@LazyProperty

    def repos_path(self):

        """

        Get's the repositories root path from database

        """

        q = self.sa.query(RhodeCodeUi).filter(RhodeCodeUi.ui_key == '/').one()

        return q.ui_value

    def get(self, repo_id, cache=False):

        repo = self.sa.query(Repository)\

            .filter(Repository.repo_id == repo_id)

        if cache:

            repo = repo.options(FromCache("sql_cache_short",

                                          "get_repo_%s" % repo_id))

        return repo.scalar()

    def get_repo(self, repository):

        return self._get_repo(repository)

    def get_by_repo_name(self, repo_name, cache=False):

        repo = self.sa.query(Repository)\

            .filter(Repository.repo_name == repo_name)

        if cache:

            repo = repo.options(FromCache("sql_cache_short",

                                          "get_repo_%s" % repo_name))

        return repo.scalar()

    def get_all_user_repos(self, user):

        """

        Get's all repositories that user have at least read access

        :param user:

        :type user:

        """

        from rhodecode.lib.auth import AuthUser

        user = self._get_user(user)

        repos = AuthUser(user_id=user.user_id).permissions['repositories']

        access_check = lambda r: r[1] in ['repository.read',

                                          'repository.write',

                                          'repository.admin']

        repos = [x[0] for x in filter(access_check, repos.items())]

        return Repository.query().filter(Repository.repo_name.in_(repos))

    def get_users_js(self):

        users = self.sa.query(User).filter(User.active == True).all()

        return json.dumps([

            {

             'id': u.user_id,

             'fname': u.name,

             'lname': u.lastname,

             'nname': u.username,

             'gravatar_lnk': h.gravatar_url(u.email, 14)

            } for u in users]

        )

    def get_users_groups_js(self):

        users_groups = self.sa.query(UserGroup)\

            .filter(UserGroup.users_group_active == True).all()

        users_groups = UserGroupList(users_groups, perm_set=['usergroup.read',

                                                             'usergroup.write',

                                                             'usergroup.admin'])

        return json.dumps([

            {

             'id': gr.users_group_id,

             'grname': gr.users_group_name,

             'grmembers': len(gr.members),

            } for gr in users_groups]

        )

    @classmethod

    def _render_datatable(cls, tmpl, *args, **kwargs):

        import rhodecode

        from pylons import tmpl_context as c

        from pylons.i18n.translation import _

        _tmpl_lookup = rhodecode.CONFIG['pylons.app_globals'].mako_lookup

        template = _tmpl_lookup.get_template('data_table/_dt_elements.html')

        tmpl = template.get_def(tmpl)

        kwargs.update(dict(_=_, h=h, c=c))

        return tmpl.render(*args, **kwargs)

    @classmethod

    def update_repoinfo(cls, repositories=None):

        if not repositories:

            repositories = Repository.getAll()

        for repo in repositories:

            repo.update_changeset_cache()

    def get_repos_as_dict(self, repos_list=None, admin=False, perm_check=True,

                          super_user_actions=False):

        _render = self._render_datatable

        def quick_menu(repo_name):

            return _render('quick_menu', repo_name)

        def repo_lnk(name, rtype, private, fork_of):

            return _render('repo_name', name, rtype, private, fork_of,

                           short_name=not admin, admin=False)

        def last_change(last_change):

            return _render("last_change", last_change)

        def rss_lnk(repo_name):

            return _render("rss", repo_name)

        def atom_lnk(repo_name):

            return _render("atom", repo_name)

        def last_rev(repo_name, cs_cache):

            return _render('revision', repo_name, cs_cache.get('revision'),

                           cs_cache.get('raw_id'), cs_cache.get('author'),

                           cs_cache.get('message'))

        def desc(desc):

            if c.visual.stylify_metatags:

                return h.urlify_text(h.desc_stylize(h.truncate(desc, 60)))

            else:

                return h.urlify_text(h.truncate(desc, 60))

        def repo_actions(repo_name):

            return _render('repo_actions', repo_name, super_user_actions)

        def owner_actions(user_id, username):

            return _render('user_name', user_id, username)

        repos_data = []

        for repo in repos_list:

            if perm_check:

                # check permission at this level

                if not HasRepoPermissionAny(

                    'repository.read', 'repository.write', 'repository.admin'

                )(repo.repo_name, 'get_repos_as_dict check'):

                    continue

            cs_cache = repo.changeset_cache

            row = {

                "menu": quick_menu(repo.repo_name),

                "raw_name": repo.repo_name.lower(),

                "name": repo_lnk(repo.repo_name, repo.repo_type,

                                 repo.private, repo.fork),

                "last_change": last_change(repo.last_db_change),

                "last_changeset": last_rev(repo.repo_name, cs_cache),

                "raw_tip": cs_cache.get('revision'),

                "desc": desc(repo.description),

                "owner": h.person(repo.user.username),

                "rss": rss_lnk(repo.repo_name),

                "atom": atom_lnk(repo.repo_name),

            }

            if admin:

                row.update({

                    "action": repo_actions(repo.repo_name),

                    "owner": owner_actions(repo.user.user_id,

                                           h.person(repo.user.username))

                })

            repos_data.append(row)

        return {

            "totalRecords": len(repos_list),

            "startIndex": 0,

            "sort": "name",

            "dir": "asc",

            "records": repos_data

        }

    def _get_defaults(self, repo_name):

        """

        Get's information about repository, and returns a dict for

        usage in forms

        :param repo_name:

        """

        repo_info = Repository.get_by_repo_name(repo_name)

        if repo_info is None:

            return None

        defaults = repo_info.get_dict()

        group, repo_name, repo_name_full = repo_info.groups_and_repo

        defaults['repo_name'] = repo_name

        defaults['repo_group'] = getattr(group[-1] if group else None,

                                         'group_id', None)

        for strip, k in [(0, 'repo_type'), (1, 'repo_enable_downloads'),

                  (1, 'repo_description'), (1, 'repo_enable_locking'),

                  (1, 'repo_landing_rev'), (0, 'clone_uri'),

                  (1, 'repo_private'), (1, 'repo_enable_statistics')]:

            attr = k

            if strip:

                attr = remove_prefix(k, 'repo_')

            defaults[k] = defaults[attr]

        # fill owner

        if repo_info.user:

            defaults.update({'user': repo_info.user.username})

        else:

            replacement_user = User.query().filter(User.admin ==

                                                   True).first().username

            defaults.update({'user': replacement_user})

        # fill repository users

        for p in repo_info.repo_to_perm:

            defaults.update({'u_perm_%s' % p.user.username:

                             p.permission.permission_name})

        # fill repository groups

        for p in repo_info.users_group_to_perm:

            defaults.update({'g_perm_%s' % p.users_group.users_group_name:

                             p.permission.permission_name})

            repo_name_full = repo_name

            repo_name = repo_name.split(self.URL_SEPARATOR)[-1]

            new_repo = Repository()

            new_repo.enable_statistics = False

            new_repo.repo_name = repo_name_full

            new_repo.repo_type = repo_type

            new_repo.user = owner

            new_repo.group = repos_group

            new_repo.description = description or repo_name

            new_repo.private = private

            new_repo.clone_uri = clone_uri

            new_repo.landing_rev = landing_rev

            new_repo.enable_statistics = enable_statistics

            new_repo.enable_locking = enable_locking

            new_repo.enable_downloads = enable_downloads

            if repos_group:

                new_repo.enable_locking = repos_group.enable_locking

            if fork_of:

                parent_repo = fork_of

                new_repo.fork = parent_repo

            self.sa.add(new_repo)

            if fork_of:

                if copy_fork_permissions:

                    repo = fork_of

                    user_perms = UserRepoToPerm.query()\

                        .filter(UserRepoToPerm.repository == repo).all()

                    group_perms = UserGroupRepoToPerm.query()\

                        .filter(UserGroupRepoToPerm.repository == repo).all()

                    for perm in user_perms:

                        UserRepoToPerm.create(perm.user, new_repo,

                                              perm.permission)

                    for perm in group_perms:

                        UserGroupRepoToPerm.create(perm.users_group, new_repo,

                                                    perm.permission)

                else:

                    perm_obj = self._create_default_perms(new_repo, private)

                    self.sa.add(perm_obj)

            else:

                perm_obj = self._create_default_perms(new_repo, private)

                self.sa.add(perm_obj)

            if not just_db:

                self.__create_repo(repo_name, repo_type,

                                   repos_group,

                                   clone_uri)

                log_create_repository(new_repo.get_dict(),

                                      created_by=owner.username)

            # now automatically start following this repository as owner

            ScmModel(self.sa).toggle_following_repo(new_repo.repo_id,

                                                    owner.user_id)

            return new_repo

        except Exception:

            log.error(traceback.format_exc())

            raise

    def create(self, form_data, cur_user, just_db=False, fork=None):

        """

        Backward compatibility function, just a wrapper on top of create_repo

        :param form_data:

        :param cur_user:

        :param just_db:

        :param fork:

        """

        owner = cur_user

        repo_name = form_data['repo_name_full']

        repo_type = form_data['repo_type']

        description = form_data['repo_description']

        private = form_data['repo_private']

        clone_uri = form_data.get('clone_uri')

        repos_group = form_data['repo_group']

        landing_rev = form_data['repo_landing_rev']

        copy_fork_permissions = form_data.get('copy_permissions')

        fork_of = form_data.get('fork_parent_id')

        ## repo creation defaults, private and repo_type are filled in form

        defs = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True)

        enable_statistics = defs.get('repo_enable_statistics')

        enable_locking = defs.get('repo_enable_locking')

        enable_downloads = defs.get('repo_enable_downloads')

        return self.create_repo(

            repo_name, repo_type, description, owner, private, clone_uri,

            repos_group, landing_rev, just_db, fork_of, copy_fork_permissions,

            enable_statistics, enable_locking, enable_downloads

        )

        if not perms_new:

            perms_new = []

        if not perms_updates:

            perms_updates = []

        # update permissions

        for member, perm, member_type in perms_updates:

            if member_type == 'user':

                # this updates existing one

                self.grant_user_permission(

                    repo=repo, user=member, perm=perm

                )

            else:

                #check if we have permissions to alter this usergroup

                    self.grant_users_group_permission(

                        repo=repo, group_name=member, perm=perm

                    )

        # set new permissions

        for member, perm, member_type in perms_new:

            if member_type == 'user':

                self.grant_user_permission(

                    repo=repo, user=member, perm=perm

                )

            else:

                #check if we have permissions to alter this usergroup

                    self.grant_users_group_permission(

                        repo=repo, group_name=member, perm=perm

                    )

    def create_fork(self, form_data, cur_user):

        """

        Simple wrapper into executing celery task for fork creation

        :param form_data:

        :param cur_user:

        """

        from rhodecode.lib.celerylib import tasks, run_task

        run_task(tasks.create_repo_fork, form_data, cur_user)

    def delete(self, repo, forks=None, fs_remove=True):

        """

        Delete given repository, forks parameter defines what do do with

        attached forks. Throws AttachedForksError if deleted repo has attached

        forks

        :param repo:

        :param forks: str 'delete' or 'detach'

        :param fs_remove: remove(archive) repo from filesystem

        """

        repo = self._get_repo(repo)

        if repo:

            if forks == 'detach':

                for r in repo.forks:

                    r.fork = None

                    self.sa.add(r)

            elif forks == 'delete':

                for r in repo.forks:

                    self.delete(r, forks='delete')

            elif [f for f in repo.forks]:

                raise AttachedForksError()

            old_repo_dict = repo.get_dict()

            owner = repo.user

            try:

                self.sa.delete(repo)

                if fs_remove:

                    self.__delete_repo(repo)

                else:

                    log.debug('skipping removal from filesystem')

                log_delete_repository(old_repo_dict,

                                      deleted_by=owner.username)

            except Exception:

                log.error(traceback.format_exc())

                raise

    def grant_user_permission(self, repo, user, perm):

        """

        Grant permission for user on given repository, or update existing one

        if found

        :param repo: Instance of Repository, repository_id, or repository name

        :param user: Instance of User, user_id or username

        :param perm: Instance of Permission, or permission_name

        """

        user = self._get_user(user)

        repo = self._get_repo(repo)

        permission = self._get_perm(perm)

        # check if we have that permission already

        obj = self.sa.query(UserRepoToPerm)\

            .filter(UserRepoToPerm.user == user)\

            .filter(UserRepoToPerm.repository == repo)\

            .scalar()

        if obj is None:

            # create new !

            obj = UserRepoToPerm()

        obj.repository = repo

        obj.user = user

        obj.permission = permission

        self.sa.add(obj)

        log.debug('Granted perm %s to %s on %s' % (perm, user, repo))

    def revoke_user_permission(self, repo, user):

        """

        Revoke permission for user on given repository

        :param repo: Instance of Repository, repository_id, or repository name

        :param user: Instance of User, user_id or username

        """

        user = self._get_user(user)

        repo = self._get_repo(repo)

        obj = self.sa.query(UserRepoToPerm)\

            .filter(UserRepoToPerm.repository == repo)\

            .filter(UserRepoToPerm.user == user)\

            .scalar()

        if obj:

            self.sa.delete(obj)

            log.debug('Revoked perm on %s on %s' % (repo, user))

        repo_group_to_perm.group = new_group

        repo_group_to_perm.user_id = def_user.user_id

        return repo_group_to_perm

    def __create_group(self, group_name):

        """

        makes repository group on filesystem

        :param repo_name:

        :param parent_id:

        """

        create_path = os.path.join(self.repos_path, group_name)

        log.debug('creating new group in %s' % create_path)

        if os.path.isdir(create_path):

            raise Exception('That directory already exists !')

        os.makedirs(create_path)

    def __rename_group(self, old, new):

        """

        Renames a group on filesystem

        :param group_name:

        """

        if old == new:

            log.debug('skipping group rename')

            return

        log.debug('renaming repository group from %s to %s' % (old, new))

        old_path = os.path.join(self.repos_path, old)

        new_path = os.path.join(self.repos_path, new)

        log.debug('renaming repos paths from %s to %s' % (old_path, new_path))

        if os.path.isdir(new_path):

            raise Exception('Was trying to rename to already '

                            'existing dir %s' % new_path)

        shutil.move(old_path, new_path)

    def __delete_group(self, group, force_delete=False):

        """

        Deletes a group from a filesystem

        :param group: instance of group from database

        :param force_delete: use shutil rmtree to remove all objects

        """

        paths = group.full_path.split(RepoGroup.url_sep())

        paths = os.sep.join(paths)

        rm_path = os.path.join(self.repos_path, paths)

        log.info("Removing group %s" % (rm_path))

        # delete only if that path really exists

        if os.path.isdir(rm_path):

            if force_delete:

                shutil.rmtree(rm_path)

            else:

                #archive that group`

                _now = datetime.datetime.now()

                _ms = str(_now.microsecond).rjust(6, '0')

                _d = 'rm__%s_GROUP_%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms),

                                          group.name)

                shutil.move(rm_path, os.path.join(self.repos_path, _d))

    def create(self, group_name, group_description, owner, parent=None, just_db=False):

        try:

            new_repos_group = RepoGroup()

            new_repos_group.user = self._get_user(owner)

            new_repos_group.group_description = group_description or group_name

            new_repos_group.parent_group = self._get_repo_group(parent)

            new_repos_group.group_name = new_repos_group.get_new_name(group_name)

            self.sa.add(new_repos_group)

            perm_obj = self._create_default_perms(new_repos_group)

            self.sa.add(perm_obj)

            #create an ADMIN permission for owner, later owner should go into

            #the owner field of groups

            self.grant_user_permission(repos_group=new_repos_group,

                                       user=owner, perm='group.admin')

            if not just_db:

                # we need to flush here, in order to check if database won't

                # throw any exceptions, create filesystem dirs at the very end

                self.sa.flush()

                self.__create_group(new_repos_group.group_name)

            return new_repos_group

        except Exception:

            log.error(traceback.format_exc())

            raise

    def _update_permissions(self, repos_group, perms_new=None,

        from rhodecode.model.repo import RepoModel

        from rhodecode.lib.auth import HasUserGroupPermissionAny

        if not perms_new:

            perms_new = []

        if not perms_updates:

            perms_updates = []

        def _set_perm_user(obj, user, perm):

            if isinstance(obj, RepoGroup):

                self.grant_user_permission(

                    repos_group=obj, user=user, perm=perm

                )

            elif isinstance(obj, Repository):

                #we do this ONLY IF repository is non-private

                if obj.private:

                    return

                # we set group permission but we have to switch to repo

                # permission

                perm = perm.replace('group.', 'repository.')

                RepoModel().grant_user_permission(

                    repo=obj, user=user, perm=perm

                )

        def _set_perm_group(obj, users_group, perm):

            if isinstance(obj, RepoGroup):

                self.grant_users_group_permission(

                    repos_group=obj, group_name=users_group, perm=perm

                )

            elif isinstance(obj, Repository):

                # we set group permission but we have to switch to repo

                # permission

                perm = perm.replace('group.', 'repository.')

                RepoModel().grant_users_group_permission(

                    repo=obj, group_name=users_group, perm=perm

                )

        updates = []

        log.debug('Now updating permissions for %s in recursive mode:%s'

                  % (repos_group, recursive))

        for obj in repos_group.recursive_groups_and_repos():

            #obj is an instance of a group or repositories in that group

            if not recursive:

                obj = repos_group

            # update permissions

            for member, perm, member_type in perms_updates:

                ## set for user

                if member_type == 'user':

                    # this updates also current one if found

                    _set_perm_user(obj, user=member, perm=perm)

                ## set for user group

                else:

                    #check if we have permissions to alter this usergroup

                        _set_perm_group(obj, users_group=member, perm=perm)

            # set new permissions

            for member, perm, member_type in perms_new:

                if member_type == 'user':

                    _set_perm_user(obj, user=member, perm=perm)

                else:

                    #check if we have permissions to alter this usergroup

                        _set_perm_group(obj, users_group=member, perm=perm)

            updates.append(obj)

            #if it's not recursive call

            # break the loop and don't proceed with other changes

            if not recursive:

                break

        return updates

    def update(self, repos_group, form_data):

        try:

            repos_group = self._get_repo_group(repos_group)

            old_path = repos_group.full_path

            # change properties

            repos_group.group_description = form_data['group_description']

            repos_group.group_parent_id = form_data['group_parent_id']

            repos_group.enable_locking = form_data['enable_locking']

            repos_group.parent_group = RepoGroup.get(form_data['group_parent_id'])

            repos_group.group_name = repos_group.get_new_name(form_data['group_name'])

            new_path = repos_group.full_path

            self.sa.add(repos_group)

            # iterate over all members of this groups and do fixes

            # set locking if given

            # if obj is a repoGroup also fix the name of the group according

            # to the parent

            # if obj is a Repo fix it's name

            # this can be potentially heavy operation

            for obj in repos_group.recursive_groups_and_repos():

                #set the value from it's parent

                obj.enable_locking = repos_group.enable_locking

                if isinstance(obj, RepoGroup):

                    new_name = obj.get_new_name(obj.name)

                    log.debug('Fixing group %s to new name %s' \

                                % (obj.group_name, new_name))

                    obj.group_name = new_name

                elif isinstance(obj, Repository):

                    # we need to get all repositories from this new group and

                    # rename them accordingly to new group path

                    new_name = obj.get_new_name(obj.just_name)

                    log.debug('Fixing repo %s to new name %s' \

                                % (obj.repo_name, new_name))

                    obj.repo_name = new_name

                self.sa.add(obj)

            self.__rename_group(old_path, new_path)

            return repos_group

        except Exception:

            log.error(traceback.format_exc())

            raise

    def delete(self, repos_group, force_delete=False):

        repos_group = self._get_repo_group(repos_group)

        try:

            self.sa.delete(repos_group)

            self.__delete_group(repos_group, force_delete)

        except Exception:

            log.error('Error removing repos_group %s' % repos_group)

            raise

    def delete_permission(self, repos_group, obj, obj_type, recursive):

        """

        Revokes permission for repos_group for given obj(user or users_group),

        obj_type can be user or user group

        :param repos_group:

        :param obj: user or user group id

        :param obj_type: user or user group type

        :param recursive: recurse to all children of group

        """

        from rhodecode.model.repo import RepoModel

        repos_group = self._get_repo_group(repos_group)

        for el in repos_group.recursive_groups_and_repos():

            if not recursive:

                # if we don't recurse set the permission on only the top level

                # object

                el = repos_group

            if isinstance(el, RepoGroup):

                if obj_type == 'user':

                    ReposGroupModel().revoke_user_permission(el, user=obj)

                elif obj_type == 'users_group':

                    ReposGroupModel().revoke_users_group_permission(el, group_name=obj)

                else:

                    raise Exception('undefined object type %s' % obj_type)

            elif isinstance(el, Repository):

                if obj_type == 'user':

                    RepoModel().revoke_user_permission(el, user=obj)

                elif obj_type == 'users_group':

                    RepoModel().revoke_users_group_permission(el, group_name=obj)

                else:

                    raise Exception('undefined object type %s' % obj_type)