# HG changeset patch
# User Marcin Kuzminski <marcin@rhodecode.com>
# Date 2017-02-24 16:48:18
# Node ID 9985d7e77b2187c47a788b661de459da000c02ea
# Parent  1307b88c408e4e85c207a6395437b6d0dc93fd98

auth-tokens: added scope into auth tokens (ApiKeys before refactoring)

- allows to have scoped tokens, ie. just for single repo.
- fix migration problems found on introducing this change

ref #3932

diff --git a/rhodecode/__init__.py b/rhodecode/__init__.py
--- a/rhodecode/__init__.py
+++ b/rhodecode/__init__.py
@@ -51,7 +51,7 @@ PYRAMID_SETTINGS = {}
 EXTENSIONS = {}
 
 __version__ = ('.'.join((str(each) for each in VERSION[:3])))
-__dbversion__ = 65  # defines current db version for migrations
+__dbversion__ = 67  # defines current db version for migrations
 __platform__ = platform.system()
 __license__ = 'AGPLv3, and Commercial License'
 __author__ = 'RhodeCode GmbH'
diff --git a/rhodecode/lib/dbmigrate/versions/066_version_4_7_0.py b/rhodecode/lib/dbmigrate/versions/066_version_4_7_0.py
new file mode 100644
--- /dev/null
+++ b/rhodecode/lib/dbmigrate/versions/066_version_4_7_0.py
@@ -0,0 +1,65 @@
+import logging
+
+from sqlalchemy import *
+from sqlalchemy.engine import reflection
+
+from alembic.migration import MigrationContext
+from alembic.operations import Operations
+
+from rhodecode.model import meta
+from rhodecode.lib.dbmigrate.versions import _reset_base, notify
+
+log = logging.getLogger(__name__)
+
+
+def get_by_key(cls, key):
+    return cls.query().filter(cls.ui_key == key).scalar()
+
+
+def upgrade(migrate_engine):
+    """
+    Upgrade operations go here.
+    Don't create your own engine; bind migrate_engine to your metadata
+    """
+    _reset_base(migrate_engine)
+    from rhodecode.lib.dbmigrate.schema import db_4_7_0_0
+
+    # make sure we re-create api-keys indexes
+
+    context = MigrationContext.configure(migrate_engine.connect())
+    op = Operations(context)
+
+    existing_indexes = _get_indexes_list(
+        migrate_engine, db_4_7_0_0.UserApiKeys.__tablename__)
+
+    names = [idx['name'] for idx in existing_indexes]
+
+    with op.batch_alter_table(db_4_7_0_0.UserApiKeys.__tablename__) as batch_op:
+        if 'uak_api_key_idx' not in names:
+            batch_op.create_index(
+             'uak_api_key_idx', ['api_key'])
+        if 'uak_api_key_expires_idx' not in names:
+            batch_op.create_index(
+             'uak_api_key_expires_idx', ['api_key', 'expires'])
+
+    # issue fixups
+    fixups(db_4_7_0_0, meta.Session)
+
+
+def downgrade(migrate_engine):
+    meta = MetaData()
+    meta.bind = migrate_engine
+
+
+def fixups(models, _SESSION):
+    pass
+
+
+def _get_unique_constraint_list(migrate_engine, table_name):
+    inspector = reflection.Inspector.from_engine(migrate_engine)
+    return inspector.get_unique_constraints(table_name)
+
+
+def _get_indexes_list(migrate_engine, table_name):
+    inspector = reflection.Inspector.from_engine(migrate_engine)
+    return inspector.get_indexes(table_name)
diff --git a/rhodecode/lib/dbmigrate/versions/067_version_4_7_0.py b/rhodecode/lib/dbmigrate/versions/067_version_4_7_0.py
new file mode 100644
--- /dev/null
+++ b/rhodecode/lib/dbmigrate/versions/067_version_4_7_0.py
@@ -0,0 +1,44 @@
+import logging
+
+from sqlalchemy import *
+from rhodecode.model import meta
+from rhodecode.lib.dbmigrate.versions import _reset_base, notify
+
+log = logging.getLogger(__name__)
+
+
+def get_by_key(cls, key):
+    return cls.query().filter(cls.ui_key == key).scalar()
+
+
+def upgrade(migrate_engine):
+    """
+    Upgrade operations go here.
+    Don't create your own engine; bind migrate_engine to your metadata
+    """
+    _reset_base(migrate_engine)
+    from rhodecode.lib.dbmigrate.schema import db_4_7_0_0
+
+    auth_token_table = db_4_7_0_0.UserApiKeys.__table__
+
+    repo_id = Column(
+        'repo_id', Integer(), ForeignKey('repositories.repo_id'),
+        nullable=True, unique=None, default=None)
+    repo_id.create(table=auth_token_table)
+
+    repo_group_id = Column(
+        'repo_group_id', Integer(), ForeignKey('groups.group_id'),
+        nullable=True, unique=None, default=None)
+    repo_group_id.create(table=auth_token_table)
+
+    # issue fixups
+    fixups(db_4_7_0_0, meta.Session)
+
+
+def downgrade(migrate_engine):
+    meta = MetaData()
+    meta.bind = migrate_engine
+
+
+def fixups(models, _SESSION):
+    pass
diff --git a/rhodecode/model/db.py b/rhodecode/model/db.py
--- a/rhodecode/model/db.py
+++ b/rhodecode/model/db.py
@@ -955,6 +955,17 @@ class UserApiKeys(Base, BaseModel):
     role = Column('role', String(255), nullable=True)
     created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
 
+    # scope columns
+    repo_id = Column(
+        'repo_id', Integer(), ForeignKey('repositories.repo_id'),
+        nullable=True, unique=None, default=None)
+    repo = relationship('Repository', lazy='joined')
+
+    repo_group_id = Column(
+        'repo_group_id', Integer(), ForeignKey('groups.group_id'),
+        nullable=True, unique=None, default=None)
+    repo_group = relationship('RepoGroup', lazy='joined')
+
     user = relationship('User', lazy='joined')
 
     @classmethod