#=======================================================================

        # #overwrite default with user permissions if any

        #=======================================================================

        user_perms = sa.query(RepoToPerm, Permission, Repository)\

            .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\

            .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\

            .filter(RepoToPerm.user_id == user.user_id).all()

        for perm in user_perms:

            if perm.Repository.user_id == user.user_id:#set admin if owner

                p = 'repository.admin'

            else:

                p = perm.Permission.permission_name

            user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p

    meta.Session.remove()

    return user

def get_user(session):

    """

    Gets user from session, and wraps permissions into user

    :param session:

    """

    user = session.get('rhodecode_user', AuthUser())

    #if the user is not logged in we check for anonymous access

    #if user is logged and it's a default user check if we still have anonymous

    #access enabled

    if user.user_id is None or user.username == 'default':

        anonymous_user = UserModel().get_by_username('default', cache=True)

        if anonymous_user.active is True:

            #then we set this user is logged in

            user.is_authenticated = True

        else:

            user.is_authenticated = False

    if user.is_authenticated:

        user = UserModel().fill_data(user)

    user = fill_perms(user)

    session['rhodecode_user'] = user

    session.save()

    return user

#===============================================================================

# CHECK DECORATORS

#===============================================================================

class LoginRequired(object):

    """Must be logged in to execute this function else redirect to login page"""

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        user = session.get('rhodecode_user', AuthUser())

        log.debug('Checking login required for user:%s', user.username)

        if user.is_authenticated:

        try:

            user = self.get(user_id, cache=False)

            if user.username == 'default':

                raise DefaultUserException(

                                _("You can't remove this user since it's"

                                  " crucial for entire application"))

            self.sa.delete(user)

            self.sa.commit()

        except:

            log.error(traceback.format_exc())

            self.sa.rollback()

            raise

    def reset_password(self, data):

        from rhodecode.lib.celerylib import tasks, run_task

        run_task(tasks.reset_user_password, data['email'])

    def fill_data(self, user):

        """

        Fills user data with those from database and log out user if not 

        present in database

        :param user:

        """

        log.debug('filling auth user data')

        try:

            dbuser = self.get(user.user_id)

            user.username = dbuser.username

            user.is_admin = dbuser.admin

            user.name = dbuser.name

            user.lastname = dbuser.lastname

            user.email = dbuser.email

        except:

            log.error(traceback.format_exc())

            user.is_authenticated = False

        return user