)

    repository_id = Column(Integer(), ForeignKey('repositories.repo_id'), nullable=False)

    field_key = Column(String(250), nullable=False)

    field_label = Column(String(1024), nullable=False)

    field_value = Column(String(10000), nullable=False)

    field_desc = Column(String(1024), nullable=False)

    field_type = Column(String(255), nullable=False)

    created_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    repository = relationship('Repository')

    @property

    def field_key_prefixed(self):

        return 'ex_%s' % self.field_key

    @classmethod

    def un_prefix_key(cls, key):

        if key.startswith(cls.PREFIX):

            return key[len(cls.PREFIX):]

        return key

    @classmethod

    def get_by_key_name(cls, key, repo):

        row = cls.query() \

                .filter(cls.repository == repo) \

                .filter(cls.field_key == key).scalar()

        return row

class Repository(meta.Base, BaseDbModel):

    __tablename__ = 'repositories'

    __table_args__ = (

        Index('r_repo_name_idx', 'repo_name'),

        _table_args_default_dict,

    )

    DEFAULT_CLONE_URI = '{scheme}://{user}@{netloc}/{repo}'

    DEFAULT_CLONE_SSH = 'ssh://{system_user}@{hostname}/{repo}'

    STATE_CREATED = 'repo_state_created'

    STATE_PENDING = 'repo_state_pending'

    STATE_ERROR = 'repo_state_error'

    repo_id = Column(Integer(), primary_key=True)

    repo_state = Column(String(255), nullable=False)

    clone_uri = Column(String(255), nullable=True) # FIXME: not nullable?

    repo_type = Column(String(255), nullable=False) # 'hg' or 'git'

    owner_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)

    private = Column(Boolean(), nullable=False)

    enable_statistics = Column("statistics", Boolean(), nullable=False, default=True)

    enable_downloads = Column("downloads", Boolean(), nullable=False, default=True)

    description = Column(Unicode(10000), nullable=False)

    created_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    updated_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    _landing_revision = Column("landing_revision", String(255), nullable=False)

    _changeset_cache = Column("changeset_cache", LargeBinary(), nullable=True) # JSON data # FIXME: not nullable?

    fork_id = Column(Integer(), ForeignKey('repositories.repo_id'), nullable=True)

    group_id = Column(Integer(), ForeignKey('groups.group_id'), nullable=True)

    owner = relationship('User')

    fork = relationship('Repository', remote_side=repo_id)

    group = relationship('RepoGroup')

    repo_to_perm = relationship('UserRepoToPerm', cascade='all', order_by='UserRepoToPerm.repo_to_perm_id')

    users_group_to_perm = relationship('UserGroupRepoToPerm', cascade='all')

    stats = relationship('Statistics', cascade='all', uselist=False)

    followers = relationship('UserFollowing',

                             primaryjoin='UserFollowing.follows_repository_id==Repository.repo_id',

                             cascade='all')

    extra_fields = relationship('RepositoryField',

                                cascade="all, delete-orphan")

    logs = relationship('UserLog')

    comments = relationship('ChangesetComment', cascade="all, delete-orphan")

    pull_requests_org = relationship('PullRequest',

                    primaryjoin='PullRequest.org_repo_id==Repository.repo_id',

                    cascade="all, delete-orphan")

    pull_requests_other = relationship('PullRequest',

                    primaryjoin='PullRequest.other_repo_id==Repository.repo_id',

                    cascade="all, delete-orphan")

    def __repr__(self):

        return "<%s %s: %r>" % (self.__class__.__name__,

                                  self.repo_id, self.repo_name)

    @hybrid_property

    def landing_rev(self):

        # always should return [rev_type, rev]

        if self._landing_revision:

            _rev_info = self._landing_revision.split(':')

            if len(_rev_info) < 2:

                _rev_info.insert(0, 'rev')

            return [_rev_info[0], _rev_info[1]]

        return [None, None]

    @landing_rev.setter

    def landing_rev(self, val):

        if ':' not in val:

            raise ValueError('value must be delimited with `:` and consist '

                             'of <rev_type>:<rev>, got %s instead' % val)

        self._landing_revision = val

    @hybrid_property

    def changeset_cache(self):

        try:

            cs_cache = ext_json.loads(self._changeset_cache) # might raise on bad data

            cs_cache['raw_id'] # verify data, raise exception on error

            return cs_cache

        except (TypeError, KeyError, ValueError):

            return EmptyChangeset().__json__()

    @changeset_cache.setter

    def changeset_cache(self, val):

        try:

            self._changeset_cache = ascii_bytes(ext_json.dumps(val))

        except Exception:

            log.error(traceback.format_exc())

    @classmethod

    def query(cls, sorted=False):

        """Add Repository-specific helpers for common query constructs.

        sorted: if True, apply the default ordering (name, case insensitive).

        """

        q = super(Repository, cls).query()

        if sorted:

            q = q.order_by(sqlalchemy.func.lower(Repository.repo_name))

        return q

    @classmethod

    def normalize_repo_name(cls, repo_name):

        """

        Normalizes os specific repo_name to the format internally stored inside

        database using URL_SEP

    def last_change(self):

        return self.scm_instance.last_change

    def get_comments(self, revisions=None):

        """

        Returns comments for this repository grouped by revisions

        :param revisions: filter query by revisions only

        """

        cmts = ChangesetComment.query() \

            .filter(ChangesetComment.repo == self)

        if revisions is not None:

            if not revisions:

                return {} # don't use sql 'in' on empty set

            cmts = cmts.filter(ChangesetComment.revision.in_(revisions))

        grouped = collections.defaultdict(list)

        for cmt in cmts.all():

            grouped[cmt.revision].append(cmt)

        return grouped

    def statuses(self, revisions):

        """

        Returns statuses for this repository.

        PRs without any votes do _not_ show up as unreviewed.

        :param revisions: list of revisions to get statuses for

        """

        if not revisions:

            return {}

        statuses = ChangesetStatus.query() \

            .filter(ChangesetStatus.repo == self) \

            .filter(ChangesetStatus.version == 0) \

            .filter(ChangesetStatus.revision.in_(revisions))

        grouped = {}

        for stat in statuses.all():

            pr_id = pr_nice_id = pr_repo = None

            if stat.pull_request:

                pr_id = stat.pull_request.pull_request_id

                pr_nice_id = PullRequest.make_nice_id(pr_id)

                pr_repo = stat.pull_request.other_repo.repo_name

            grouped[stat.revision] = [str(stat.status), stat.status_lbl,

                                      pr_id, pr_repo, pr_nice_id,

                                      stat.author]

        return grouped

    def _repo_size(self):

        log.debug('calculating repository size...')

        return webutils.format_byte_size(self.scm_instance.size)

    #==========================================================================

    # SCM CACHE INSTANCE

    #==========================================================================

    def set_invalidate(self):

        """

        Flush SA session caches of instances of on disk repo.

        """

        try:

            del self._scm_instance

        except AttributeError:

            pass

    _scm_instance = None  # caching inside lifetime of SA session

    @property

    def scm_instance(self):

        if self._scm_instance is None:

            return self.scm_instance_no_cache()  # will populate self._scm_instance

        return self._scm_instance

    def scm_instance_no_cache(self):

        repo_full_path = self.repo_full_path

        log.debug('Creating instance of repository at %s', repo_full_path)

        from kallithea.lib.utils import make_ui

        self._scm_instance = get_repo(repo_full_path, baseui=make_ui(repo_full_path))

        return self._scm_instance

    def __json__(self):

        return dict(

            repo_id=self.repo_id,

            repo_name=self.repo_name,

            landing_rev=self.landing_rev,

        )

class RepoGroup(meta.Base, BaseDbModel):

    __tablename__ = 'groups'

    __table_args__ = (

        _table_args_default_dict,

    )

    SEP = ' » '

    group_id = Column(Integer(), primary_key=True)

    parent_group_id = Column('group_parent_id', Integer(), ForeignKey('groups.group_id'), nullable=True)

    group_description = Column(Unicode(10000), nullable=False)

    owner_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)

    created_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')

    users_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')

    parent_group = relationship('RepoGroup', remote_side=group_id)

    owner = relationship('User')

    @classmethod

    def query(cls, sorted=False):

        """Add RepoGroup-specific helpers for common query constructs.

        sorted: if True, apply the default ordering (name, case insensitive).

        """

        q = super(RepoGroup, cls).query()

        if sorted:

            q = q.order_by(sqlalchemy.func.lower(RepoGroup.group_name))

        return q

    def __init__(self, group_name='', parent_group=None):

        self.group_name = group_name

        self.parent_group = parent_group

    def __repr__(self):

        return "<%s %s: %s>" % (self.__class__.__name__,

                                self.group_id, self.group_name)

    @classmethod

    def _generate_choice(cls, repo_group):

        """Return tuple with group_id and name as html literal"""

        if repo_group is None:

            return (-1, '-- %s --' % _('top level'))

        return repo_group.group_id, webutils.literal(cls.SEP.join(webutils.html_escape(x) for x in repo_group.full_path_splitted))

    @classmethod

    def groups_choices(cls, groups):

        """Return tuples with group_id and name as html literal."""

        return sorted((cls._generate_choice(g) for g in groups),

                      key=lambda c: c[1].split(cls.SEP))

    @classmethod

    def guess_instance(cls, value):

        return super(RepoGroup, cls).guess_instance(value, RepoGroup.get_by_group_name)

    @classmethod

    def get_by_group_name(cls, group_name, case_insensitive=False):

        group_name = group_name.rstrip('/')

        if case_insensitive:

            gr = cls.query() \

                .filter(sqlalchemy.func.lower(cls.group_name) == sqlalchemy.func.lower(group_name))

        else:

            gr = cls.query() \

                .filter(cls.group_name == group_name)

        return gr.scalar()

    @property

    def parents(self):

        groups = []

        group = self.parent_group

        while group is not None:

            groups.append(group)

            group = group.parent_group

            assert group not in groups, group # avoid recursion on bad db content

        groups.reverse()

        return groups

    @property

    def children(self):

        return RepoGroup.query().filter(RepoGroup.parent_group == self)

    @property

    def name(self):

        return self.group_name.split(kallithea.URL_SEP)[-1]

    @property

    def full_path(self):

        return self.group_name

    @property

    def full_path_splitted(self):

        return self.group_name.split(kallithea.URL_SEP)

    @property

    def repositories(self):

        return Repository.query(sorted=True).filter_by(group=self)

    @property

    def repositories_recursive_count(self):

        cnt = self.repositories.count()

        def children_count(group):

            cnt = 0

            log.error(traceback.format_exc())

            raise

    def _update_permissions(self, repo_group, perms_new=None,

                            perms_updates=None, recursive=None,

                            check_perms=True):

        from kallithea.lib.auth import HasUserGroupPermissionLevel

        if not perms_new:

            perms_new = []

        if not perms_updates:

            perms_updates = []

        def _set_perm_user(obj, user, perm):

            if isinstance(obj, db.RepoGroup):

                self.grant_user_permission(repo_group=obj, user=user, perm=perm)

            elif isinstance(obj, db.Repository):

                user = db.User.guess_instance(user)

                # private repos will not allow to change the default permissions

                # using recursive mode

                if obj.private and user.is_default_user:

                    return

                # we set group permission but we have to switch to repo

                # permission

                perm = perm.replace('group.', 'repository.')

                repo.RepoModel().grant_user_permission(

                    repo=obj, user=user, perm=perm

                )

        def _set_perm_group(obj, users_group, perm):

            if isinstance(obj, db.RepoGroup):

                self.grant_user_group_permission(repo_group=obj,

                                                  group_name=users_group,

                                                  perm=perm)

            elif isinstance(obj, db.Repository):

                # we set group permission but we have to switch to repo

                # permission

                perm = perm.replace('group.', 'repository.')

                repo.RepoModel().grant_user_group_permission(

                    repo=obj, group_name=users_group, perm=perm

                )

        # start updates

        updates = []

        log.debug('Now updating permissions for %s in recursive mode:%s',

                  repo_group, recursive)

        for obj in repo_group.recursive_groups_and_repos():

            # iterated obj is an instance of a repos group or repository in

            # that group, recursive option can be: none, repos, groups, all

            if recursive == 'all':

                pass

            elif recursive == 'repos':

                # skip groups, other than this one

                if isinstance(obj, db.RepoGroup) and not obj == repo_group:

                    continue

            elif recursive == 'groups':

                # skip repos

                if isinstance(obj, db.Repository):

                    continue

            else:  # recursive == 'none': # DEFAULT don't apply to iterated objects

                obj = repo_group

                # also we do a break at the end of this loop.

            # update permissions

            for member, perm, member_type in perms_updates:

                ## set for user

                if member_type == 'user':

                    # this updates also current one if found

                    _set_perm_user(obj, user=member, perm=perm)

                ## set for user group

                else:

                    # check if we have permissions to alter this usergroup's access

                    if not check_perms or HasUserGroupPermissionLevel('read')(member):

                        _set_perm_group(obj, users_group=member, perm=perm)

            # set new permissions

            for member, perm, member_type in perms_new:

                if member_type == 'user':

                    _set_perm_user(obj, user=member, perm=perm)

                else:

                    # check if we have permissions to alter this usergroup's access

                    if not check_perms or HasUserGroupPermissionLevel('read')(member):

                        _set_perm_group(obj, users_group=member, perm=perm)

            updates.append(obj)

            # if it's not recursive call for all,repos,groups

            # break the loop and don't proceed with other changes

            if recursive not in ['all', 'repos', 'groups']:

                break

        return updates

    def update(self, repo_group, repo_group_args):

        try:

            repo_group = db.RepoGroup.guess_instance(repo_group)

            if 'owner' in repo_group_args:

                repo_group.owner = db.User.get_by_username(repo_group_args['owner'])

            if 'group_description' in repo_group_args:

                repo_group.group_description = repo_group_args['group_description']

            if 'parent_group_id' in repo_group_args:

                assert repo_group_args['parent_group_id'] != '-1', repo_group_args  # RepoGroupForm should have converted to None

                repo_group.parent_group = db.RepoGroup.get(repo_group_args['parent_group_id'])

                repo_group.group_name = repo_group.get_new_name(repo_group.name)

            if 'group_name' in repo_group_args:

                group_name = repo_group_args['group_name']

                if kallithea.lib.utils2.repo_name_slug(group_name) != group_name:

                    raise Exception('invalid repo group name %s' % group_name)

                repo_group.group_name = repo_group.get_new_name(group_name)

            new_path = repo_group.full_path

            meta.Session().add(repo_group)

            for obj in repo_group.recursive_groups_and_repos():

                if isinstance(obj, db.RepoGroup):

                    new_name = obj.get_new_name(obj.name)

                    log.debug('Fixing group %s to new name %s'

                                % (obj.group_name, new_name))

                    obj.group_name = new_name

                elif isinstance(obj, db.Repository):

                    new_name = obj.get_new_name(obj.just_name)

                    log.debug('Fixing repo %s to new name %s'

                                % (obj.repo_name, new_name))

                    obj.repo_name = new_name

            self._rename_group(old_path, new_path)

            return repo_group

        except Exception:

            log.error(traceback.format_exc())

            raise

    def delete(self, repo_group, force_delete=False):

        repo_group = db.RepoGroup.guess_instance(repo_group)

        try:

            meta.Session().delete(repo_group)

            self._delete_group(repo_group, force_delete)

        except Exception:

            log.error('Error removing repo_group %s', repo_group)

            raise

    def add_permission(self, repo_group, obj, obj_type, perm, recursive):

        repo_group = db.RepoGroup.guess_instance(repo_group)

        perm = db.Permission.guess_instance(perm)

        for el in repo_group.recursive_groups_and_repos():

            # iterated obj is an instance of a repos group or repository in

            # that group, recursive option can be: none, repos, groups, all

            if recursive == 'all':

                pass

            elif recursive == 'repos':

                # skip groups, other than this one

                if isinstance(el, db.RepoGroup) and not el == repo_group:

                    continue

            elif recursive == 'groups':

                # skip repos

                if isinstance(el, db.Repository):

                    continue

            else:  # recursive == 'none': # DEFAULT don't apply to iterated objects

                el = repo_group

                # also we do a break at the end of this loop.

            if isinstance(el, db.RepoGroup):

                if obj_type == 'user':

                    RepoGroupModel().grant_user_permission(el, user=obj, perm=perm)

                elif obj_type == 'user_group':

                    RepoGroupModel().grant_user_group_permission(el, group_name=obj, perm=perm)

                else:

                    raise Exception('undefined object type %s' % obj_type)

            elif isinstance(el, db.Repository):

                # for repos we need to hotfix the name of permission

                _perm = perm.permission_name.replace('group.', 'repository.')

                if obj_type == 'user':

                    repo.RepoModel().grant_user_permission(el, user=obj, perm=_perm)

                elif obj_type == 'user_group':

                    repo.RepoModel().grant_user_group_permission(el, group_name=obj, perm=_perm)

                else:

                    raise Exception('undefined object type %s' % obj_type)

            else:

                raise Exception('el should be instance of Repository or '

                                'RepositoryGroup got %s instead' % type(el))

            # if it's not recursive call for all,repos,groups

            # break the loop and don't proceed with other changes

            if recursive not in ['all', 'repos', 'groups']:

                break

    def delete_permission(self, repo_group, obj, obj_type, recursive):

        """

        Revokes permission for repo_group for given obj(user or users_group),

        obj_type can be user or user group

        :param repo_group:

        :param obj: user or user group id

        :param obj_type: user or user group type

        :param recursive: recurse to all children of group

        """

        repo_group = db.RepoGroup.guess_instance(repo_group)

        for el in repo_group.recursive_groups_and_repos():

            # iterated obj is an instance of a repos group or repository in

            # that group, recursive option can be: none, repos, groups, all

            if recursive == 'all':

                pass

            elif recursive == 'repos':

                # skip groups, other than this one

                if isinstance(el, db.RepoGroup) and not el == repo_group:

                    continue

            elif recursive == 'groups':

                # skip repos

                if isinstance(el, db.Repository):

                    continue

            else:  # recursive == 'none': # DEFAULT don't apply to iterated objects

                el = repo_group

                # also we do a break at the end of this loop.

            if isinstance(el, db.RepoGroup):

                if obj_type == 'user':

                    RepoGroupModel().revoke_user_permission(el, user=obj)

                elif obj_type == 'user_group':

                    RepoGroupModel().revoke_user_group_permission(el, group_name=obj)