rhodecode-enterprise-ce Commit - r4959:00826968

FOLD: into unicode changes

super-admin -

r4959:00826968 default

parent child

The requested changes are too big and content was truncated. Show full diff

rhodecode/lib/auth.py

0 +11 -8

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             authentication and permission libraries
             """
             import os
             import colander
             import time
             import collections
             import fnmatch
             import itertools
             import logging
             import random
             import traceback
             from functools import wraps
             import ipaddress
             from pyramid.httpexceptions import HTTPForbidden, HTTPFound, HTTPNotFound
             from sqlalchemy.orm.exc import ObjectDeletedError
             from sqlalchemy.orm import joinedload
             from zope.cachedescriptors.property import Lazy as LazyProperty
             import rhodecode
             from rhodecode.model import meta
             from rhodecode.model.meta import Session
             from rhodecode.model.user import UserModel
             from rhodecode.model.db import (
                 false, User, Repository, Permission, UserToPerm, UserGroupToPerm, UserGroupMember,
                 UserIpMap, UserApiKeys, RepoGroup, UserGroup, UserNotice)
             from rhodecode.lib import rc_cache
             from rhodecode.lib.utils import (
                 get_repo_slug, get_repo_group_slug, get_user_group_slug)
             from rhodecode.lib.type_utils import aslist
             from rhodecode.lib.hash_utils import sha1, sha256, md5
             from rhodecode.lib.str_utils import ascii_bytes, safe_str, safe_int, safe_bytes
             from rhodecode.lib.caching_query import FromCache
             if rhodecode.is_unix:
                 import bcrypt
             log = logging.getLogger(__name__)
             csrf_token_key = "csrf_token"
             class PasswordGenerator(object):
                 """
                 This is a simple class for generating password from different sets of
                 characters
                 usage::
                     passwd_gen = PasswordGenerator()
                     #print 8-letter password containing only big and small letters
                         of alphabet
                     passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
                 """
                 ALPHABETS_NUM = r'''1234567890'''
                 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
                 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
                 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''
                 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \
                     + ALPHABETS_NUM + ALPHABETS_SPECIAL
                 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM
                 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
                 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
                 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
                 def __init__(self, passwd=''):
                     self.passwd = passwd
                 def gen_password(self, length, type_=None):
                     if type_ is None:
                         type_ = self.ALPHABETS_FULL
                     self.passwd = ''.join([random.choice(type_) for _ in range(length)])
                     return self.passwd
             class _RhodeCodeCryptoBase(object):
                 ENC_PREF = None
                 def hash_create(self, str_):
                     """
                     hash the string using
                     :param str_: password to hash
                     """
                     raise NotImplementedError
                 def hash_check_with_upgrade(self, password, hashed):
                     """
                     Returns tuple in which first element is boolean that states that
                     given password matches it's hashed version, and the second is new hash
                     of the password, in case this password should be migrated to new
                     cipher.
                     """
                     checked_hash = self.hash_check(password, hashed)
                     return checked_hash, None
                 def hash_check(self, password, hashed):
                     """
                     Checks matching password with it's hashed value.
                     :param password: password
                     :param hashed: password in hashed form
                     """
                     raise NotImplementedError
                 def _assert_bytes(self, value):
                     """
                     Passing in an `unicode` object can lead to hard to detect issues
                     if passwords contain non-ascii characters.  Doing a type check
                     during runtime, so that such mistakes are detected early on.
                     """
                     if not isinstance(value, str):
                         raise TypeError(
                             "Bytestring required as input, got %r." % (value, ))
             class _RhodeCodeCryptoBCrypt(_RhodeCodeCryptoBase):
                 ENC_PREF = ('$2a$10', '$2b$10')
                 def hash_create(self, str_):
                     self._assert_bytes(str_)
                     return bcrypt.hashpw(str_, bcrypt.gensalt(10))
                 def hash_check_with_upgrade(self, password, hashed):
                     """
                     Returns tuple in which first element is boolean that states that
                     given password matches it's hashed version, and the second is new hash
                     of the password, in case this password should be migrated to new
                     cipher.
                     This implements special upgrade logic which works like that:
                      - check if the given password == bcrypted hash, if yes then we
                        properly used password and it was already in bcrypt. Proceed
                        without any changes
                      - if bcrypt hash check is not working try with sha256. If hash compare
                        is ok, it means we using correct but old hashed password. indicate
                        hash change and proceed
                     """
                     new_hash = None
                     # regular pw check
                     password_match_bcrypt = self.hash_check(password, hashed)
                     # now we want to know if the password was maybe from sha256
                     # basically calling _RhodeCodeCryptoSha256().hash_check()
                     if not password_match_bcrypt:
                         if _RhodeCodeCryptoSha256().hash_check(password, hashed):
                             new_hash = self.hash_create(password)  # make new bcrypt hash
                             password_match_bcrypt = True
                     return password_match_bcrypt, new_hash
                 def hash_check(self, password, hashed):
                     """
                     Checks matching password with it's hashed value.
                     :param password: password
                     :param hashed: password in hashed form
                     """
                     self._assert_bytes(password)
                     try:
                         return bcrypt.hashpw(password, hashed) == hashed
                     except ValueError as e:
                         # we're having a invalid salt here probably, we should not crash
                         # just return with False as it would be a wrong password.
                         log.debug('Failed to check password hash using bcrypt %s',
                                   safe_str(e))
                     return False
             class _RhodeCodeCryptoSha256(_RhodeCodeCryptoBase):
                 ENC_PREF = '_'
                 def hash_create(self, str_):
                     self._assert_bytes(str_)
                     return sha256(str_)
                 def hash_check(self, password, hashed):
                     """
                     Checks matching password with it's hashed value.
                     :param password: password
                     :param hashed: password in hashed form
                     """
                     self._assert_bytes(password)
                     return sha256(password) == hashed
             class _RhodeCodeCryptoTest(_RhodeCodeCryptoBase):
                 ENC_PREF = '_'
                 def hash_create(self, str_):
                     self._assert_bytes(str_)
                     return sha1(str_)
                 def hash_check(self, password, hashed):
                     """
                     Checks matching password with it's hashed value.
                     :param password: password
                     :param hashed: password in hashed form
                     """
                     self._assert_bytes(password)
                     return sha1(password) == hashed
             def crypto_backend():
                 """
                 Return the matching crypto backend.
                 Selection is based on if we run tests or not, we pick sha1-test backend to run
                 tests faster since BCRYPT is expensive to calculate
                 """
                 if rhodecode.is_test:
                     RhodeCodeCrypto = _RhodeCodeCryptoTest()
                 else:
                     RhodeCodeCrypto = _RhodeCodeCryptoBCrypt()
                 return RhodeCodeCrypto
             def get_crypt_password(password):
                 """
                 Create the hash of `password` with the active crypto backend.
                 :param password: The cleartext password.
                 :type password: unicode
                 """
                 password = safe_str(password)
                 return crypto_backend().hash_create(password)
             def check_password(password, hashed):
                 """
                 Check if the value in `password` matches the hash in `hashed`.
                 :param password: The cleartext password.
                 :type password: unicode
                 :param hashed: The expected hashed version of the password.
                 :type hashed: The hash has to be passed in in text representation.
                 """
                 password = safe_str(password)
                 return crypto_backend().hash_check(password, hashed)
             def generate_auth_token(data, salt=None):
                 """
                 Generates API KEY from given string
                 """
                 if salt is None:
                     salt = os.urandom(16)
                 return sha1(data + salt)
             def get_came_from(request):
                 """
                 get query_string+path from request sanitized after removing auth_token
                 """
                 _req = request
                 path = _req.path
                 if 'auth_token' in _req.GET:
                     # sanitize the request and remove auth_token for redirection
                     _req.GET.pop('auth_token')
                 qs = _req.query_string
                 if qs:
                     path += '?' + qs
                 return path
             class CookieStoreWrapper(object):
                 def __init__(self, cookie_store):
                     self.cookie_store = cookie_store
                 def __repr__(self):
                     return 'CookieStore<%s>' % (self.cookie_store)
                 def get(self, key, other=None):
                     if isinstance(self.cookie_store, dict):
                         return self.cookie_store.get(key, other)
                     elif isinstance(self.cookie_store, AuthUser):
                         return self.cookie_store.__dict__.get(key, other)
             def _cached_perms_data(user_id, scope, user_is_admin,
                                    user_inherit_default_permissions, explicit, algo,
                                    calculate_super_admin):
                 permissions = PermissionCalculator(
                     user_id, scope, user_is_admin, user_inherit_default_permissions,
                     explicit, algo, calculate_super_admin)
                 return permissions.calculate()
             class PermOrigin(object):
                 SUPER_ADMIN = 'superadmin'
                 ARCHIVED = 'archived'
                 REPO_USER = 'user:%s'
                 REPO_USERGROUP = 'usergroup:%s'
                 REPO_OWNER = 'repo.owner'
                 REPO_DEFAULT = 'repo.default'
                 REPO_DEFAULT_NO_INHERIT = 'repo.default.no.inherit'
                 REPO_PRIVATE = 'repo.private'
                 REPOGROUP_USER = 'user:%s'
                 REPOGROUP_USERGROUP = 'usergroup:%s'
                 REPOGROUP_OWNER = 'group.owner'
                 REPOGROUP_DEFAULT = 'group.default'
                 REPOGROUP_DEFAULT_NO_INHERIT = 'group.default.no.inherit'
                 USERGROUP_USER = 'user:%s'
                 USERGROUP_USERGROUP = 'usergroup:%s'
                 USERGROUP_OWNER = 'usergroup.owner'
                 USERGROUP_DEFAULT = 'usergroup.default'
                 USERGROUP_DEFAULT_NO_INHERIT = 'usergroup.default.no.inherit'
             class PermOriginDict(dict):
                 """
                 A special dict used for tracking permissions along with their origins.
                 `__setitem__` has been overridden to expect a tuple(perm, origin)
                 `__getitem__` will return only the perm
                 `.perm_origin_stack` will return the stack of (perm, origin) set per key
                 >>> perms = PermOriginDict()
                 >>> perms['resource'] = 'read', 'default', 1
                 >>> perms['resource']
                 'read'
                 >>> perms['resource'] = 'write', 'admin', 2
                 >>> perms['resource']
                 'write'
                 >>> perms.perm_origin_stack
                 {'resource': [('read', 'default', 1), ('write', 'admin', 2)]}
                 """
                 def __init__(self, *args, **kw):
                     dict.__init__(self, *args, **kw)
                     self.perm_origin_stack = collections.OrderedDict()
                 def __setitem__(self, key, perm_origin_obj_id):
                     # set (most likely via pickle) key:val pair without tuple
                     if not isinstance(perm_origin_obj_id, tuple):
                         perm = perm_origin_obj_id
                         dict.__setitem__(self, key, perm)
                     else:
                         # unpack if we create a key from tuple
                         (perm, origin, obj_id) = perm_origin_obj_id
                         self.perm_origin_stack.setdefault(key, []).append((perm, origin, obj_id))
                         dict.__setitem__(self, key, perm)
             class BranchPermOriginDict(dict):
                 """
                 Dedicated branch permissions dict, with tracking of patterns and origins.
                 >>> perms = BranchPermOriginDict()
                 >>> perms['resource'] = '*pattern', 'read', 'default'
                 >>> perms['resource']
                 {'*pattern': 'read'}
                 >>> perms['resource'] = '*pattern', 'write', 'admin'
                 >>> perms['resource']
                 {'*pattern': 'write'}
                 >>> perms.perm_origin_stack
                 {'resource': {'*pattern': [('read', 'default'), ('write', 'admin')]}}
                 """
                 def __init__(self, *args, **kw):
                     dict.__init__(self, *args, **kw)
                     self.perm_origin_stack = collections.OrderedDict()
                 def __setitem__(self, key, pattern_perm_origin):
                     # set (most likely via pickle) key:val pair without tuple
                     if not isinstance(pattern_perm_origin, tuple):
                         pattern_perm = pattern_perm_origin
                         dict.__setitem__(self, key, pattern_perm)
                     else:
                         (pattern_perm, origin) = pattern_perm_origin
                         # we're passing in the dict, so we save the the stack
                         for pattern, perm in pattern_perm.items():
                             self.perm_origin_stack.setdefault(key, {})\
                                 .setdefault(pattern, []).append((perm, origin))
                         dict.__setitem__(self, key, pattern_perm)
             class PermissionCalculator(object):
                 def __init__(
                         self, user_id, scope, user_is_admin,
                         user_inherit_default_permissions, explicit, algo,
                         calculate_super_admin_as_user=False):
                     self.user_id = user_id
                     self.user_is_admin = user_is_admin
                     self.inherit_default_permissions = user_inherit_default_permissions
                     self.explicit = explicit
                     self.algo = algo
                     self.calculate_super_admin_as_user = calculate_super_admin_as_user
                     scope = scope or {}
                     self.scope_repo_id = scope.get('repo_id')
                     self.scope_repo_group_id = scope.get('repo_group_id')
                     self.scope_user_group_id = scope.get('user_group_id')
                     self.default_user_id = User.get_default_user(cache=True).user_id
                     self.permissions_repositories = PermOriginDict()
                     self.permissions_repository_groups = PermOriginDict()
                     self.permissions_user_groups = PermOriginDict()
                     self.permissions_repository_branches = BranchPermOriginDict()
                     self.permissions_global = set()
                     self.default_repo_perms = Permission.get_default_repo_perms(
                         self.default_user_id, self.scope_repo_id)
                     self.default_repo_groups_perms = Permission.get_default_group_perms(
                         self.default_user_id, self.scope_repo_group_id)
                     self.default_user_group_perms = \
                         Permission.get_default_user_group_perms(
                             self.default_user_id, self.scope_user_group_id)
                     # default branch perms
                     self.default_branch_repo_perms = \
                         Permission.get_default_repo_branch_perms(
                             self.default_user_id, self.scope_repo_id)
                 def calculate(self):
                     if self.user_is_admin and not self.calculate_super_admin_as_user:
                         return self._calculate_super_admin_permissions()
                     self._calculate_global_default_permissions()
                     self._calculate_global_permissions()
                     self._calculate_default_permissions()
                     self._calculate_repository_permissions()
                     self._calculate_repository_branch_permissions()
                     self._calculate_repository_group_permissions()
                     self._calculate_user_group_permissions()
                     return self._permission_structure()
                 def _calculate_super_admin_permissions(self):
                     """
                     super-admin user have all default rights for repositories
                     and groups set to admin
                     """
                     self.permissions_global.add('hg.admin')
                     self.permissions_global.add('hg.create.write_on_repogroup.true')
                     # repositories
                     for perm in self.default_repo_perms:
                         r_k = perm.UserRepoToPerm.repository.repo_name
                         obj_id = perm.UserRepoToPerm.repository.repo_id
                         archived = perm.UserRepoToPerm.repository.archived
                         p = 'repository.admin'
                         self.permissions_repositories[r_k] = p, PermOrigin.SUPER_ADMIN, obj_id
                         # special case for archived repositories, which we block still even for
                         # super admins
                         if archived:
                             p = 'repository.read'
                             self.permissions_repositories[r_k] = p, PermOrigin.ARCHIVED, obj_id
                     # repository groups
                     for perm in self.default_repo_groups_perms:
                         rg_k = perm.UserRepoGroupToPerm.group.group_name
                         obj_id = perm.UserRepoGroupToPerm.group.group_id
                         p = 'group.admin'
                         self.permissions_repository_groups[rg_k] = p, PermOrigin.SUPER_ADMIN, obj_id
                     # user groups
                     for perm in self.default_user_group_perms:
                         u_k = perm.UserUserGroupToPerm.user_group.users_group_name
                         obj_id = perm.UserUserGroupToPerm.user_group.users_group_id
                         p = 'usergroup.admin'
                         self.permissions_user_groups[u_k] = p, PermOrigin.SUPER_ADMIN, obj_id
                     # branch permissions
                     # since super-admin also can have custom rule permissions
                     # we *always* need to calculate those inherited from default, and also explicit
                     self._calculate_default_permissions_repository_branches(
                         user_inherit_object_permissions=False)
                     self._calculate_repository_branch_permissions()
                     return self._permission_structure()
                 def _calculate_global_default_permissions(self):
                     """
                     global permissions taken from the default user
                     """
                     default_global_perms = UserToPerm.query()\
                         .filter(UserToPerm.user_id == self.default_user_id)\
                         .options(joinedload(UserToPerm.permission))
                     for perm in default_global_perms:
                         self.permissions_global.add(perm.permission.permission_name)
                     if self.user_is_admin:
                         self.permissions_global.add('hg.admin')
                         self.permissions_global.add('hg.create.write_on_repogroup.true')
                 def _calculate_global_permissions(self):
                     """
                     Set global system permissions with user permissions or permissions
                     taken from the user groups of the current user.
                     The permissions include repo creating, repo group creating, forking
                     etc.
                     """
                     # now we read the defined permissions and overwrite what we have set
                     # before those can be configured from groups or users explicitly.
                     # In case we want to extend this list we should make sure
                     # this is in sync with User.DEFAULT_USER_PERMISSIONS definitions
                     from rhodecode.model.permission import PermissionModel
                     _configurable = frozenset([
                         PermissionModel.FORKING_DISABLED, PermissionModel.FORKING_ENABLED,
                         'hg.create.none', 'hg.create.repository',
                         'hg.usergroup.create.false', 'hg.usergroup.create.true',
                         'hg.repogroup.create.false', 'hg.repogroup.create.true',
                         'hg.create.write_on_repogroup.false', 'hg.create.write_on_repogroup.true',
                         'hg.inherit_default_perms.false', 'hg.inherit_default_perms.true'
                     ])
                     # USER GROUPS comes first user group global permissions
                     user_perms_from_users_groups = Session().query(UserGroupToPerm)\
                         .options(joinedload(UserGroupToPerm.permission))\
                         .join((UserGroupMember, UserGroupToPerm.users_group_id ==
                                UserGroupMember.users_group_id))\
                         .filter(UserGroupMember.user_id == self.user_id)\
                         .order_by(UserGroupToPerm.users_group_id)\
                         .all()
                     # need to group here by groups since user can be in more than
                     # one group, so we get all groups
                     _explicit_grouped_perms = [
                         [x, list(y)] for x, y in
                         itertools.groupby(user_perms_from_users_groups,
                                           lambda _x: _x.users_group)]
                     for gr, perms in _explicit_grouped_perms:
                         # since user can be in multiple groups iterate over them and
                         # select the lowest permissions first (more explicit)
                         # TODO(marcink): do this^^
                         # group doesn't inherit default permissions so we actually set them
                         if not gr.inherit_default_permissions:
                             # NEED TO IGNORE all previously set configurable permissions
                             # and replace them with explicitly set from this user
                             # group permissions
                             self.permissions_global = self.permissions_global.difference(
                                 _configurable)
                             for perm in perms:
                                 self.permissions_global.add(perm.permission.permission_name)
                     # user explicit global permissions
                     user_perms = Session().query(UserToPerm)\
                         .options(joinedload(UserToPerm.permission))\
                         .filter(UserToPerm.user_id == self.user_id).all()
                     if not self.inherit_default_permissions:
                         # NEED TO IGNORE all configurable permissions and
                         # replace them with explicitly set from this user permissions
                         self.permissions_global = self.permissions_global.difference(
                             _configurable)
                         for perm in user_perms:
                             self.permissions_global.add(perm.permission.permission_name)
                 def _calculate_default_permissions_repositories(self, user_inherit_object_permissions):
                     for perm in self.default_repo_perms:
                         r_k = perm.UserRepoToPerm.repository.repo_name
                         obj_id = perm.UserRepoToPerm.repository.repo_id
                         archived = perm.UserRepoToPerm.repository.archived
                         p = perm.Permission.permission_name
                         o = PermOrigin.REPO_DEFAULT
                         self.permissions_repositories[r_k] = p, o, obj_id
                         # if we decide this user isn't inheriting permissions from
                         # default user we set him to .none so only explicit
                         # permissions work
                         if not user_inherit_object_permissions:
                             p = 'repository.none'
                             o = PermOrigin.REPO_DEFAULT_NO_INHERIT
                             self.permissions_repositories[r_k] = p, o, obj_id
                         if perm.Repository.private and not (
                                 perm.Repository.user_id == self.user_id):
                             # disable defaults for private repos,
                             p = 'repository.none'
                             o = PermOrigin.REPO_PRIVATE
                             self.permissions_repositories[r_k] = p, o, obj_id
                         elif perm.Repository.user_id == self.user_id:
                             # set admin if owner
                             p = 'repository.admin'
                             o = PermOrigin.REPO_OWNER
                             self.permissions_repositories[r_k] = p, o, obj_id
                         if self.user_is_admin:
                             p = 'repository.admin'
                             o = PermOrigin.SUPER_ADMIN
                             self.permissions_repositories[r_k] = p, o, obj_id
                         # finally in case of archived repositories, we downgrade  higher
                         # permissions to read
                         if archived:
                             current_perm = self.permissions_repositories[r_k]
                             if current_perm in ['repository.write', 'repository.admin']:
                                 p = 'repository.read'
                                 o = PermOrigin.ARCHIVED
                                 self.permissions_repositories[r_k] = p, o, obj_id
                 def _calculate_default_permissions_repository_branches(self, user_inherit_object_permissions):
                     for perm in self.default_branch_repo_perms:
                         r_k = perm.UserRepoToPerm.repository.repo_name
                         p = perm.Permission.permission_name
                         pattern = perm.UserToRepoBranchPermission.branch_pattern
                         o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
                         if not self.explicit:
                             cur_perm = self.permissions_repository_branches.get(r_k)
                             if cur_perm:
                                 cur_perm = cur_perm[pattern]
                             cur_perm = cur_perm or 'branch.none'
                             p = self._choose_permission(p, cur_perm)
                         # NOTE(marcink): register all pattern/perm instances in this
                         # special dict that aggregates entries
                         self.permissions_repository_branches[r_k] = {pattern: p}, o
                 def _calculate_default_permissions_repository_groups(self, user_inherit_object_permissions):
                     for perm in self.default_repo_groups_perms:
                         rg_k = perm.UserRepoGroupToPerm.group.group_name
                         obj_id = perm.UserRepoGroupToPerm.group.group_id
                         p = perm.Permission.permission_name
                         o = PermOrigin.REPOGROUP_DEFAULT
                         self.permissions_repository_groups[rg_k] = p, o, obj_id
                         # if we decide this user isn't inheriting permissions from default
                         # user we set him to .none so only explicit permissions work
                         if not user_inherit_object_permissions:
                             p = 'group.none'
                             o = PermOrigin.REPOGROUP_DEFAULT_NO_INHERIT
                             self.permissions_repository_groups[rg_k] = p, o, obj_id
                         if perm.RepoGroup.user_id == self.user_id:
                             # set admin if owner
                             p = 'group.admin'
                             o = PermOrigin.REPOGROUP_OWNER
                             self.permissions_repository_groups[rg_k] = p, o, obj_id
                         if self.user_is_admin:
                             p = 'group.admin'
                             o = PermOrigin.SUPER_ADMIN
                             self.permissions_repository_groups[rg_k] = p, o, obj_id
                 def _calculate_default_permissions_user_groups(self, user_inherit_object_permissions):
                     for perm in self.default_user_group_perms:
                         u_k = perm.UserUserGroupToPerm.user_group.users_group_name
                         obj_id = perm.UserUserGroupToPerm.user_group.users_group_id
                         p = perm.Permission.permission_name
                         o = PermOrigin.USERGROUP_DEFAULT
                         self.permissions_user_groups[u_k] = p, o, obj_id
                         # if we decide this user isn't inheriting permissions from default
                         # user we set him to .none so only explicit permissions work
                         if not user_inherit_object_permissions:
                             p = 'usergroup.none'
                             o = PermOrigin.USERGROUP_DEFAULT_NO_INHERIT
                             self.permissions_user_groups[u_k] = p, o, obj_id
                         if perm.UserGroup.user_id == self.user_id:
                             # set admin if owner
                             p = 'usergroup.admin'
                             o = PermOrigin.USERGROUP_OWNER
                             self.permissions_user_groups[u_k] = p, o, obj_id
                         if self.user_is_admin:
                             p = 'usergroup.admin'
                             o = PermOrigin.SUPER_ADMIN
                             self.permissions_user_groups[u_k] = p, o, obj_id
                 def _calculate_default_permissions(self):
                     """
                     Set default user permissions for repositories, repository branches,
                     repository groups, user groups taken from the default user.
                     Calculate inheritance of object permissions based on what we have now
                     in GLOBAL permissions. We check if .false is in GLOBAL since this is
                     explicitly set. Inherit is the opposite of .false being there.
                     .. note::
                        the syntax is little bit odd but what we need to check here is
                        the opposite of .false permission being in the list so even for
                        inconsistent state when both .true/.false is there
                        .false is more important
                     """
                     user_inherit_object_permissions = not ('hg.inherit_default_perms.false'
                                                            in self.permissions_global)
                     # default permissions inherited from `default` user permissions
                     self._calculate_default_permissions_repositories(
                         user_inherit_object_permissions)
                     self._calculate_default_permissions_repository_branches(
                         user_inherit_object_permissions)
                     self._calculate_default_permissions_repository_groups(
                         user_inherit_object_permissions)
                     self._calculate_default_permissions_user_groups(
                         user_inherit_object_permissions)
                 def _calculate_repository_permissions(self):
                     """
                     Repository access permissions for the current user.
                     Check if the user is part of user groups for this repository and
                     fill in the permission from it. `_choose_permission` decides of which
                     permission should be selected based on selected method.
                     """
                     # user group for repositories permissions
                     user_repo_perms_from_user_group = Permission\
                         .get_default_repo_perms_from_user_group(
                             self.user_id, self.scope_repo_id)
                     multiple_counter = collections.defaultdict(int)
                     for perm in user_repo_perms_from_user_group:
                         r_k = perm.UserGroupRepoToPerm.repository.repo_name
                         obj_id = perm.UserGroupRepoToPerm.repository.repo_id
                         multiple_counter[r_k] += 1
                         p = perm.Permission.permission_name
                         o = PermOrigin.REPO_USERGROUP % perm.UserGroupRepoToPerm\
                             .users_group.users_group_name
                         if multiple_counter[r_k] > 1:
                             cur_perm = self.permissions_repositories[r_k]
                             p = self._choose_permission(p, cur_perm)
                         self.permissions_repositories[r_k] = p, o, obj_id
                         if perm.Repository.user_id == self.user_id:
                             # set admin if owner
                             p = 'repository.admin'
                             o = PermOrigin.REPO_OWNER
                             self.permissions_repositories[r_k] = p, o, obj_id
                         if self.user_is_admin:
                             p = 'repository.admin'
                             o = PermOrigin.SUPER_ADMIN
                             self.permissions_repositories[r_k] = p, o, obj_id
                     # user explicit permissions for repositories, overrides any specified
                     # by the group permission
                     user_repo_perms = Permission.get_default_repo_perms(
                         self.user_id, self.scope_repo_id)
                     for perm in user_repo_perms:
                         r_k = perm.UserRepoToPerm.repository.repo_name
                         obj_id = perm.UserRepoToPerm.repository.repo_id
                         archived = perm.UserRepoToPerm.repository.archived
                         p = perm.Permission.permission_name
                         o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
                         if not self.explicit:
                             cur_perm = self.permissions_repositories.get(
                                 r_k, 'repository.none')
                             p = self._choose_permission(p, cur_perm)
                         self.permissions_repositories[r_k] = p, o, obj_id
                         if perm.Repository.user_id == self.user_id:
                             # set admin if owner
                             p = 'repository.admin'
                             o = PermOrigin.REPO_OWNER
                             self.permissions_repositories[r_k] = p, o, obj_id
                         if self.user_is_admin:
                             p = 'repository.admin'
                             o = PermOrigin.SUPER_ADMIN
                             self.permissions_repositories[r_k] = p, o, obj_id
                         # finally in case of archived repositories, we downgrade  higher
                         # permissions to read
                         if archived:
                             current_perm = self.permissions_repositories[r_k]
                             if current_perm in ['repository.write', 'repository.admin']:
                                 p = 'repository.read'
                                 o = PermOrigin.ARCHIVED
                                 self.permissions_repositories[r_k] = p, o, obj_id
                 def _calculate_repository_branch_permissions(self):
                     # user group for repositories permissions
                     user_repo_branch_perms_from_user_group = Permission\
                         .get_default_repo_branch_perms_from_user_group(
                             self.user_id, self.scope_repo_id)
                     multiple_counter = collections.defaultdict(int)
                     for perm in user_repo_branch_perms_from_user_group:
                         r_k = perm.UserGroupRepoToPerm.repository.repo_name
                         p = perm.Permission.permission_name
                         pattern = perm.UserGroupToRepoBranchPermission.branch_pattern
                         o = PermOrigin.REPO_USERGROUP % perm.UserGroupRepoToPerm\
                             .users_group.users_group_name
                         multiple_counter[r_k] += 1
                         if multiple_counter[r_k] > 1:
                             cur_perm = self.permissions_repository_branches[r_k][pattern]
                             p = self._choose_permission(p, cur_perm)
                         self.permissions_repository_branches[r_k] = {pattern: p}, o
                     # user explicit branch permissions for repositories, overrides
                     # any specified by the group permission
                     user_repo_branch_perms = Permission.get_default_repo_branch_perms(
                         self.user_id, self.scope_repo_id)
                     for perm in user_repo_branch_perms:
                         r_k = perm.UserRepoToPerm.repository.repo_name
                         p = perm.Permission.permission_name
                         pattern = perm.UserToRepoBranchPermission.branch_pattern
                         o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
                         if not self.explicit:
                             cur_perm = self.permissions_repository_branches.get(r_k)
                             if cur_perm:
                                 cur_perm = cur_perm[pattern]
                             cur_perm = cur_perm or 'branch.none'
                             p = self._choose_permission(p, cur_perm)
                         # NOTE(marcink): register all pattern/perm instances in this
                         # special dict that aggregates entries
                         self.permissions_repository_branches[r_k] = {pattern: p}, o
                 def _calculate_repository_group_permissions(self):
                     """
                     Repository group permissions for the current user.
                     Check if the user is part of user groups for repository groups and
                     fill in the permissions from it. `_choose_permission` decides of which
                     permission should be selected based on selected method.
                     """
                     # user group for repo groups permissions
                     user_repo_group_perms_from_user_group = Permission\
                         .get_default_group_perms_from_user_group(
                             self.user_id, self.scope_repo_group_id)
                     multiple_counter = collections.defaultdict(int)
                     for perm in user_repo_group_perms_from_user_group:
                         rg_k = perm.UserGroupRepoGroupToPerm.group.group_name
                         obj_id = perm.UserGroupRepoGroupToPerm.group.group_id
                         multiple_counter[rg_k] += 1
                         o = PermOrigin.REPOGROUP_USERGROUP % perm.UserGroupRepoGroupToPerm\
                             .users_group.users_group_name
                         p = perm.Permission.permission_name
                         if multiple_counter[rg_k] > 1:
                             cur_perm = self.permissions_repository_groups[rg_k]
                             p = self._choose_permission(p, cur_perm)
                         self.permissions_repository_groups[rg_k] = p, o, obj_id
                         if perm.RepoGroup.user_id == self.user_id:
                             # set admin if owner, even for member of other user group
                             p = 'group.admin'
                             o = PermOrigin.REPOGROUP_OWNER
                             self.permissions_repository_groups[rg_k] = p, o, obj_id
                         if self.user_is_admin:
                             p = 'group.admin'
                             o = PermOrigin.SUPER_ADMIN
                             self.permissions_repository_groups[rg_k] = p, o, obj_id
                     # user explicit permissions for repository groups
                     user_repo_groups_perms = Permission.get_default_group_perms(
                         self.user_id, self.scope_repo_group_id)
                     for perm in user_repo_groups_perms:
                         rg_k = perm.UserRepoGroupToPerm.group.group_name
                         obj_id = perm.UserRepoGroupToPerm.group.group_id
                         o = PermOrigin.REPOGROUP_USER % perm.UserRepoGroupToPerm\
                             .user.username
                         p = perm.Permission.permission_name
                         if not self.explicit:
                             cur_perm = self.permissions_repository_groups.get(rg_k, 'group.none')
                             p = self._choose_permission(p, cur_perm)
                         self.permissions_repository_groups[rg_k] = p, o, obj_id
                         if perm.RepoGroup.user_id == self.user_id:
                             # set admin if owner
                             p = 'group.admin'
                             o = PermOrigin.REPOGROUP_OWNER
                             self.permissions_repository_groups[rg_k] = p, o, obj_id
                         if self.user_is_admin:
                             p = 'group.admin'
                             o = PermOrigin.SUPER_ADMIN
                             self.permissions_repository_groups[rg_k] = p, o, obj_id
                 def _calculate_user_group_permissions(self):
                     """
                     User group permissions for the current user.
                     """
                     # user group for user group permissions
                     user_group_from_user_group = Permission\
                         .get_default_user_group_perms_from_user_group(
                             self.user_id, self.scope_user_group_id)
                     multiple_counter = collections.defaultdict(int)
                     for perm in user_group_from_user_group:
                         ug_k = perm.UserGroupUserGroupToPerm.target_user_group.users_group_name
                         obj_id = perm.UserGroupUserGroupToPerm.target_user_group.users_group_id
                         multiple_counter[ug_k] += 1
                         o = PermOrigin.USERGROUP_USERGROUP % perm.UserGroupUserGroupToPerm\
                             .user_group.users_group_name
                         p = perm.Permission.permission_name
                         if multiple_counter[ug_k] > 1:
                             cur_perm = self.permissions_user_groups[ug_k]
                             p = self._choose_permission(p, cur_perm)
                         self.permissions_user_groups[ug_k] = p, o, obj_id
                         if perm.UserGroup.user_id == self.user_id:
                             # set admin if owner, even for member of other user group
                             p = 'usergroup.admin'
                             o = PermOrigin.USERGROUP_OWNER
                             self.permissions_user_groups[ug_k] = p, o, obj_id
                         if self.user_is_admin:
                             p = 'usergroup.admin'
                             o = PermOrigin.SUPER_ADMIN
                             self.permissions_user_groups[ug_k] = p, o, obj_id
                     # user explicit permission for user groups
                     user_user_groups_perms = Permission.get_default_user_group_perms(
                         self.user_id, self.scope_user_group_id)
                     for perm in user_user_groups_perms:
                         ug_k = perm.UserUserGroupToPerm.user_group.users_group_name
                         obj_id = perm.UserUserGroupToPerm.user_group.users_group_id
                         o = PermOrigin.USERGROUP_USER % perm.UserUserGroupToPerm\
                             .user.username
                         p = perm.Permission.permission_name
                         if not self.explicit:
                             cur_perm = self.permissions_user_groups.get(ug_k, 'usergroup.none')
                             p = self._choose_permission(p, cur_perm)
                         self.permissions_user_groups[ug_k] = p, o, obj_id
                         if perm.UserGroup.user_id == self.user_id:
                             # set admin if owner
                             p = 'usergroup.admin'
                             o = PermOrigin.USERGROUP_OWNER
                             self.permissions_user_groups[ug_k] = p, o, obj_id
                         if self.user_is_admin:
                             p = 'usergroup.admin'
                             o = PermOrigin.SUPER_ADMIN
                             self.permissions_user_groups[ug_k] = p, o, obj_id
                 def _choose_permission(self, new_perm, cur_perm):
                     new_perm_val = Permission.PERM_WEIGHTS[new_perm]
                     cur_perm_val = Permission.PERM_WEIGHTS[cur_perm]
                     if self.algo == 'higherwin':
                         if new_perm_val > cur_perm_val:
                             return new_perm
                         return cur_perm
                     elif self.algo == 'lowerwin':
                         if new_perm_val < cur_perm_val:
                             return new_perm
                         return cur_perm
                 def _permission_structure(self):
                     return {
                         'global': self.permissions_global,
                         'repositories': self.permissions_repositories,
                         'repository_branches': self.permissions_repository_branches,
                         'repositories_groups': self.permissions_repository_groups,
                         'user_groups': self.permissions_user_groups,
                     }
             def allowed_auth_token_access(view_name, auth_token, whitelist=None):
                 """
                 Check if given controller_name is in whitelist of auth token access
                 """
                 if not whitelist:
                     from rhodecode import CONFIG
                     whitelist = aslist(
                         CONFIG.get('api_access_controllers_whitelist'), sep=',')
                 # backward compat translation
                 compat = {
                     # old controller, new VIEW
                     'ChangesetController:*': 'RepoCommitsView:*',
                     'ChangesetController:changeset_patch': 'RepoCommitsView:repo_commit_patch',
                     'ChangesetController:changeset_raw': 'RepoCommitsView:repo_commit_raw',
                     'FilesController:raw': 'RepoCommitsView:repo_commit_raw',
                     'FilesController:archivefile': 'RepoFilesView:repo_archivefile',
                     'GistsController:*': 'GistView:*',
                 }
                 log.debug(
                     'Allowed views for AUTH TOKEN access: %s', whitelist)
                 auth_token_access_valid = False
                 for entry in whitelist:
                     token_match = True
                     if entry in compat:
                         # translate from old Controllers to Pyramid Views
                         entry = compat[entry]
                     if '@' in entry:
                         # specific AuthToken
                         entry, allowed_token = entry.split('@', 1)
                         token_match = auth_token == allowed_token
                     if fnmatch.fnmatch(view_name, entry) and token_match:
                         auth_token_access_valid = True
                         break
                 if auth_token_access_valid:
                     log.debug('view: `%s` matches entry in whitelist: %s',
                               view_name, whitelist)
                 else:
                     msg = ('view: `%s` does *NOT* match any entry in whitelist: %s'
                            % (view_name, whitelist))
                     if auth_token:
                         # if we use auth token key and don't have access it's a warning
                         log.warning(msg)
                     else:
                         log.debug(msg)
                 return auth_token_access_valid
             class AuthUser(object):
                 """
                 A simple object that handles all attributes of user in RhodeCode
                 It does lookup based on API key,given user, or user present in session
                 Then it fills all required information for such user. It also checks if
                 anonymous access is enabled and if so, it returns default user as logged in
                 """
                 GLOBAL_PERMS = [x[0] for x in Permission.PERMS]
                 repo_read_perms = ['repository.read', 'repository.admin', 'repository.write']
                 repo_group_read_perms = ['group.read', 'group.write', 'group.admin']
                 user_group_read_perms = ['usergroup.read', 'usergroup.write', 'usergroup.admin']
                 def __init__(self, user_id=None, api_key=None, username=None, ip_addr=None):
                     self.user_id = user_id
                     self._api_key = api_key
                     self.api_key = None
                     self.username = username
                     self.ip_addr = ip_addr
                     self.name = ''
                     self.lastname = ''
                     self.first_name = ''
                     self.last_name = ''
                     self.email = ''
                     self.is_authenticated = False
                     self.admin = False
                     self.inherit_default_permissions = False
                     self.password = ''
                     self.anonymous_user = None  # propagated on propagate_data
                     self.propagate_data()
                     self._instance = None
                     self._permissions_scoped_cache = {}  # used to bind scoped calculation
                 @LazyProperty
                 def permissions(self):
                     return self.get_perms(user=self, cache=None)
                 @LazyProperty
                 def permissions_safe(self):
                     """
                     Filtered permissions excluding not allowed repositories
                     """
                     perms = self.get_perms(user=self, cache=None)
                     perms['repositories'] = {
                         k: v for k, v in perms['repositories'].items()
                         if v != 'repository.none'}
                     perms['repositories_groups'] = {
                         k: v for k, v in perms['repositories_groups'].items()
                         if v != 'group.none'}
                     perms['user_groups'] = {
                         k: v for k, v in perms['user_groups'].items()
                         if v != 'usergroup.none'}
                     perms['repository_branches'] = {
                         k: v for k, v in perms['repository_branches'].items()
                         if v != 'branch.none'}
                     return perms
                 @LazyProperty
                 def permissions_full_details(self):
                     return self.get_perms(
                         user=self, cache=None, calculate_super_admin=True)
                 def permissions_with_scope(self, scope):
                     """
                     Call the get_perms function with scoped data. The scope in that function
                     narrows the SQL calls to the given ID of objects resulting in fetching
                     Just particular permission we want to obtain. If scope is an empty dict
                     then it basically narrows the scope to GLOBAL permissions only.
                     :param scope: dict
                     """
                     if 'repo_name' in scope:
                         obj = Repository.get_by_repo_name(scope['repo_name'])
                         if obj:
                             scope['repo_id'] = obj.repo_id
                     _scope = collections.OrderedDict()
                     _scope['repo_id'] = -1
                     _scope['user_group_id'] = -1
                     _scope['repo_group_id'] = -1
                     for k in sorted(scope.keys()):
                         _scope[k] = scope[k]
                     # store in cache to mimic how the @LazyProperty works,
                     # the difference here is that we use the unique key calculated
                     # from params and values
                     return self.get_perms(user=self, cache=None, scope=_scope)
                 def get_instance(self):
                     return User.get(self.user_id)
                 def propagate_data(self):
                     """
                     Fills in user data and propagates values to this instance. Maps fetched
                     user attributes to this class instance attributes
                     """
                     log.debug('AuthUser: starting data propagation for new potential user')
                     user_model = UserModel()
                     anon_user = self.anonymous_user = User.get_default_user(cache=True)
                     is_user_loaded = False
                     # lookup by userid
                     if self.user_id is not None and self.user_id != anon_user.user_id:
                         log.debug('Trying Auth User lookup by USER ID: `%s`', self.user_id)
                         is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
                     # try go get user by api key
                     elif self._api_key and self._api_key != anon_user.api_key:
                         log.debug('Trying Auth User lookup by API KEY: `...%s`', self._api_key[-4:])
                         is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
                     # lookup by username
                     elif self.username:
                         log.debug('Trying Auth User lookup by USER NAME: `%s`', self.username)
                         is_user_loaded = user_model.fill_data(self, username=self.username)
                     else:
                         log.debug('No data in %s that could been used to log in', self)
                     if not is_user_loaded:
                         log.debug(
                             'Failed to load user. Fallback to default user %s', anon_user)
                         # if we cannot authenticate user try anonymous
                         if anon_user.active:
                             log.debug('default user is active, using it as a session user')
                             user_model.fill_data(self, user_id=anon_user.user_id)
                             # then we set this user is logged in
                             self.is_authenticated = True
                         else:
                             log.debug('default user is NOT active')
                             # in case of disabled anonymous user we reset some of the
                             # parameters so such user is "corrupted", skipping the fill_data
                             for attr in ['user_id', 'username', 'admin', 'active']:
                                 setattr(self, attr, None)
                             self.is_authenticated = False
                     if not self.username:
                         self.username = 'None'
                     log.debug('AuthUser: propagated user is now %s', self)
                 def get_perms(self, user, scope=None, explicit=True, algo='higherwin',
                               calculate_super_admin=False, cache=None):
                     """
                     Fills user permission attribute with permissions taken from database
                     works for permissions given for repositories, and for permissions that
                     are granted to groups
                     :param user: instance of User object from database
                     :param explicit: In case there are permissions both for user and a group
                         that user is part of, explicit flag will defiine if user will
                         explicitly override permissions from group, if it's False it will
                         make decision based on the algo
                     :param algo: algorithm to decide what permission should be choose if
                         it's multiple defined, eg user in two different groups. It also
                         decides if explicit flag is turned off how to specify the permission
                         for case when user is in a group + have defined separate permission
                     :param calculate_super_admin: calculate permissions for super-admin in the
                         same way as for regular user without speedups
                     :param cache: Use caching for calculation, None = let the cache backend decide
                     """
                     user_id = user.user_id
                     user_is_admin = user.is_admin
                     # inheritance of global permissions like create repo/fork repo etc
                     user_inherit_default_permissions = user.inherit_default_permissions
                     cache_seconds = safe_int(
                         rhodecode.CONFIG.get('rc_cache.cache_perms.expiration_time'))
                     if cache is None:
                         # let the backend cache decide
                         cache_on = cache_seconds > 0
                     else:
                         cache_on = cache
                     log.debug(
                         'Computing PERMISSION tree for user %s scope `%s` '
                         'with caching: %s[TTL: %ss]', user, scope, cache_on, cache_seconds or 0)
                     cache_namespace_uid = 'cache_user_auth.{}'.format(user_id)
                     region = rc_cache.get_or_create_region('cache_perms', cache_namespace_uid)
                     @region.conditional_cache_on_arguments(namespace=cache_namespace_uid,
                                                            condition=cache_on)
                     def compute_perm_tree(cache_name, cache_ver,
                             user_id, scope, user_is_admin,user_inherit_default_permissions,
                             explicit, algo, calculate_super_admin):
                         return _cached_perms_data(
                             user_id, scope, user_is_admin, user_inherit_default_permissions,
                             explicit, algo, calculate_super_admin)
                     start = time.time()
                     result = compute_perm_tree(
                         'permissions', 'v1', user_id, scope, user_is_admin,
                          user_inherit_default_permissions, explicit, algo,
                          calculate_super_admin)
                     result_repr = []
                     for k in result:
                         result_repr.append((k, len(result[k])))
                     total = time.time() - start
                     log.debug('PERMISSION tree for user %s computed in %.4fs: %s',
                               user, total, result_repr)
                     return result
                 @property
                 def is_default(self):
                     return self.username == User.DEFAULT_USER
                 @property
                 def is_admin(self):
                     return self.admin
                 @property
                 def is_user_object(self):
                     return self.user_id is not None
                 @property
                 def repositories_admin(self):
                     """
                     Returns list of repositories you're an admin of
                     """
                     return [
                         x[0] for x in self.permissions['repositories'].items()
                         if x[1] == 'repository.admin']
                 @property
                 def repository_groups_admin(self):
                     """
                     Returns list of repository groups you're an admin of
                     """
                     return [
                         x[0] for x in self.permissions['repositories_groups'].items()
                         if x[1] == 'group.admin']
                 @property
                 def user_groups_admin(self):
                     """
                     Returns list of user groups you're an admin of
                     """
                     return [
                         x[0] for x in self.permissions['user_groups'].items()
                         if x[1] == 'usergroup.admin']
                 def repo_acl_ids_from_stack(self, perms=None, prefix_filter=None, cache=False):
                     if not perms:
                         perms = AuthUser.repo_read_perms
                     allowed_ids = []
                     for k, stack_data in self.permissions['repositories'].perm_origin_stack.items():
                         perm, origin, obj_id = stack_data[-1]  # last item is the current permission
                         if prefix_filter and not k.startswith(prefix_filter):
                             continue
                         if perm in perms:
                             allowed_ids.append(obj_id)
                     return allowed_ids
                 def repo_acl_ids(self, perms=None, name_filter=None, cache=False):
                     """
                     Returns list of repository ids that user have access to based on given
                     perms. The cache flag should be only used in cases that are used for
                     display purposes, NOT IN ANY CASE for permission checks.
                     """
                     from rhodecode.model.scm import RepoList
                     if not perms:
                         perms = AuthUser.repo_read_perms
                     if not isinstance(perms, list):
                         raise ValueError('perms parameter must be a list got {} instead'.format(perms))
                     def _cached_repo_acl(perm_def, _name_filter):
                         qry = Repository.query()
                         if _name_filter:
-                            ilike_expression = u'%{}%'.format(safe_unicode(_name_filter))
+                            ilike_expression = '%{}%'.format(_name_filter)
                             qry = qry.filter(
                                 Repository.repo_name.ilike(ilike_expression))
                         return [x.repo_id for x in
                                 RepoList(qry, perm_set=perm_def, extra_kwargs={'user': self})]
                     log.debug('Computing REPO ACL IDS user %s', self)
                     cache_namespace_uid = 'cache_user_repo_acl_ids.{}'.format(self.user_id)
                     region = rc_cache.get_or_create_region('cache_perms', cache_namespace_uid)
                     @region.conditional_cache_on_arguments(namespace=cache_namespace_uid, condition=cache)
                     def compute_repo_acl_ids(cache_ver, user_id, perm_def, _name_filter):
                         return _cached_repo_acl(perm_def, _name_filter)
                     start = time.time()
                     result = compute_repo_acl_ids('v1', self.user_id, perms, name_filter)
                     total = time.time() - start
                     log.debug('REPO ACL IDS for user %s computed in %.4fs', self, total)
                     return result
                 def repo_group_acl_ids_from_stack(self, perms=None, prefix_filter=None, cache=False):
                     if not perms:
                         perms = AuthUser.repo_group_read_perms
                     allowed_ids = []
                     for k, stack_data in self.permissions['repositories_groups'].perm_origin_stack.items():
                         perm, origin, obj_id = stack_data[-1]  # last item is the current permission
                         if prefix_filter and not k.startswith(prefix_filter):
                             continue
                         if perm in perms:
                             allowed_ids.append(obj_id)
                     return allowed_ids
                 def repo_group_acl_ids(self, perms=None, name_filter=None, cache=False):
                     """
                     Returns list of repository group ids that user have access to based on given
                     perms. The cache flag should be only used in cases that are used for
                     display purposes, NOT IN ANY CASE for permission checks.
                     """
                     from rhodecode.model.scm import RepoGroupList
                     if not perms:
                         perms = AuthUser.repo_group_read_perms
                     if not isinstance(perms, list):
                         raise ValueError('perms parameter must be a list got {} instead'.format(perms))
                     def _cached_repo_group_acl(perm_def, _name_filter):
                         qry = RepoGroup.query()
                         if _name_filter:
-                            ilike_expression = u'%{}%'.format(safe_unicode(_name_filter))
+                            ilike_expression = '%{}%'.format(_name_filter)
                             qry = qry.filter(
                                 RepoGroup.group_name.ilike(ilike_expression))
                         return [x.group_id for x in
                                 RepoGroupList(qry, perm_set=perm_def, extra_kwargs={'user': self})]
                     log.debug('Computing REPO GROUP ACL IDS user %s', self)
                     cache_namespace_uid = 'cache_user_repo_group_acl_ids.{}'.format(self.user_id)
                     region = rc_cache.get_or_create_region('cache_perms', cache_namespace_uid)
                     @region.conditional_cache_on_arguments(namespace=cache_namespace_uid, condition=cache)
                     def compute_repo_group_acl_ids(cache_ver, user_id, perm_def, _name_filter):
                         return _cached_repo_group_acl(perm_def, _name_filter)
                     start = time.time()
                     result = compute_repo_group_acl_ids('v1', self.user_id, perms, name_filter)
                     total = time.time() - start
                     log.debug('REPO GROUP ACL IDS for user %s computed in %.4fs', self, total)
                     return result
                 def user_group_acl_ids_from_stack(self, perms=None, cache=False):
                     if not perms:
                         perms = AuthUser.user_group_read_perms
                     allowed_ids = []
                     for k, stack_data in self.permissions['user_groups'].perm_origin_stack.items():
                         perm, origin, obj_id = stack_data[-1]  # last item is the current permission
                         if perm in perms:
                             allowed_ids.append(obj_id)
                     return allowed_ids
                 def user_group_acl_ids(self, perms=None, name_filter=None, cache=False):
                     """
                     Returns list of user group ids that user have access to based on given
                     perms. The cache flag should be only used in cases that are used for
                     display purposes, NOT IN ANY CASE for permission checks.
                     """
                     from rhodecode.model.scm import UserGroupList
                     if not perms:
                         perms = AuthUser.user_group_read_perms
                     if not isinstance(perms, list):
                         raise ValueError('perms parameter must be a list got {} instead'.format(perms))
                     def _cached_user_group_acl(perm_def, _name_filter):
                         qry = UserGroup.query()
                         if _name_filter:
-                            ilike_expression = u'%{}%'.format(safe_unicode(_name_filter))
+                            ilike_expression = '%{}%'.format(_name_filter)
                             qry = qry.filter(
                                 UserGroup.users_group_name.ilike(ilike_expression))
                         return [x.users_group_id for x in
                                 UserGroupList(qry, perm_set=perm_def, extra_kwargs={'user': self})]
                     log.debug('Computing USER GROUP ACL IDS user %s', self)
                     cache_namespace_uid = 'cache_user_user_group_acl_ids.{}'.format(self.user_id)
                     region = rc_cache.get_or_create_region('cache_perms', cache_namespace_uid)
                     @region.conditional_cache_on_arguments(namespace=cache_namespace_uid, condition=cache)
                     def compute_user_group_acl_ids(cache_ver, user_id, perm_def, _name_filter):
                         return _cached_user_group_acl(perm_def, _name_filter)
                     start = time.time()
                     result = compute_user_group_acl_ids('v1', self.user_id, perms, name_filter)
                     total = time.time() - start
                     log.debug('USER GROUP ACL IDS for user %s computed in %.4fs', self, total)
                     return result
                 @property
                 def ip_allowed(self):
                     """
                     Checks if ip_addr used in constructor is allowed from defined list of
                     allowed ip_addresses for user
                     :returns: boolean, True if ip is in allowed ip range
                     """
                     # check IP
                     inherit = self.inherit_default_permissions
                     return AuthUser.check_ip_allowed(self.user_id, self.ip_addr,
                                                      inherit_from_default=inherit)
                 @property
                 def personal_repo_group(self):
                     return RepoGroup.get_user_personal_repo_group(self.user_id)
                 @LazyProperty
                 def feed_token(self):
                     return self.get_instance().feed_token
                 @LazyProperty
                 def artifact_token(self):
                     return self.get_instance().artifact_token
                 @classmethod
                 def check_ip_allowed(cls, user_id, ip_addr, inherit_from_default):
                     allowed_ips = AuthUser.get_allowed_ips(
                         user_id, cache=True, inherit_from_default=inherit_from_default)
                     if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips):
                         log.debug('IP:%s for user %s is in range of %s',
                                   ip_addr, user_id, allowed_ips)
                         return True
                     else:
                         log.info('Access for IP:%s forbidden for user %s, '
                                  'not in %s', ip_addr, user_id, allowed_ips,
                                  extra={"ip": ip_addr, "user_id": user_id})
                         return False
                 def get_branch_permissions(self, repo_name, perms=None):
                     perms = perms or self.permissions_with_scope({'repo_name': repo_name})
                     branch_perms = perms.get('repository_branches', {})
                     if not branch_perms:
                         return {}
                     repo_branch_perms = branch_perms.get(repo_name)
                     return repo_branch_perms or {}
                 def get_rule_and_branch_permission(self, repo_name, branch_name):
                     """
                     Check if this AuthUser has defined any permissions for branches. If any of
                     the rules match in order, we return the matching permissions
                     """
                     rule = default_perm = ''
                     repo_branch_perms = self.get_branch_permissions(repo_name=repo_name)
                     if not repo_branch_perms:
                         return rule, default_perm
                     # now calculate the permissions
                     for pattern, branch_perm in repo_branch_perms.items():
                         if fnmatch.fnmatch(branch_name, pattern):
                             rule = '`{}`=>{}'.format(pattern, branch_perm)
                             return rule, branch_perm
                     return rule, default_perm
                 def get_notice_messages(self):
                     notice_level = 'notice-error'
                     notice_messages = []
                     if self.is_default:
                         return [], notice_level
                     notices = UserNotice.query()\
                         .filter(UserNotice.user_id == self.user_id)\
                         .filter(UserNotice.notice_read == false())\
                         .all()
                     try:
                         for entry in notices:
                             msg = {
                                 'msg_id': entry.user_notice_id,
                                 'level': entry.notification_level,
                                 'subject': entry.notice_subject,
                                 'body': entry.notice_body,
                             }
                             notice_messages.append(msg)
                         log.debug('Got user %s %s messages', self, len(notice_messages))
                         levels = [x['level'] for x in notice_messages]
                         notice_level = 'notice-error' if 'error' in levels else 'notice-warning'
                     except Exception:
                         pass
                     return notice_messages, notice_level
                 def __repr__(self):
                     return self.repr_user(self.user_id, self.username, self.ip_addr, self.is_authenticated)
                 def set_authenticated(self, authenticated=True):
                     if self.user_id != self.anonymous_user.user_id:
                         self.is_authenticated = authenticated
                 def get_cookie_store(self):
                     return {
                         'username': self.username,
                         'password': md5(safe_bytes(self.password or '')),
                         'user_id': self.user_id,
                         'is_authenticated': self.is_authenticated
                     }
                 @classmethod
                 def repr_user(cls, user_id=0, username='ANONYMOUS', ip='0.0.0.0', is_authenticated=False):
                     tmpl = "<AuthUser('id:{}[{}] ip:{} auth:{}')>"
                     return tmpl.format(user_id, username, ip, is_authenticated)
                 @classmethod
                 def from_cookie_store(cls, cookie_store):
                     """
                     Creates AuthUser from a cookie store
                     :param cls:
                     :param cookie_store:
                     """
                     user_id = cookie_store.get('user_id')
                     username = cookie_store.get('username')
                     api_key = cookie_store.get('api_key')
                     return AuthUser(user_id, api_key, username)
                 @classmethod
                 def get_allowed_ips(cls, user_id, cache=False, inherit_from_default=False):
                     _set = set()
                     if inherit_from_default:
                         def_user_id = User.get_default_user(cache=True).user_id
                         default_ips = UserIpMap.query().filter(UserIpMap.user_id == def_user_id)
                         if cache:
                             default_ips = default_ips.options(
                                 FromCache("sql_cache_short", "get_user_ips_default"))
                         # populate from default user
                         for ip in default_ips:
                             try:
                                 _set.add(ip.ip_addr)
                             except ObjectDeletedError:
                                 # since we use heavy caching sometimes it happens that
                                 # we get deleted objects here, we just skip them
                                 pass
                     # NOTE:(marcink) we don't want to load any rules for empty
                     # user_id which is the case of access of non logged users when anonymous
                     # access is disabled
                     user_ips = []
                     if user_id:
                         user_ips = UserIpMap.query().filter(UserIpMap.user_id == user_id)
                         if cache:
                             user_ips = user_ips.options(
                                 FromCache("sql_cache_short", "get_user_ips_%s" % user_id))
                     for ip in user_ips:
                         try:
                             _set.add(ip.ip_addr)
                         except ObjectDeletedError:
                             # since we use heavy caching sometimes it happens that we get
                             # deleted objects here, we just skip them
                             pass
                     return _set or {ip for ip in ['0.0.0.0/0', '::/0']}
             def set_available_permissions(settings):
                 """
                 This function will propagate pyramid settings with all available defined
                 permission given in db. We don't want to check each time from db for new
                 permissions since adding a new permission also requires application restart
                 ie. to decorate new views with the newly created permission
                 :param settings: current pyramid registry.settings
                 """
                 log.debug('auth: getting information about all available permissions')
                 try:
                     sa = meta.Session
                     all_perms = sa.query(Permission).all()
                     settings.setdefault('available_permissions',
                                         [x.permission_name for x in all_perms])
                     log.debug('auth: set available permissions')
                 except Exception:
                     log.exception('Failed to fetch permissions from the database.')
                     raise
             def get_csrf_token(session, force_new=False, save_if_missing=True):
                 """
                 Return the current authentication token, creating one if one doesn't
                 already exist and the save_if_missing flag is present.
                 :param session: pass in the pyramid session, else we use the global ones
                 :param force_new: force to re-generate the token and store it in session
                 :param save_if_missing: save the newly generated token if it's missing in
                     session
                 """
                 # NOTE(marcink): probably should be replaced with below one from pyramid 1.9
                 # from pyramid.csrf import get_csrf_token
                 if (csrf_token_key not in session and save_if_missing) or force_new:
                     token = sha1(ascii_bytes(str(random.getrandbits(128))))
                     session[csrf_token_key] = token
                     if hasattr(session, 'save'):
                         session.save()
                 return session.get(csrf_token_key)
             def get_request(perm_class_instance):
                 from pyramid.threadlocal import get_current_request
                 pyramid_request = get_current_request()
                 return pyramid_request
             # CHECK DECORATORS
             class CSRFRequired(object):
                 """
                 Decorator for authenticating a form
                 This decorator uses an authorization token stored in the client's
                 session for prevention of certain Cross-site request forgery (CSRF)
                 attacks (See
                 http://en.wikipedia.org/wiki/Cross-site_request_forgery for more
                 information).
                 For use with the ``secure_form`` helper functions.
                 """
                 def __init__(self, token=csrf_token_key, header='X-CSRF-Token', except_methods=None):
                     self.token = token
                     self.header = header
                     self.except_methods = except_methods or []
                 def __call__(self, func):
                     return get_cython_compat_decorator(self.__wrapper, func)
                 def _get_csrf(self, _request):
                     return _request.POST.get(self.token, _request.headers.get(self.header))
                 def check_csrf(self, _request, cur_token):
                     supplied_token = self._get_csrf(_request)
                     return supplied_token and supplied_token == cur_token
                 def _get_request(self):
                     return get_request(self)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     request = self._get_request()
                     if request.method in self.except_methods:
                         return func(*fargs, **fkwargs)
                     cur_token = get_csrf_token(request.session, save_if_missing=False)
                     if self.check_csrf(request, cur_token):
                         if request.POST.get(self.token):
                             del request.POST[self.token]
                         return func(*fargs, **fkwargs)
                     else:
                         reason = 'token-missing'
                         supplied_token = self._get_csrf(request)
                         if supplied_token and cur_token != supplied_token:
                             reason = 'token-mismatch [%s:%s]' % (
                                 cur_token or ''[:6], supplied_token or ''[:6])
                         csrf_message = \
                             ("Cross-site request forgery detected, request denied. See "
                              "http://en.wikipedia.org/wiki/Cross-site_request_forgery for "
                              "more information.")
                     log.warn('Cross-site request forgery detected, request %r DENIED: %s '
                              'REMOTE_ADDR:%s, HEADERS:%s' % (
                                  request, reason, request.remote_addr, request.headers))
                     raise HTTPForbidden(explanation=csrf_message)
             class LoginRequired(object):
                 """
                 Must be logged in to execute this function else
                 redirect to login page
                 :param api_access: if enabled this checks only for valid auth token
                     and grants access based on valid token
                 """
                 def __init__(self, auth_token_access=None):
                     self.auth_token_access = auth_token_access
                     if self.auth_token_access:
                         valid_type = set(auth_token_access).intersection(set(UserApiKeys.ROLES))
                         if not valid_type:
                             raise ValueError('auth_token_access must be on of {}, got {}'.format(
                                 UserApiKeys.ROLES, auth_token_access))
                 def __call__(self, func):
                     return get_cython_compat_decorator(self.__wrapper, func)
                 def _get_request(self):
                     return get_request(self)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     from rhodecode.lib import helpers as h
                     cls = fargs[0]
                     user = cls._rhodecode_user
                     request = self._get_request()
                     _ = request.translate
                     loc = "%s:%s" % (cls.__class__.__name__, func.__name__)
                     log.debug('Starting login restriction checks for user: %s', user)
                     # check if our IP is allowed
                     ip_access_valid = True
                     if not user.ip_allowed:
                         h.flash(h.literal(_('IP {} not allowed'.format(user.ip_addr))),
                                 category='warning')
                         ip_access_valid = False
                     # we used stored token that is extract from GET or URL param (if any)
                     _auth_token = request.user_auth_token
                     # check if we used an AUTH_TOKEN and it's a valid one
                     # defined white-list of controllers which API access will be enabled
                     whitelist = None
                     if self.auth_token_access:
                         # since this location is allowed by @LoginRequired decorator it's our
                         # only whitelist
                         whitelist = [loc]
                     auth_token_access_valid = allowed_auth_token_access(
                         loc, whitelist=whitelist, auth_token=_auth_token)
                     # explicit controller is enabled or API is in our whitelist
                     if auth_token_access_valid:
                         log.debug('Checking AUTH TOKEN access for %s', cls)
                         db_user = user.get_instance()
                         if db_user:
                             if self.auth_token_access:
                                 roles = self.auth_token_access
                             else:
                                 roles = [UserApiKeys.ROLE_HTTP]
                             log.debug('AUTH TOKEN: checking auth for user %s and roles %s',
                                       db_user, roles)
                             token_match = db_user.authenticate_by_token(
                                 _auth_token, roles=roles)
                         else:
                             log.debug('Unable to fetch db instance for auth user: %s', user)
                             token_match = False
                         if _auth_token and token_match:
                             auth_token_access_valid = True
                             log.debug('AUTH TOKEN ****%s is VALID', _auth_token[-4:])
                         else:
                             auth_token_access_valid = False
                             if not _auth_token:
                                 log.debug("AUTH TOKEN *NOT* present in request")
                             else:
                                 log.warning("AUTH TOKEN ****%s *NOT* valid", _auth_token[-4:])
                     log.debug('Checking if %s is authenticated @ %s', user.username, loc)
                     reason = 'RHODECODE_AUTH' if user.is_authenticated \
                         else 'AUTH_TOKEN_AUTH'
                     if ip_access_valid and (
                             user.is_authenticated or auth_token_access_valid):
                         log.info('user %s authenticating with:%s IS authenticated on func %s',
                                  user, reason, loc)
                         return func(*fargs, **fkwargs)
                     else:
                         log.warning(
                             'user %s authenticating with:%s NOT authenticated on '
                             'func: %s: IP_ACCESS:%s AUTH_TOKEN_ACCESS:%s',
                             user, reason, loc, ip_access_valid, auth_token_access_valid)
                         # we preserve the get PARAM
                         came_from = get_came_from(request)
                         log.debug('redirecting to login page with %s', came_from)
                         raise HTTPFound(
                             h.route_path('login', _query={'came_from': came_from}))
             class NotAnonymous(object):
                 """
                 Must be logged in to execute this function else
                 redirect to login page
                 """
                 def __call__(self, func):
                     return get_cython_compat_decorator(self.__wrapper, func)
                 def _get_request(self):
                     return get_request(self)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     import rhodecode.lib.helpers as h
                     cls = fargs[0]
                     self.user = cls._rhodecode_user
                     request = self._get_request()
                     _ = request.translate
                     log.debug('Checking if user is not anonymous @%s', cls)
                     anonymous = self.user.username == User.DEFAULT_USER
                     if anonymous:
                         came_from = get_came_from(request)
                         h.flash(_('You need to be a registered user to '
                                   'perform this action'),
                                 category='warning')
                         raise HTTPFound(
                             h.route_path('login', _query={'came_from': came_from}))
                     else:
                         return func(*fargs, **fkwargs)
             class PermsDecorator(object):
                 """
                 Base class for controller decorators, we extract the current user from
                 the class itself, which has it stored in base controllers
                 """
                 def __init__(self, *required_perms):
                     self.required_perms = set(required_perms)
                 def __call__(self, func):
                     return get_cython_compat_decorator(self.__wrapper, func)
                 def _get_request(self):
                     return get_request(self)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     import rhodecode.lib.helpers as h
                     cls = fargs[0]
                     _user = cls._rhodecode_user
                     request = self._get_request()
                     _ = request.translate
                     log.debug('checking %s permissions %s for %s %s',
                               self.__class__.__name__, self.required_perms, cls, _user)
                     if self.check_permissions(_user):
                         log.debug('Permission granted for %s %s', cls, _user)
                         return func(*fargs, **fkwargs)
                     else:
                         log.debug('Permission denied for %s %s', cls, _user)
                         anonymous = _user.username == User.DEFAULT_USER
                         if anonymous:
                             came_from = get_came_from(self._get_request())
                             h.flash(_('You need to be signed in to view this page'),
                                     category='warning')
                             raise HTTPFound(
                                 h.route_path('login', _query={'came_from': came_from}))
                         else:
                             # redirect with 404 to prevent resource discovery
                             raise HTTPNotFound()
                 def check_permissions(self, user):
                     """Dummy function for overriding"""
                     raise NotImplementedError(
                         'You have to write this function in child class')
             class HasPermissionAllDecorator(PermsDecorator):
                 """
                 Checks for access permission for all given predicates. All of them
                 have to be meet in order to fulfill the request
                 """
                 def check_permissions(self, user):
                     perms = user.permissions_with_scope({})
                     if self.required_perms.issubset(perms['global']):
                         return True
                     return False
             class HasPermissionAnyDecorator(PermsDecorator):
                 """
                 Checks for access permission for any of given predicates. In order to
                 fulfill the request any of predicates must be meet
                 """
                 def check_permissions(self, user):
                     perms = user.permissions_with_scope({})
                     if self.required_perms.intersection(perms['global']):
                         return True
                     return False
             class HasRepoPermissionAllDecorator(PermsDecorator):
                 """
                 Checks for access permission for all given predicates for specific
                 repository. All of them have to be meet in order to fulfill the request
                 """
                 def _get_repo_name(self):
                     _request = self._get_request()
                     return get_repo_slug(_request)
                 def check_permissions(self, user):
                     perms = user.permissions
                     repo_name = self._get_repo_name()
                     try:
                         user_perms = {perms['repositories'][repo_name]}
                     except KeyError:
                         log.debug('cannot locate repo with name: `%s` in permissions defs',
                                   repo_name)
                         return False
                     log.debug('checking `%s` permissions for repo `%s`',
                               user_perms, repo_name)
                     if self.required_perms.issubset(user_perms):
                         return True
                     return False
             class HasRepoPermissionAnyDecorator(PermsDecorator):
                 """
                 Checks for access permission for any of given predicates for specific
                 repository. In order to fulfill the request any of predicates must be meet
                 """
                 def _get_repo_name(self):
                     _request = self._get_request()
                     return get_repo_slug(_request)
                 def check_permissions(self, user):
                     perms = user.permissions
                     repo_name = self._get_repo_name()
                     try:
                         user_perms = {perms['repositories'][repo_name]}
                     except KeyError:
                         log.debug(
                             'cannot locate repo with name: `%s` in permissions defs',
                             repo_name)
                         return False
                     log.debug('checking `%s` permissions for repo `%s`',
                               user_perms, repo_name)
                     if self.required_perms.intersection(user_perms):
                         return True
                     return False
             class HasRepoGroupPermissionAllDecorator(PermsDecorator):
                 """
                 Checks for access permission for all given predicates for specific
                 repository group. All of them have to be meet in order to
                 fulfill the request
                 """
                 def _get_repo_group_name(self):
                     _request = self._get_request()
                     return get_repo_group_slug(_request)
                 def check_permissions(self, user):
                     perms = user.permissions
                     group_name = self._get_repo_group_name()
                     try:
                         user_perms = {perms['repositories_groups'][group_name]}
                     except KeyError:
                         log.debug(
                             'cannot locate repo group with name: `%s` in permissions defs',
                             group_name)
                         return False
                     log.debug('checking `%s` permissions for repo group `%s`',
                               user_perms, group_name)
                     if self.required_perms.issubset(user_perms):
                         return True
                     return False
             class HasRepoGroupPermissionAnyDecorator(PermsDecorator):
                 """
                 Checks for access permission for any of given predicates for specific
                 repository group. In order to fulfill the request any
                 of predicates must be met
                 """
                 def _get_repo_group_name(self):
                     _request = self._get_request()
                     return get_repo_group_slug(_request)
                 def check_permissions(self, user):
                     perms = user.permissions
                     group_name = self._get_repo_group_name()
                     try:
                         user_perms = {perms['repositories_groups'][group_name]}
                     except KeyError:
                         log.debug(
                             'cannot locate repo group with name: `%s` in permissions defs',
                             group_name)
                         return False
                     log.debug('checking `%s` permissions for repo group `%s`',
                               user_perms, group_name)
                     if self.required_perms.intersection(user_perms):
                         return True
                     return False
             class HasUserGroupPermissionAllDecorator(PermsDecorator):
                 """
                 Checks for access permission for all given predicates for specific
                 user group. All of them have to be meet in order to fulfill the request
                 """
                 def _get_user_group_name(self):
                     _request = self._get_request()
                     return get_user_group_slug(_request)
                 def check_permissions(self, user):
                     perms = user.permissions
                     group_name = self._get_user_group_name()
                     try:
                         user_perms = {perms['user_groups'][group_name]}
                     except KeyError:
                         return False
                     if self.required_perms.issubset(user_perms):
                         return True
                     return False
             class HasUserGroupPermissionAnyDecorator(PermsDecorator):
                 """
                 Checks for access permission for any of given predicates for specific
                 user group. In order to fulfill the request any of predicates must be meet
                 """
                 def _get_user_group_name(self):
                     _request = self._get_request()
                     return get_user_group_slug(_request)
                 def check_permissions(self, user):
                     perms = user.permissions
                     group_name = self._get_user_group_name()
                     try:
                         user_perms = {perms['user_groups'][group_name]}
                     except KeyError:
                         return False
                     if self.required_perms.intersection(user_perms):
                         return True
                     return False
             # CHECK FUNCTIONS
             class PermsFunction(object):
                 """Base function for other check functions"""
                 def __init__(self, *perms):
                     self.required_perms = set(perms)
                     self.repo_name = None
                     self.repo_group_name = None
                     self.user_group_name = None
                 def __bool__(self):
                     import inspect
                     frame = inspect.currentframe()
                     stack_trace = traceback.format_stack(frame)
                     log.error('Checking bool value on a class instance of perm '
                               'function is not allowed: %s', ''.join(stack_trace))
                     # rather than throwing errors, here we always return False so if by
                     # accident someone checks truth for just an instance it will always end
                     # up in returning False
                     return False
                 __nonzero__ = __bool__
                 def __call__(self, check_location='', user=None):
                     if not user:
                         log.debug('Using user attribute from global request')
                         request = self._get_request()
                         user = request.user
                     # init auth user if not already given
                     if not isinstance(user, AuthUser):
                         log.debug('Wrapping user %s into AuthUser', user)
                         user = AuthUser(user.user_id)
                     cls_name = self.__class__.__name__
                     check_scope = self._get_check_scope(cls_name)
                     check_location = check_location or 'unspecified location'
                     log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
                               self.required_perms, user, check_scope, check_location)
                     if not user:
                         log.warning('Empty user given for permission check')
                         return False
                     if self.check_permissions(user):
                         log.debug('Permission to repo:`%s` GRANTED for user:`%s` @ %s',
                                   check_scope, user, check_location)
                         return True
                     else:
                         log.debug('Permission to repo:`%s` DENIED for user:`%s` @ %s',
                                   check_scope, user, check_location)
                         return False
                 def _get_request(self):
                     return get_request(self)
                 def _get_check_scope(self, cls_name):
                     return {
                         'HasPermissionAll':          'GLOBAL',
                         'HasPermissionAny':          'GLOBAL',
                         'HasRepoPermissionAll':      'repo:%s' % self.repo_name,
                         'HasRepoPermissionAny':      'repo:%s' % self.repo_name,
                         'HasRepoGroupPermissionAll': 'repo_group:%s' % self.repo_group_name,
                         'HasRepoGroupPermissionAny': 'repo_group:%s' % self.repo_group_name,
                         'HasUserGroupPermissionAll': 'user_group:%s' % self.user_group_name,
                         'HasUserGroupPermissionAny': 'user_group:%s' % self.user_group_name,
                     }.get(cls_name, '?:%s' % cls_name)
                 def check_permissions(self, user):
                     """Dummy function for overriding"""
                     raise Exception('You have to write this function in child class')
             class HasPermissionAll(PermsFunction):
                 def check_permissions(self, user):
                     perms = user.permissions_with_scope({})
                     if self.required_perms.issubset(perms.get('global')):
                         return True
                     return False
             class HasPermissionAny(PermsFunction):
                 def check_permissions(self, user):
                     perms = user.permissions_with_scope({})
                     if self.required_perms.intersection(perms.get('global')):
                         return True
                     return False
             class HasRepoPermissionAll(PermsFunction):
                 def __call__(self, repo_name=None, check_location='', user=None):
                     self.repo_name = repo_name
                     return super(HasRepoPermissionAll, self).__call__(check_location, user)
                 def _get_repo_name(self):
                     if not self.repo_name:
                         _request = self._get_request()
                         self.repo_name = get_repo_slug(_request)
                     return self.repo_name
                 def check_permissions(self, user):
                     self.repo_name = self._get_repo_name()
                     perms = user.permissions
                     try:
                         user_perms = {perms['repositories'][self.repo_name]}
                     except KeyError:
                         return False
                     if self.required_perms.issubset(user_perms):
                         return True
                     return False
             class HasRepoPermissionAny(PermsFunction):
                 def __call__(self, repo_name=None, check_location='', user=None):
                     self.repo_name = repo_name
                     return super(HasRepoPermissionAny, self).__call__(check_location, user)
                 def _get_repo_name(self):
                     if not self.repo_name:
                         _request = self._get_request()
                         self.repo_name = get_repo_slug(_request)
                     return self.repo_name
                 def check_permissions(self, user):
                     self.repo_name = self._get_repo_name()
                     perms = user.permissions
                     try:
                         user_perms = {perms['repositories'][self.repo_name]}
                     except KeyError:
                         return False
                     if self.required_perms.intersection(user_perms):
                         return True
                     return False
             class HasRepoGroupPermissionAny(PermsFunction):
                 def __call__(self, group_name=None, check_location='', user=None):
                     self.repo_group_name = group_name
                     return super(HasRepoGroupPermissionAny, self).__call__(check_location, user)
                 def check_permissions(self, user):
                     perms = user.permissions
                     try:
                         user_perms = {perms['repositories_groups'][self.repo_group_name]}
                     except KeyError:
                         return False
                     if self.required_perms.intersection(user_perms):
                         return True
                     return False
             class HasRepoGroupPermissionAll(PermsFunction):
                 def __call__(self, group_name=None, check_location='', user=None):
                     self.repo_group_name = group_name
                     return super(HasRepoGroupPermissionAll, self).__call__(check_location, user)
                 def check_permissions(self, user):
                     perms = user.permissions
                     try:
                         user_perms = {perms['repositories_groups'][self.repo_group_name]}
                     except KeyError:
                         return False
                     if self.required_perms.issubset(user_perms):
                         return True
                     return False
             class HasUserGroupPermissionAny(PermsFunction):
                 def __call__(self, user_group_name=None, check_location='', user=None):
                     self.user_group_name = user_group_name
                     return super(HasUserGroupPermissionAny, self).__call__(check_location, user)
                 def check_permissions(self, user):
                     perms = user.permissions
                     try:
                         user_perms = {perms['user_groups'][self.user_group_name]}
                     except KeyError:
                         return False
                     if self.required_perms.intersection(user_perms):
                         return True
                     return False
             class HasUserGroupPermissionAll(PermsFunction):
                 def __call__(self, user_group_name=None, check_location='', user=None):
                     self.user_group_name = user_group_name
                     return super(HasUserGroupPermissionAll, self).__call__(check_location, user)
                 def check_permissions(self, user):
                     perms = user.permissions
                     try:
                         user_perms = {perms['user_groups'][self.user_group_name]}
                     except KeyError:
                         return False
                     if self.required_perms.issubset(user_perms):
                         return True
                     return False
             # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
             class HasPermissionAnyMiddleware(object):
                 def __init__(self, *perms):
                     self.required_perms = set(perms)
                 def __call__(self, auth_user, repo_name):
-                    # repo_name MUST be unicode, since we handle keys in permission
+                    # # repo_name MUST be unicode, since we handle keys in permission
-                    # dict by unicode
+                    # # dict by unicode
-                    repo_name = safe_unicode(repo_name)
+                    #TODO: verify
+                    # repo_name = safe_unicode(repo_name)
                     log.debug(
                         'Checking VCS protocol permissions %s for user:%s repo:`%s`',
                         self.required_perms, auth_user, repo_name)
                     if self.check_permissions(auth_user, repo_name):
                         log.debug('Permission to repo:`%s` GRANTED for user:%s @ %s',
                                   repo_name, auth_user, 'PermissionMiddleware')
                         return True
                     else:
                         log.debug('Permission to repo:`%s` DENIED for user:%s @ %s',
                                   repo_name, auth_user, 'PermissionMiddleware')
                         return False
                 def check_permissions(self, user, repo_name):
                     perms = user.permissions_with_scope({'repo_name': repo_name})
                     try:
                         user_perms = {perms['repositories'][repo_name]}
                     except Exception:
                         log.exception('Error while accessing user permissions')
                         return False
                     if self.required_perms.intersection(user_perms):
                         return True
                     return False
             # SPECIAL VERSION TO HANDLE API AUTH
             class _BaseApiPerm(object):
                 def __init__(self, *perms):
                     self.required_perms = set(perms)
                 def __call__(self, check_location=None, user=None, repo_name=None,
                              group_name=None, user_group_name=None):
                     cls_name = self.__class__.__name__
                     check_scope = 'global:%s' % (self.required_perms,)
                     if repo_name:
                         check_scope += ', repo_name:%s' % (repo_name,)
                     if group_name:
                         check_scope += ', repo_group_name:%s' % (group_name,)
                     if user_group_name:
                         check_scope += ', user_group_name:%s' % (user_group_name,)
                     log.debug('checking cls:%s %s %s @ %s',
                               cls_name, self.required_perms, check_scope, check_location)
                     if not user:
                         log.debug('Empty User passed into arguments')
                         return False
                     # process user
                     if not isinstance(user, AuthUser):
                         user = AuthUser(user.user_id)
                     if not check_location:
                         check_location = 'unspecified'
                     if self.check_permissions(user.permissions, repo_name, group_name,
                                               user_group_name):
                         log.debug('Permission to repo:`%s` GRANTED for user:`%s` @ %s',
                                   check_scope, user, check_location)
                         return True
                     else:
                         log.debug('Permission to repo:`%s` DENIED for user:`%s` @ %s',
                                   check_scope, user, check_location)
                         return False
                 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
                                       user_group_name=None):
                     """
                     implement in child class should return True if permissions are ok,
                     False otherwise
                     :param perm_defs: dict with permission definitions
                     :param repo_name: repo name
                     """
                     raise NotImplementedError()
             class HasPermissionAllApi(_BaseApiPerm):
                 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
                                       user_group_name=None):
                     if self.required_perms.issubset(perm_defs.get('global')):
                         return True
                     return False
             class HasPermissionAnyApi(_BaseApiPerm):
                 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
                                       user_group_name=None):
                     if self.required_perms.intersection(perm_defs.get('global')):
                         return True
                     return False
             class HasRepoPermissionAllApi(_BaseApiPerm):
                 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
                                       user_group_name=None):
                     try:
                         _user_perms = {perm_defs['repositories'][repo_name]}
                     except KeyError:
                         log.warning(traceback.format_exc())
                         return False
                     if self.required_perms.issubset(_user_perms):
                         return True
                     return False
             class HasRepoPermissionAnyApi(_BaseApiPerm):
                 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
                                       user_group_name=None):
                     try:
                         _user_perms = {perm_defs['repositories'][repo_name]}
                     except KeyError:
                         log.warning(traceback.format_exc())
                         return False
                     if self.required_perms.intersection(_user_perms):
                         return True
                     return False
             class HasRepoGroupPermissionAnyApi(_BaseApiPerm):
                 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
                                       user_group_name=None):
                     try:
                         _user_perms = {perm_defs['repositories_groups'][group_name]}
                     except KeyError:
                         log.warning(traceback.format_exc())
                         return False
                     if self.required_perms.intersection(_user_perms):
                         return True
                     return False
             class HasRepoGroupPermissionAllApi(_BaseApiPerm):
                 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
                                       user_group_name=None):
                     try:
                         _user_perms = {perm_defs['repositories_groups'][group_name]}
                     except KeyError:
                         log.warning(traceback.format_exc())
                         return False
                     if self.required_perms.issubset(_user_perms):
                         return True
                     return False
             class HasUserGroupPermissionAnyApi(_BaseApiPerm):
                 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
                                       user_group_name=None):
                     try:
                         _user_perms = {perm_defs['user_groups'][user_group_name]}
                     except KeyError:
                         log.warning(traceback.format_exc())
                         return False
                     if self.required_perms.intersection(_user_perms):
                         return True
                     return False
             def check_ip_access(source_ip, allowed_ips=None):
                 """
                 Checks if source_ip is a subnet of any of allowed_ips.
                 :param source_ip:
                 :param allowed_ips: list of allowed ips together with mask
                 """
                 log.debug('checking if ip:%s is subnet of %s', source_ip, allowed_ips)
-                source_ip_address = ipaddress.ip_address(safe_unicode(source_ip))
+                source_ip_address = ipaddress.ip_address(source_ip)
                 if isinstance(allowed_ips, (tuple, list, set)):
                     for ip in allowed_ips:
-                        ip = safe_unicode(ip)
+                        #TODO: verify
+                        #ip = safe_unicode(ip)
                         try:
                             network_address = ipaddress.ip_network(ip, strict=False)
                             if source_ip_address in network_address:
                                 log.debug('IP %s is network %s', source_ip_address, network_address)
                                 return True
                             # for any case we cannot determine the IP, don't crash just
                             # skip it and log as error, we want to say forbidden still when
                             # sending bad IP
                         except Exception:
                             log.error(traceback.format_exc())
                             continue
                 return False
             def get_cython_compat_decorator(wrapper, func):
                 """
                 Creates a cython compatible decorator. The previously used
                 decorator.decorator() function seems to be incompatible with cython.
                 :param wrapper: __wrapper method of the decorator class
                 :param func: decorated function
                 """
                 @wraps(func)
                 def local_wrapper(*args, **kwds):
                     return wrapper(func, *args, **kwds)
                 local_wrapper.__wrapped__ = func
                 return local_wrapper

rhodecode/lib/base.py

0 +1 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             The base Controller API
             Provides the BaseController class for subclassing. And usage in different
             controllers
             """
             import logging
             import socket
             import markupsafe
             import ipaddress
             from paste.auth.basic import AuthBasicAuthenticator
             from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden, get_exception
             from paste.httpheaders import WWW_AUTHENTICATE, AUTHORIZATION
             import rhodecode
             from rhodecode.authentication.base import VCS_TYPE
             from rhodecode.lib import auth, utils2
             from rhodecode.lib import helpers as h
             from rhodecode.lib.auth import AuthUser, CookieStoreWrapper
             from rhodecode.lib.exceptions import UserCreationError
             from rhodecode.lib.utils import (password_changed, get_enabled_hook_classes)
             from rhodecode.lib.utils2 import (
                 str2bool, safe_unicode, AttributeDict, safe_int, sha1, aslist, safe_str)
             from rhodecode.model.db import Repository, User, ChangesetComment, UserBookmark
             from rhodecode.model.notification import NotificationModel
             from rhodecode.model.settings import VcsSettingsModel, SettingsModel
             log = logging.getLogger(__name__)
             def _filter_proxy(ip):
                 """
                 Passed in IP addresses in HEADERS can be in a special format of multiple
                 ips. Those comma separated IPs are passed from various proxies in the
                 chain of request processing. The left-most being the original client.
                 We only care about the first IP which came from the org. client.
                 :param ip: ip string from headers
                 """
                 if ',' in ip:
                     _ips = ip.split(',')
                     _first_ip = _ips[0].strip()
                     log.debug('Got multiple IPs %s, using %s', ','.join(_ips), _first_ip)
                     return _first_ip
                 return ip
             def _filter_port(ip):
                 """
                 Removes a port from ip, there are 4 main cases to handle here.
                 - ipv4 eg. 127.0.0.1
                 - ipv6 eg. ::1
                 - ipv4+port eg. 127.0.0.1:8080
                 - ipv6+port eg. [::1]:8080
                 :param ip:
                 """
                 def is_ipv6(ip_addr):
                     if hasattr(socket, 'inet_pton'):
                         try:
                             socket.inet_pton(socket.AF_INET6, ip_addr)
                         except socket.error:
                             return False
                     else:
                         # fallback to ipaddress
                         try:
-                            ipaddress.IPv6Address(safe_unicode(ip_addr))
+                            ipaddress.IPv6Address(safe_str(ip_addr))
                         except Exception:
                             return False
                     return True
                 if ':' not in ip:  # must be ipv4 pure ip
                     return ip
                 if '[' in ip and ']' in ip:  # ipv6 with port
                     return ip.split(']')[0][1:].lower()
                 # must be ipv6 or ipv4 with port
                 if is_ipv6(ip):
                     return ip
                 else:
                     ip, _port = ip.split(':')[:2]  # means ipv4+port
                     return ip
             def get_ip_addr(environ):
                 proxy_key = 'HTTP_X_REAL_IP'
                 proxy_key2 = 'HTTP_X_FORWARDED_FOR'
                 def_key = 'REMOTE_ADDR'
                 _filters = lambda x: _filter_port(_filter_proxy(x))
                 ip = environ.get(proxy_key)
                 if ip:
                     return _filters(ip)
                 ip = environ.get(proxy_key2)
                 if ip:
                     return _filters(ip)
                 ip = environ.get(def_key, '0.0.0.0')
                 return _filters(ip)
             def get_server_ip_addr(environ, log_errors=True):
                 hostname = environ.get('SERVER_NAME')
                 try:
                     return socket.gethostbyname(hostname)
                 except Exception as e:
                     if log_errors:
                         # in some cases this lookup is not possible, and we don't want to
                         # make it an exception in logs
                         log.exception('Could not retrieve server ip address: %s', e)
                     return hostname
             def get_server_port(environ):
                 return environ.get('SERVER_PORT')
             def get_access_path(environ):
                 path = environ.get('PATH_INFO')
                 org_req = environ.get('pylons.original_request')
                 if org_req:
                     path = org_req.environ.get('PATH_INFO')
                 return path
             def get_user_agent(environ):
                 return environ.get('HTTP_USER_AGENT')
             def vcs_operation_context(
                     environ, repo_name, username, action, scm, check_locking=True,
                     is_shadow_repo=False, check_branch_perms=False, detect_force_push=False):
                 """
                 Generate the context for a vcs operation, e.g. push or pull.
                 This context is passed over the layers so that hooks triggered by the
                 vcs operation know details like the user, the user's IP address etc.
                 :param check_locking: Allows to switch of the computation of the locking
                     data. This serves mainly the need of the simplevcs middleware to be
                     able to disable this for certain operations.
                 """
                 # Tri-state value: False: unlock, None: nothing, True: lock
                 make_lock = None
                 locked_by = [None, None, None]
                 is_anonymous = username == User.DEFAULT_USER
                 user = User.get_by_username(username)
                 if not is_anonymous and check_locking:
                     log.debug('Checking locking on repository "%s"', repo_name)
                     repo = Repository.get_by_repo_name(repo_name)
                     make_lock, __, locked_by = repo.get_locking_state(
                         action, user.user_id)
                 user_id = user.user_id
                 settings_model = VcsSettingsModel(repo=repo_name)
                 ui_settings = settings_model.get_ui_settings()
                 # NOTE(marcink): This should be also in sync with
                 # rhodecode/apps/ssh_support/lib/backends/base.py:update_environment scm_data
                 store = [x for x in ui_settings if x.key == '/']
                 repo_store = ''
                 if store:
                     repo_store = store[0].value
                 scm_data = {
                     'ip': get_ip_addr(environ),
                     'username': username,
                     'user_id': user_id,
                     'action': action,
                     'repository': repo_name,
                     'scm': scm,
                     'config': rhodecode.CONFIG['__file__'],
                     'repo_store': repo_store,
                     'make_lock': make_lock,
                     'locked_by': locked_by,
                     'server_url': utils2.get_server_url(environ),
                     'user_agent': get_user_agent(environ),
                     'hooks': get_enabled_hook_classes(ui_settings),
                     'is_shadow_repo': is_shadow_repo,
                     'detect_force_push': detect_force_push,
                     'check_branch_perms': check_branch_perms,
                 }
                 return scm_data
             class BasicAuth(AuthBasicAuthenticator):
                 def __init__(self, realm, authfunc, registry, auth_http_code=None,
                              initial_call_detection=False, acl_repo_name=None, rc_realm=''):
                     self.realm = realm
                     self.rc_realm = rc_realm
                     self.initial_call = initial_call_detection
                     self.authfunc = authfunc
                     self.registry = registry
                     self.acl_repo_name = acl_repo_name
                     self._rc_auth_http_code = auth_http_code
                 def _get_response_from_code(self, http_code):
                     try:
                         return get_exception(safe_int(http_code))
                     except Exception:
                         log.exception('Failed to fetch response for code %s', http_code)
                         return HTTPForbidden
                 def get_rc_realm(self):
                     return safe_str(self.rc_realm)
                 def build_authentication(self):
                     head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
                     if self._rc_auth_http_code and not self.initial_call:
                         # return alternative HTTP code if alternative http return code
                         # is specified in RhodeCode config, but ONLY if it's not the
                         # FIRST call
                         custom_response_klass = self._get_response_from_code(
                             self._rc_auth_http_code)
                         return custom_response_klass(headers=head)
                     return HTTPUnauthorized(headers=head)
                 def authenticate(self, environ):
                     authorization = AUTHORIZATION(environ)
                     if not authorization:
                         return self.build_authentication()
                     (authmeth, auth) = authorization.split(' ', 1)
                     if 'basic' != authmeth.lower():
                         return self.build_authentication()
                     auth = auth.strip().decode('base64')
                     _parts = auth.split(':', 1)
                     if len(_parts) == 2:
                         username, password = _parts
                         auth_data = self.authfunc(
                                 username, password, environ, VCS_TYPE,
                                 registry=self.registry, acl_repo_name=self.acl_repo_name)
                         if auth_data:
                             return {'username': username, 'auth_data': auth_data}
                         if username and password:
                             # we mark that we actually executed authentication once, at
                             # that point we can use the alternative auth code
                             self.initial_call = False
                     return self.build_authentication()
                 __call__ = authenticate
             def calculate_version_hash(config):
                 return sha1(
                     config.get('beaker.session.secret', '') +
                     rhodecode.__version__)[:8]
             def get_current_lang(request):
                 # NOTE(marcink): remove after pyramid move
                 try:
                     return translation.get_lang()[0]
                 except:
                     pass
                 return getattr(request, '_LOCALE_', request.locale_name)
             def attach_context_attributes(context, request, user_id=None, is_api=None):
                 """
                 Attach variables into template context called `c`.
                 """
                 config = request.registry.settings
                 rc_config = SettingsModel().get_all_settings(cache=True, from_request=False)
                 context.rc_config = rc_config
                 context.rhodecode_version = rhodecode.__version__
                 context.rhodecode_edition = config.get('rhodecode.edition')
                 context.rhodecode_edition_id = config.get('rhodecode.edition_id')
                 # unique secret + version does not leak the version but keep consistency
                 context.rhodecode_version_hash = calculate_version_hash(config)
                 # Default language set for the incoming request
                 context.language = get_current_lang(request)
                 # Visual options
                 context.visual = AttributeDict({})
                 # DB stored Visual Items
                 context.visual.show_public_icon = str2bool(
                     rc_config.get('rhodecode_show_public_icon'))
                 context.visual.show_private_icon = str2bool(
                     rc_config.get('rhodecode_show_private_icon'))
                 context.visual.stylify_metatags = str2bool(
                     rc_config.get('rhodecode_stylify_metatags'))
                 context.visual.dashboard_items = safe_int(
                     rc_config.get('rhodecode_dashboard_items', 100))
                 context.visual.admin_grid_items = safe_int(
                     rc_config.get('rhodecode_admin_grid_items', 100))
                 context.visual.show_revision_number = str2bool(
                     rc_config.get('rhodecode_show_revision_number', True))
                 context.visual.show_sha_length = safe_int(
                     rc_config.get('rhodecode_show_sha_length', 100))
                 context.visual.repository_fields = str2bool(
                     rc_config.get('rhodecode_repository_fields'))
                 context.visual.show_version = str2bool(
                     rc_config.get('rhodecode_show_version'))
                 context.visual.use_gravatar = str2bool(
                     rc_config.get('rhodecode_use_gravatar'))
                 context.visual.gravatar_url = rc_config.get('rhodecode_gravatar_url')
                 context.visual.default_renderer = rc_config.get(
                     'rhodecode_markup_renderer', 'rst')
                 context.visual.comment_types = ChangesetComment.COMMENT_TYPES
                 context.visual.rhodecode_support_url = \
                     rc_config.get('rhodecode_support_url') or h.route_url('rhodecode_support')
                 context.visual.affected_files_cut_off = 60
                 context.pre_code = rc_config.get('rhodecode_pre_code')
                 context.post_code = rc_config.get('rhodecode_post_code')
                 context.rhodecode_name = rc_config.get('rhodecode_title')
                 context.default_encodings = aslist(config.get('default_encoding'), sep=',')
                 # if we have specified default_encoding in the request, it has more
                 # priority
                 if request.GET.get('default_encoding'):
                     context.default_encodings.insert(0, request.GET.get('default_encoding'))
                 context.clone_uri_tmpl = rc_config.get('rhodecode_clone_uri_tmpl')
                 context.clone_uri_id_tmpl = rc_config.get('rhodecode_clone_uri_id_tmpl')
                 context.clone_uri_ssh_tmpl = rc_config.get('rhodecode_clone_uri_ssh_tmpl')
                 # INI stored
                 context.labs_active = str2bool(
                     config.get('labs_settings_active', 'false'))
                 context.ssh_enabled = str2bool(
                     config.get('ssh.generate_authorized_keyfile', 'false'))
                 context.ssh_key_generator_enabled = str2bool(
                     config.get('ssh.enable_ui_key_generator', 'true'))
                 context.visual.allow_repo_location_change = str2bool(
                     config.get('allow_repo_location_change', True))
                 context.visual.allow_custom_hooks_settings = str2bool(
                     config.get('allow_custom_hooks_settings', True))
                 context.debug_style = str2bool(config.get('debug_style', False))
                 context.rhodecode_instanceid = config.get('instance_id')
                 context.visual.cut_off_limit_diff = safe_int(
                     config.get('cut_off_limit_diff'))
                 context.visual.cut_off_limit_file = safe_int(
                     config.get('cut_off_limit_file'))
                 context.license = AttributeDict({})
                 context.license.hide_license_info = str2bool(
                     config.get('license.hide_license_info', False))
                 # AppEnlight
                 context.appenlight_enabled = config.get('appenlight', False)
                 context.appenlight_api_public_key = config.get(
                     'appenlight.api_public_key', '')
                 context.appenlight_server_url = config.get('appenlight.server_url', '')
                 diffmode = {
                     "unified": "unified",
                     "sideside": "sideside"
                 }.get(request.GET.get('diffmode'))
                 if is_api is not None:
                     is_api = hasattr(request, 'rpc_user')
                 session_attrs = {
                     # defaults
                     "clone_url_format": "http",
                     "diffmode": "sideside",
                     "license_fingerprint": request.session.get('license_fingerprint')
                 }
                 if not is_api:
                     # don't access pyramid session for API calls
                     if diffmode and diffmode != request.session.get('rc_user_session_attr.diffmode'):
                         request.session['rc_user_session_attr.diffmode'] = diffmode
                     # session settings per user
                     for k, v in request.session.items():
                         pref = 'rc_user_session_attr.'
                         if k and k.startswith(pref):
                             k = k[len(pref):]
                             session_attrs[k] = v
                 context.user_session_attrs = session_attrs
                 # JS template context
                 context.template_context = {
                     'repo_name': None,
                     'repo_type': None,
                     'repo_landing_commit': None,
                     'rhodecode_user': {
                         'username': None,
                         'email': None,
                         'notification_status': False
                     },
                     'session_attrs': session_attrs,
                     'visual': {
                         'default_renderer': None
                     },
                     'commit_data': {
                         'commit_id': None
                     },
                     'pull_request_data': {'pull_request_id': None},
                     'timeago': {
                         'refresh_time': 120 * 1000,
                         'cutoff_limit': 1000 * 60 * 60 * 24 * 7
                     },
                     'pyramid_dispatch': {
                     },
                     'extra': {'plugins': {}}
                 }
                 # END CONFIG VARS
                 if is_api:
                     csrf_token = None
                 else:
                     csrf_token = auth.get_csrf_token(session=request.session)
                 context.csrf_token = csrf_token
                 context.backends = rhodecode.BACKENDS.keys()
                 unread_count = 0
                 user_bookmark_list = []
                 if user_id:
                     unread_count = NotificationModel().get_unread_cnt_for_user(user_id)
                     user_bookmark_list = UserBookmark.get_bookmarks_for_user(user_id)
                 context.unread_notifications = unread_count
                 context.bookmark_items = user_bookmark_list
                 # web case
                 if hasattr(request, 'user'):
                     context.auth_user = request.user
                     context.rhodecode_user = request.user
                 # api case
                 if hasattr(request, 'rpc_user'):
                     context.auth_user = request.rpc_user
                     context.rhodecode_user = request.rpc_user
                 # attach the whole call context to the request
                 request.set_call_context(context)
             def get_auth_user(request):
                 environ = request.environ
                 session = request.session
                 ip_addr = get_ip_addr(environ)
                 # make sure that we update permissions each time we call controller
                 _auth_token = (
                         # ?auth_token=XXX
                         request.GET.get('auth_token', '')
                         # ?api_key=XXX !LEGACY
                         or request.GET.get('api_key', '')
                         # or headers....
                         or request.headers.get('X-Rc-Auth-Token', '')
                 )
                 if not _auth_token and request.matchdict:
                     url_auth_token = request.matchdict.get('_auth_token')
                     _auth_token = url_auth_token
                     if _auth_token:
                         log.debug('Using URL extracted auth token `...%s`', _auth_token[-4:])
                 if _auth_token:
                     # when using API_KEY we assume user exists, and
                     # doesn't need auth based on cookies.
                     auth_user = AuthUser(api_key=_auth_token, ip_addr=ip_addr)
                     authenticated = False
                 else:
                     cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
                     try:
                         auth_user = AuthUser(user_id=cookie_store.get('user_id', None),
                                              ip_addr=ip_addr)
                     except UserCreationError as e:
                         h.flash(e, 'error')
                         # container auth or other auth functions that create users
                         # on the fly can throw this exception signaling that there's
                         # issue with user creation, explanation should be provided
                         # in Exception itself. We then create a simple blank
                         # AuthUser
                         auth_user = AuthUser(ip_addr=ip_addr)
                     # in case someone changes a password for user it triggers session
                     # flush and forces a re-login
                     if password_changed(auth_user, session):
                         session.invalidate()
                         cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
                         auth_user = AuthUser(ip_addr=ip_addr)
                     authenticated = cookie_store.get('is_authenticated')
                 if not auth_user.is_authenticated and auth_user.is_user_object:
                     # user is not authenticated and not empty
                     auth_user.set_authenticated(authenticated)
                 return auth_user, _auth_token
             def h_filter(s):
                 """
                 Custom filter for Mako templates. Mako by standard uses `markupsafe.escape`
                 we wrap this with additional functionality that converts None to empty
                 strings
                 """
                 if s is None:
                     return markupsafe.Markup()
                 return markupsafe.escape(s)
             def add_events_routes(config):
                 """
                 Adds routing that can be used in events. Because some events are triggered
                 outside of pyramid context, we need to bootstrap request with some
                 routing registered
                 """
                 from rhodecode.apps._base import ADMIN_PREFIX
                 config.add_route(name='home', pattern='/')
                 config.add_route(name='main_page_repos_data', pattern='/_home_repos')
                 config.add_route(name='main_page_repo_groups_data', pattern='/_home_repo_groups')
                 config.add_route(name='login', pattern=ADMIN_PREFIX + '/login')
                 config.add_route(name='logout', pattern=ADMIN_PREFIX + '/logout')
                 config.add_route(name='repo_summary', pattern='/{repo_name}')
                 config.add_route(name='repo_summary_explicit', pattern='/{repo_name}/summary')
                 config.add_route(name='repo_group_home', pattern='/{repo_group_name}')
                 config.add_route(name='pullrequest_show',
                                  pattern='/{repo_name}/pull-request/{pull_request_id}')
                 config.add_route(name='pull_requests_global',
                                  pattern='/pull-request/{pull_request_id}')
                 config.add_route(name='repo_commit',
                                  pattern='/{repo_name}/changeset/{commit_id}')
                 config.add_route(name='repo_files',
                                  pattern='/{repo_name}/files/{commit_id}/{f_path}')
                 config.add_route(name='hovercard_user',
                                  pattern='/_hovercard/user/{user_id}')
                 config.add_route(name='hovercard_user_group',
                                  pattern='/_hovercard/user_group/{user_group_id}')
                 config.add_route(name='hovercard_pull_request',
                                  pattern='/_hovercard/pull_request/{pull_request_id}')
                 config.add_route(name='hovercard_repo_commit',
                                  pattern='/_hovercard/commit/{repo_name}/{commit_id}')
             def bootstrap_config(request, registry_name='RcTestRegistry'):
                 import pyramid.testing
                 registry = pyramid.testing.Registry(registry_name)
                 config = pyramid.testing.setUp(registry=registry, request=request)
                 # allow pyramid lookup in testing
                 config.include('pyramid_mako')
                 config.include('rhodecode.lib.rc_beaker')
                 config.include('rhodecode.lib.rc_cache')
                 add_events_routes(config)
                 return config
             def bootstrap_request(**kwargs):
                 """
                 Returns a thin version of Request Object that is used in non-web context like testing/celery
                 """
                 import pyramid.testing
                 from rhodecode.lib.request import ThinRequest as _ThinRequest
                 class ThinRequest(_ThinRequest):
                     application_url = kwargs.pop('application_url', 'http://example.com')
                     host = kwargs.pop('host', 'example.com:80')
                     domain = kwargs.pop('domain', 'example.com')
                 class ThinSession(pyramid.testing.DummySession):
                     def save(*arg, **kw):
                         pass
                 request = ThinRequest(**kwargs)
                 request.session = ThinSession()
                 return request

rhodecode/lib/helpers.py

0 +3 -3

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Helper functions
             Consists of functions to typically be used within templates, but also
             available to Controllers. This module is available to both as 'h'.
             """
             import base64
             import collections
             import os
             import random
             import hashlib
             from io import StringIO
             import textwrap
             import urllib.request, urllib.parse, urllib.error
             import math
             import logging
             import re
             import time
             import string
             import hashlib
             import regex
             from collections import OrderedDict
             import pygments
             import itertools
             import fnmatch
             import bleach
             from datetime import datetime
             from functools import partial
             from pygments.formatters.html import HtmlFormatter
             from pygments.lexers import (
                 get_lexer_by_name, get_lexer_for_filename, get_lexer_for_mimetype)
             from pyramid.threadlocal import get_current_request
             from tempita import looper
             from webhelpers2.html import literal, HTML, escape
             from webhelpers2.html._autolink import _auto_link_urls
             from webhelpers2.html.tools import (
                 button_to, highlight, js_obfuscate, strip_links, strip_tags)
             from webhelpers2.text import (
                 chop_at, collapse, convert_accented_entities,
                 convert_misc_entities, lchop, plural, rchop, remove_formatting,
                 replace_whitespace, urlify, truncate, wrap_paragraphs)
             from webhelpers2.date import time_ago_in_words
             from webhelpers2.html.tags import (
                 _input, NotGiven, _make_safe_id_component as safeid,
                 form as insecure_form,
                 auto_discovery_link, checkbox, end_form, file,
                 hidden, image, javascript_link, link_to, link_to_if, link_to_unless, ol,
                 select as raw_select, stylesheet_link, submit, text, password, textarea,
                 ul, radio, Options)
             from webhelpers2.number import format_byte_size
             from rhodecode.lib.action_parser import action_parser
             from rhodecode.lib.pagination import Page, RepoPage, SqlPage
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.utils import repo_name_slug, get_custom_lexer
             from rhodecode.lib.utils2 import (
                 str2bool, safe_unicode, safe_str,
                 get_commit_safe, datetime_to_time, time_to_datetime, time_to_utcdatetime,
                 AttributeDict, safe_int, md5, md5_safe, get_host_info)
             from rhodecode.lib.markup_renderer import MarkupRenderer, relative_links
             from rhodecode.lib.vcs.exceptions import CommitDoesNotExistError
             from rhodecode.lib.vcs.backends.base import BaseChangeset, EmptyCommit
             from rhodecode.lib.vcs.conf.settings import ARCHIVE_SPECS
             from rhodecode.lib.index.search_utils import get_matching_line_offsets
             from rhodecode.config.conf import DATE_FORMAT, DATETIME_FORMAT
             from rhodecode.model.changeset_status import ChangesetStatusModel
             from rhodecode.model.db import Permission, User, Repository, UserApiKeys, FileStore
             from rhodecode.model.repo_group import RepoGroupModel
             from rhodecode.model.settings import IssueTrackerSettingsModel
             log = logging.getLogger(__name__)
             DEFAULT_USER = User.DEFAULT_USER
             DEFAULT_USER_EMAIL = User.DEFAULT_USER_EMAIL
             def asset(path, ver=None, **kwargs):
                 """
                 Helper to generate a static asset file path for rhodecode assets
                 eg. h.asset('images/image.png', ver='3923')
                 :param path: path of asset
                 :param ver: optional version query param to append as ?ver=
                 """
                 request = get_current_request()
                 query = {}
                 query.update(kwargs)
                 if ver:
                     query = {'ver': ver}
                 return request.static_path(
                     'rhodecode:public/{}'.format(path), _query=query)
             default_html_escape_table = {
                 ord('&'): u'&amp;',
                 ord('<'): u'&lt;',
                 ord('>'): u'&gt;',
                 ord('"'): u'&quot;',
                 ord("'"): u'&#39;',
             }
             def html_escape(text, html_escape_table=default_html_escape_table):
                 """Produce entities within text."""
                 return text.translate(html_escape_table)
             def chop_at_smart(s, sub, inclusive=False, suffix_if_chopped=None):
                 """
                 Truncate string ``s`` at the first occurrence of ``sub``.
                 If ``inclusive`` is true, truncate just after ``sub`` rather than at it.
                 """
                 suffix_if_chopped = suffix_if_chopped or ''
                 pos = s.find(sub)
                 if pos == -1:
                     return s
                 if inclusive:
                     pos += len(sub)
                 chopped = s[:pos]
                 left = s[pos:].strip()
                 if left and suffix_if_chopped:
                     chopped += suffix_if_chopped
                 return chopped
             def shorter(text, size=20, prefix=False):
                 postfix = '...'
                 if len(text) > size:
                     if prefix:
                         # shorten in front
                         return postfix + text[-(size - len(postfix)):]
                     else:
                         return text[:size - len(postfix)] + postfix
                 return text
             def reset(name, value=None, id=NotGiven, type="reset", **attrs):
                 """
                 Reset button
                 """
                 return _input(type, name, value, id, attrs)
             def select(name, selected_values, options, id=NotGiven, **attrs):
                 if isinstance(options, (list, tuple)):
                     options_iter = options
                     # Handle old value,label lists ... where value also can be value,label lists
                     options = Options()
                     for opt in options_iter:
                         if isinstance(opt, tuple) and len(opt) == 2:
                             value, label = opt
                         elif isinstance(opt, str):
                             value = label = opt
                         else:
                             raise ValueError('invalid select option type %r' % type(opt))
                         if isinstance(value, (list, tuple)):
                             option_group = options.add_optgroup(label)
                             for opt2 in value:
                                 if isinstance(opt2, tuple) and len(opt2) == 2:
                                     group_value, group_label = opt2
                                 elif isinstance(opt2, str):
                                     group_value = group_label = opt2
                                 else:
                                     raise ValueError('invalid select option type %r' % type(opt2))
                                 option_group.add_option(group_label, group_value)
                         else:
                             options.add_option(label, value)
                 return raw_select(name, selected_values, options, id=id, **attrs)
             def branding(name, length=40):
                 return truncate(name, length, indicator="")
             def FID(raw_id, path):
                 """
                 Creates a unique ID for filenode based on it's hash of path and commit
                 it's safe to use in urls
                 :param raw_id:
                 :param path:
                 """
                 return 'c-%s-%s' % (short_id(raw_id), md5_safe(path)[:12])
             class _GetError(object):
                 """Get error from form_errors, and represent it as span wrapped error
                 message
                 :param field_name: field to fetch errors for
                 :param form_errors: form errors dict
                 """
                 def __call__(self, field_name, form_errors):
                     tmpl = """<span class="error_msg">%s</span>"""
                     if form_errors and field_name in form_errors:
                         return literal(tmpl % form_errors.get(field_name))
             get_error = _GetError()
             class _ToolTip(object):
                 def __call__(self, tooltip_title, trim_at=50):
                     """
                     Special function just to wrap our text into nice formatted
                     autowrapped text
                     :param tooltip_title:
                     """
                     tooltip_title = escape(tooltip_title)
                     tooltip_title = tooltip_title.replace('<', '&lt;').replace('>', '&gt;')
                     return tooltip_title
             tooltip = _ToolTip()
             files_icon = u'<i class="file-breadcrumb-copy tooltip icon-clipboard clipboard-action" data-clipboard-text="{}" title="Copy file path"></i>'
             def files_breadcrumbs(repo_name, repo_type, commit_id, file_path, landing_ref_name=None, at_ref=None,
                                   limit_items=False, linkify_last_item=False, hide_last_item=False,
                                   copy_path_icon=True):
                 if isinstance(file_path, str):
                     file_path = safe_unicode(file_path)
                 if at_ref:
                     route_qry = {'at': at_ref}
                     default_landing_ref = at_ref or landing_ref_name or commit_id
                 else:
                     route_qry = None
                     default_landing_ref = commit_id
                 # first segment is a `HOME` link to repo files root location
                 root_name = literal(u'<i class="icon-home"></i>')
                 url_segments = [
                     link_to(
                         root_name,
                         repo_files_by_ref_url(
                             repo_name,
                             repo_type,
                             f_path=None,  # None here is a special case for SVN repos,
                                           # that won't prefix with a ref
                             ref_name=default_landing_ref,
                             commit_id=commit_id,
                             query=route_qry
                         )
                     )]
                 path_segments = file_path.split('/')
                 last_cnt = len(path_segments) - 1
                 for cnt, segment in enumerate(path_segments):
                     if not segment:
                         continue
                     segment_html = escape(segment)
                     last_item = cnt == last_cnt
                     if last_item and hide_last_item:
                         # iterate over and hide last element
                         continue
                     if last_item and linkify_last_item is False:
                         # plain version
                         url_segments.append(segment_html)
                     else:
                         url_segments.append(
                             link_to(
                                 segment_html,
                                 repo_files_by_ref_url(
                                     repo_name,
                                     repo_type,
                                     f_path='/'.join(path_segments[:cnt + 1]),
                                     ref_name=default_landing_ref,
                                     commit_id=commit_id,
                                     query=route_qry
                                 ),
                             ))
                 limited_url_segments = url_segments[:1] + ['...'] + url_segments[-5:]
                 if limit_items and len(limited_url_segments) < len(url_segments):
                     url_segments = limited_url_segments
                 full_path = file_path
                 if copy_path_icon:
                     icon = files_icon.format(escape(full_path))
                 else:
                     icon = ''
                 if file_path == '':
                     return root_name
                 else:
                     return literal(' / '.join(url_segments) + icon)
             def files_url_data(request):
                 import urllib.request, urllib.parse, urllib.error
                 matchdict = request.matchdict
                 if 'f_path' not in matchdict:
                     matchdict['f_path'] = ''
                 else:
                     matchdict['f_path'] = urllib.parse.quote(safe_str(matchdict['f_path']))
                 if 'commit_id' not in matchdict:
                     matchdict['commit_id'] = 'tip'
                 return json.dumps(matchdict)
             def repo_files_by_ref_url(db_repo_name, db_repo_type, f_path, ref_name, commit_id, query=None, ):
                 _is_svn = is_svn(db_repo_type)
                 final_f_path = f_path
                 if _is_svn:
                     """
                     For SVN the ref_name cannot be used as a commit_id, it needs to be prefixed with
                     actually commit_id followed by the ref_name. This should be done only in case
                     This is a initial landing url, without additional paths.
                     like: /1000/tags/1.0.0/?at=tags/1.0.0
                     """
                     if ref_name and ref_name != 'tip':
                         # NOTE(marcink): for svn the ref_name is actually the stored path, so we prefix it
                         # for SVN we only do this magic prefix if it's root, .eg landing revision
                         # of files link. If we are in the tree we don't need this since we traverse the url
                         # that has everything stored
                         if f_path in ['', '/']:
                             final_f_path = '/'.join([ref_name, f_path])
                     # SVN always needs a commit_id explicitly, without a named REF
                     default_commit_id = commit_id
                 else:
                     """
                     For git and mercurial we construct a new URL using the names instead of commit_id
                     like: /master/some_path?at=master
                     """
                     # We currently do not support branches with slashes
                     if '/' in ref_name:
                         default_commit_id = commit_id
                     else:
                         default_commit_id = ref_name
                 # sometimes we pass f_path as None, to indicate explicit no prefix,
                 # we translate it to string to not have None
                 final_f_path = final_f_path or ''
                 files_url = route_path(
                     'repo_files',
                     repo_name=db_repo_name,
                     commit_id=default_commit_id,
                     f_path=final_f_path,
                     _query=query
                 )
                 return files_url
             def code_highlight(code, lexer, formatter, use_hl_filter=False):
                 """
                 Lex ``code`` with ``lexer`` and format it with the formatter ``formatter``.
                 If ``outfile`` is given and a valid file object (an object
                 with a ``write`` method), the result will be written to it, otherwise
                 it is returned as a string.
                 """
                 if use_hl_filter:
                     # add HL filter
                     from rhodecode.lib.index import search_utils
                     lexer.add_filter(search_utils.ElasticSearchHLFilter())
                 return pygments.format(pygments.lex(code, lexer), formatter)
             class CodeHtmlFormatter(HtmlFormatter):
                 """
                 My code Html Formatter for source codes
                 """
                 def wrap(self, source, outfile):
                     return self._wrap_div(self._wrap_pre(self._wrap_code(source)))
                 def _wrap_code(self, source):
                     for cnt, it in enumerate(source):
                         i, t = it
                         t = '<div id="L%s">%s</div>' % (cnt + 1, t)
                         yield i, t
                 def _wrap_tablelinenos(self, inner):
                     dummyoutfile = StringIO.StringIO()
                     lncount = 0
                     for t, line in inner:
                         if t:
                             lncount += 1
                         dummyoutfile.write(line)
                     fl = self.linenostart
                     mw = len(str(lncount + fl - 1))
                     sp = self.linenospecial
                     st = self.linenostep
                     la = self.lineanchors
                     aln = self.anchorlinenos
                     nocls = self.noclasses
                     if sp:
                         lines = []
                         for i in range(fl, fl + lncount):
                             if i % st == 0:
                                 if i % sp == 0:
                                     if aln:
                                         lines.append('<a href="#%s%d" class="special">%*d</a>' %
                                                      (la, i, mw, i))
                                     else:
                                         lines.append('<span class="special">%*d</span>' % (mw, i))
                                 else:
                                     if aln:
                                         lines.append('<a href="#%s%d">%*d</a>' % (la, i, mw, i))
                                     else:
                                         lines.append('%*d' % (mw, i))
                             else:
                                 lines.append('')
                         ls = '\n'.join(lines)
                     else:
                         lines = []
                         for i in range(fl, fl + lncount):
                             if i % st == 0:
                                 if aln:
                                     lines.append('<a href="#%s%d">%*d</a>' % (la, i, mw, i))
                                 else:
                                     lines.append('%*d' % (mw, i))
                             else:
                                 lines.append('')
                         ls = '\n'.join(lines)
                     # in case you wonder about the seemingly redundant <div> here: since the
                     # content in the other cell also is wrapped in a div, some browsers in
                     # some configurations seem to mess up the formatting...
                     if nocls:
                         yield 0, ('<table class="%stable">' % self.cssclass +
                                   '<tr><td><div class="linenodiv" '
                                   'style="background-color: #f0f0f0; padding-right: 10px">'
                                   '<pre style="line-height: 125%">' +
                                   ls + '</pre></div></td><td id="hlcode" class="code">')
                     else:
                         yield 0, ('<table class="%stable">' % self.cssclass +
                                   '<tr><td class="linenos"><div class="linenodiv"><pre>' +
                                   ls + '</pre></div></td><td id="hlcode" class="code">')
                     yield 0, dummyoutfile.getvalue()
                     yield 0, '</td></tr></table>'
             class SearchContentCodeHtmlFormatter(CodeHtmlFormatter):
                 def __init__(self, **kw):
                     # only show these line numbers if set
                     self.only_lines = kw.pop('only_line_numbers', [])
                     self.query_terms = kw.pop('query_terms', [])
                     self.max_lines = kw.pop('max_lines', 5)
                     self.line_context = kw.pop('line_context', 3)
                     self.url = kw.pop('url', None)
                     super(CodeHtmlFormatter, self).__init__(**kw)
                 def _wrap_code(self, source):
                     for cnt, it in enumerate(source):
                         i, t = it
                         t = '<pre>%s</pre>' % t
                         yield i, t
                 def _wrap_tablelinenos(self, inner):
                     yield 0, '<table class="code-highlight %stable">' % self.cssclass
                     last_shown_line_number = 0
                     current_line_number = 1
                     for t, line in inner:
                         if not t:
                             yield t, line
                             continue
                         if current_line_number in self.only_lines:
                             if last_shown_line_number + 1 != current_line_number:
                                 yield 0, '<tr>'
                                 yield 0, '<td class="line">...</td>'
                                 yield 0, '<td id="hlcode" class="code"></td>'
                                 yield 0, '</tr>'
                             yield 0, '<tr>'
                             if self.url:
                                 yield 0, '<td class="line"><a href="%s#L%i">%i</a></td>' % (
                                     self.url, current_line_number, current_line_number)
                             else:
                                 yield 0, '<td class="line"><a href="">%i</a></td>' % (
                                     current_line_number)
                             yield 0, '<td id="hlcode" class="code">' + line + '</td>'
                             yield 0, '</tr>'
                             last_shown_line_number = current_line_number
                         current_line_number += 1
                     yield 0, '</table>'
             def hsv_to_rgb(h, s, v):
                 """ Convert hsv color values to rgb """
                 if s == 0.0:
                     return v, v, v
                 i = int(h * 6.0)  # XXX assume int() truncates!
                 f = (h * 6.0) - i
                 p = v * (1.0 - s)
                 q = v * (1.0 - s * f)
                 t = v * (1.0 - s * (1.0 - f))
                 i = i % 6
                 if i == 0:
                     return v, t, p
                 if i == 1:
                     return q, v, p
                 if i == 2:
                     return p, v, t
                 if i == 3:
                     return p, q, v
                 if i == 4:
                     return t, p, v
                 if i == 5:
                     return v, p, q
             def unique_color_generator(n=10000, saturation=0.10, lightness=0.95):
                 """
                 Generator for getting n of evenly distributed colors using
                 hsv color and golden ratio. It always return same order of colors
                 :param n: number of colors to generate
                 :param saturation: saturation of returned colors
                 :param lightness: lightness of returned colors
                 :returns: RGB tuple
                 """
                 golden_ratio = 0.618033988749895
                 h = 0.22717784590367374
                 for _ in range(n):
                     h += golden_ratio
                     h %= 1
                     HSV_tuple = [h, saturation, lightness]
                     RGB_tuple = hsv_to_rgb(*HSV_tuple)
                     yield map(lambda x: str(int(x * 256)), RGB_tuple)
             def color_hasher(n=10000, saturation=0.10, lightness=0.95):
                 """
                 Returns a function which when called with an argument returns a unique
                 color for that argument, eg.
                 :param n: number of colors to generate
                 :param saturation: saturation of returned colors
                 :param lightness: lightness of returned colors
                 :returns: css RGB string
                 >>> color_hash = color_hasher()
                 >>> color_hash('hello')
                 'rgb(34, 12, 59)'
                 >>> color_hash('hello')
                 'rgb(34, 12, 59)'
                 >>> color_hash('other')
                 'rgb(90, 224, 159)'
                 """
                 color_dict = {}
                 cgenerator = unique_color_generator(
                     saturation=saturation, lightness=lightness)
                 def get_color_string(thing):
                     if thing in color_dict:
                         col = color_dict[thing]
                     else:
                         col = color_dict[thing] = next(cgenerator)
                     return "rgb(%s)" % (', '.join(col))
                 return get_color_string
             def get_lexer_safe(mimetype=None, filepath=None):
                 """
                 Tries to return a relevant pygments lexer using mimetype/filepath name,
                 defaulting to plain text if none could be found
                 """
                 lexer = None
                 try:
                     if mimetype:
                         lexer = get_lexer_for_mimetype(mimetype)
                     if not lexer:
                         lexer = get_lexer_for_filename(filepath)
                 except pygments.util.ClassNotFound:
                     pass
                 if not lexer:
                     lexer = get_lexer_by_name('text')
                 return lexer
             def get_lexer_for_filenode(filenode):
                 lexer = get_custom_lexer(filenode.extension) or filenode.lexer
                 return lexer
             def pygmentize(filenode, **kwargs):
                 """
                 pygmentize function using pygments
                 :param filenode:
                 """
                 lexer = get_lexer_for_filenode(filenode)
                 return literal(code_highlight(filenode.content, lexer,
                                               CodeHtmlFormatter(**kwargs)))
             def is_following_repo(repo_name, user_id):
                 from rhodecode.model.scm import ScmModel
                 return ScmModel().is_following_repo(repo_name, user_id)
             class _Message(object):
                 """A message returned by ``Flash.pop_messages()``.
                 Converting the message to a string returns the message text. Instances
                 also have the following attributes:
                 * ``message``: the message text.
                 * ``category``: the category specified when the message was created.
                 """
                 def __init__(self, category, message, sub_data=None):
                     self.category = category
                     self.message = message
                     self.sub_data = sub_data or {}
                 def __str__(self):
                     return self.message
                 __unicode__ = __str__
                 def __html__(self):
                     return escape(safe_unicode(self.message))
             class Flash(object):
                 # List of allowed categories.  If None, allow any category.
                 categories = ["warning", "notice", "error", "success"]
                 # Default category if none is specified.
                 default_category = "notice"
                 def __init__(self, session_key="flash", categories=None,
                              default_category=None):
                     """
                     Instantiate a ``Flash`` object.
                     ``session_key`` is the key to save the messages under in the user's
                     session.
                     ``categories`` is an optional list which overrides the default list
                     of categories.
                     ``default_category`` overrides the default category used for messages
                     when none is specified.
                     """
                     self.session_key = session_key
                     if categories is not None:
                         self.categories = categories
                     if default_category is not None:
                         self.default_category = default_category
                     if self.categories and self.default_category not in self.categories:
                         raise ValueError(
                             "unrecognized default category %r" % (self.default_category,))
                 def pop_messages(self, session=None, request=None):
                     """
                     Return all accumulated messages and delete them from the session.
                     The return value is a list of ``Message`` objects.
                     """
                     messages = []
                     if not session:
                         if not request:
                             request = get_current_request()
                         session = request.session
                     # Pop the 'old' pylons flash messages. They are tuples of the form
                     # (category, message)
                     for cat, msg in session.pop(self.session_key, []):
                         messages.append(_Message(cat, msg))
                     # Pop the 'new' pyramid flash messages for each category as list
                     # of strings.
                     for cat in self.categories:
                         for msg in session.pop_flash(queue=cat):
                             sub_data = {}
                             if hasattr(msg, 'rsplit'):
                                 flash_data = msg.rsplit('|DELIM|', 1)
                                 org_message = flash_data[0]
                                 if len(flash_data) > 1:
                                     sub_data = json.loads(flash_data[1])
                             else:
                                 org_message = msg
                             messages.append(_Message(cat, org_message, sub_data=sub_data))
                     # Map messages from the default queue to the 'notice' category.
                     for msg in session.pop_flash():
                         messages.append(_Message('notice', msg))
                     session.save()
                     return messages
                 def json_alerts(self, session=None, request=None):
                     payloads = []
                     messages = flash.pop_messages(session=session, request=request) or []
                     for message in messages:
                         payloads.append({
                             'message': {
                                 'message': u'{}'.format(message.message),
                                 'level': message.category,
                                 'force': True,
                                 'subdata': message.sub_data
                             }
                         })
                     return json.dumps(payloads)
                 def __call__(self, message, category=None, ignore_duplicate=True,
                              session=None, request=None):
                     if not session:
                         if not request:
                             request = get_current_request()
                         session = request.session
                     session.flash(
                         message, queue=category, allow_duplicate=not ignore_duplicate)
             flash = Flash()
             #==============================================================================
             # SCM FILTERS available via h.
             #==============================================================================
             from rhodecode.lib.vcs.utils import author_name, author_email
             from rhodecode.lib.utils2 import age, age_from_seconds
             from rhodecode.model.db import User, ChangesetStatus
             email = author_email
             def capitalize(raw_text):
                 return raw_text.capitalize()
             def short_id(long_id):
                 return long_id[:12]
             def hide_credentials(url):
                 from rhodecode.lib.utils2 import credentials_filter
                 return credentials_filter(url)
             import pytz
             import tzlocal
             local_timezone = tzlocal.get_localzone()
             def get_timezone(datetime_iso, time_is_local=False):
                 tzinfo = '+00:00'
                 # detect if we have a timezone info, otherwise, add it
                 if time_is_local and isinstance(datetime_iso, datetime) and not datetime_iso.tzinfo:
                     force_timezone = os.environ.get('RC_TIMEZONE', '')
                     if force_timezone:
                         force_timezone = pytz.timezone(force_timezone)
                     timezone = force_timezone or local_timezone
                     offset = timezone.localize(datetime_iso).strftime('%z')
                     tzinfo = '{}:{}'.format(offset[:-2], offset[-2:])
                 return tzinfo
             def age_component(datetime_iso, value=None, time_is_local=False, tooltip=True):
                 title = value or format_date(datetime_iso)
                 tzinfo = get_timezone(datetime_iso, time_is_local=time_is_local)
                 return literal(
                     '<time class="timeago {cls}" title="{tt_title}" datetime="{dt}{tzinfo}">{title}</time>'.format(
                         cls='tooltip' if tooltip else '',
                         tt_title=('{title}{tzinfo}'.format(title=title, tzinfo=tzinfo)) if tooltip else '',
                         title=title, dt=datetime_iso, tzinfo=tzinfo
                     ))
             def _shorten_commit_id(commit_id, commit_len=None):
                 if commit_len is None:
                     request = get_current_request()
                     commit_len = request.call_context.visual.show_sha_length
                 return commit_id[:commit_len]
             def show_id(commit, show_idx=None, commit_len=None):
                 """
                 Configurable function that shows ID
                 by default it's r123:fffeeefffeee
                 :param commit: commit instance
                 """
                 if show_idx is None:
                     request = get_current_request()
                     show_idx = request.call_context.visual.show_revision_number
                 raw_id = _shorten_commit_id(commit.raw_id, commit_len=commit_len)
                 if show_idx:
                     return 'r%s:%s' % (commit.idx, raw_id)
                 else:
                     return '%s' % (raw_id, )
             def format_date(date):
                 """
                 use a standardized formatting for dates used in RhodeCode
                 :param date: date/datetime object
                 :return: formatted date
                 """
                 if date:
                     _fmt = "%a, %d %b %Y %H:%M:%S"
                     return safe_unicode(date.strftime(_fmt))
                 return u""
             class _RepoChecker(object):
                 def __init__(self, backend_alias):
                     self._backend_alias = backend_alias
                 def __call__(self, repository):
                     if hasattr(repository, 'alias'):
                         _type = repository.alias
                     elif hasattr(repository, 'repo_type'):
                         _type = repository.repo_type
                     else:
                         _type = repository
                     return _type == self._backend_alias
             is_git = _RepoChecker('git')
             is_hg = _RepoChecker('hg')
             is_svn = _RepoChecker('svn')
             def get_repo_type_by_name(repo_name):
                 repo = Repository.get_by_repo_name(repo_name)
                 if repo:
                     return repo.repo_type
             def is_svn_without_proxy(repository):
                 if is_svn(repository):
                     from rhodecode.model.settings import VcsSettingsModel
                     conf = VcsSettingsModel().get_ui_settings_as_config_obj()
                     return not str2bool(conf.get('vcs_svn_proxy', 'http_requests_enabled'))
                 return False
             def discover_user(author):
                 """
                 Tries to discover RhodeCode User based on the author string. Author string
                 is typically `FirstName LastName <email@address.com>`
                 """
                 # if author is already an instance use it for extraction
                 if isinstance(author, User):
                     return author
                 # Valid email in the attribute passed, see if they're in the system
                 _email = author_email(author)
                 if _email != '':
                     user = User.get_by_email(_email, case_insensitive=True, cache=True)
                     if user is not None:
                         return user
                 # Maybe it's a username, we try to extract it and fetch by username ?
                 _author = author_name(author)
                 user = User.get_by_username(_author, case_insensitive=True, cache=True)
                 if user is not None:
                     return user
                 return None
             def email_or_none(author):
                 # extract email from the commit string
                 _email = author_email(author)
                 # If we have an email, use it, otherwise
                 # see if it contains a username we can get an email from
                 if _email != '':
                     return _email
                 else:
                     user = User.get_by_username(
                         author_name(author), case_insensitive=True, cache=True)
                 if user is not None:
                         return user.email
                 # No valid email, not a valid user in the system, none!
                 return None
             def link_to_user(author, length=0, **kwargs):
                 user = discover_user(author)
                 # user can be None, but if we have it already it means we can re-use it
                 # in the person() function, so we save 1 intensive-query
                 if user:
                     author = user
                 display_person = person(author, 'username_or_name_or_email')
                 if length:
                     display_person = shorter(display_person, length)
                 if user and user.username != user.DEFAULT_USER:
                     return link_to(
                         escape(display_person),
                         route_path('user_profile', username=user.username),
                         **kwargs)
                 else:
                     return escape(display_person)
             def link_to_group(users_group_name, **kwargs):
                 return link_to(
                     escape(users_group_name),
                     route_path('user_group_profile', user_group_name=users_group_name),
                     **kwargs)
             def person(author, show_attr="username_and_name"):
                 user = discover_user(author)
                 if user:
                     return getattr(user, show_attr)
                 else:
                     _author = author_name(author)
                     _email = email(author)
                     return _author or _email
             def author_string(email):
                 if email:
                     user = User.get_by_email(email, case_insensitive=True, cache=True)
                     if user:
                         if user.first_name or user.last_name:
                             return '%s %s &lt;%s&gt;' % (
                                 user.first_name, user.last_name, email)
                         else:
                             return email
                     else:
                         return email
                 else:
                     return None
             def person_by_id(id_, show_attr="username_and_name"):
                 # attr to return from fetched user
                 person_getter = lambda usr: getattr(usr, show_attr)
                 #maybe it's an ID ?
                 if str(id_).isdigit() or isinstance(id_, int):
                     id_ = int(id_)
                     user = User.get(id_)
                     if user is not None:
                         return person_getter(user)
                 return id_
             def gravatar_with_user(request, author, show_disabled=False, tooltip=False):
                 _render = request.get_partial_renderer('rhodecode:templates/base/base.mako')
                 return _render('gravatar_with_user', author, show_disabled=show_disabled, tooltip=tooltip)
             tags_paterns = OrderedDict((
                 ('lang', (re.compile(r'\[(lang|language)\ \=\&gt;\ *([a-zA-Z\-\/\#\+\.]*)\]'),
                          '<div class="metatag" tag="lang">\\2</div>')),
                 ('see', (re.compile(r'\[see\ \=\&gt;\ *([a-zA-Z0-9\/\=\?\&amp;\ \:\/\.\-]*)\]'),
                         '<div class="metatag" tag="see">see: \\1 </div>')),
                 ('url', (re.compile(r'\[url\ \=\&gt;\ \[([a-zA-Z0-9\ \.\-\_]+)\]\((http://|https://|/)(.*?)\)\]'),
                         '<div class="metatag" tag="url"> <a href="\\2\\3">\\1</a> </div>')),
                 ('license', (re.compile(r'\[license\ \=\&gt;\ *([a-zA-Z0-9\/\=\?\&amp;\ \:\/\.\-]*)\]'),
                             '<div class="metatag" tag="license"><a href="http:\/\/www.opensource.org/licenses/\\1">\\1</a></div>')),
                 ('ref', (re.compile(r'\[(requires|recommends|conflicts|base)\ \=\&gt;\ *([a-zA-Z0-9\-\/]*)\]'),
                         '<div class="metatag" tag="ref \\1">\\1: <a href="/\\2">\\2</a></div>')),
                 ('state', (re.compile(r'\[(stable|featured|stale|dead|dev|deprecated)\]'),
                           '<div class="metatag" tag="state \\1">\\1</div>')),
                 # label in grey
                 ('label', (re.compile(r'\[([a-z]+)\]'),
                           '<div class="metatag" tag="label">\\1</div>')),
                 # generic catch all in grey
                 ('generic', (re.compile(r'\[([a-zA-Z0-9\.\-\_]+)\]'),
                             '<div class="metatag" tag="generic">\\1</div>')),
             ))
             def extract_metatags(value):
                 """
                 Extract supported meta-tags from given text value
                 """
                 tags = []
                 if not value:
                     return tags, ''
                 for key, val in tags_paterns.items():
                     pat, replace_html = val
                     tags.extend([(key, x.group()) for x in pat.finditer(value)])
                     value = pat.sub('', value)
                 return tags, value
             def style_metatag(tag_type, value):
                 """
                 converts tags from value into html equivalent
                 """
                 if not value:
                     return ''
                 html_value = value
                 tag_data = tags_paterns.get(tag_type)
                 if tag_data:
                     pat, replace_html = tag_data
                     # convert to plain `unicode` instead of a markup tag to be used in
                     # regex expressions. safe_unicode doesn't work here
-                    html_value = pat.sub(replace_html, unicode(value))
+                    html_value = pat.sub(replace_html, value)
                 return html_value
             def bool2icon(value, show_at_false=True):
                 """
                 Returns boolean value of a given value, represented as html element with
                 classes that will represent icons
                 :param value: given value to convert to html node
                 """
                 if value:  # does bool conversion
                     return HTML.tag('i', class_="icon-true", title='True')
                 else:  # not true as bool
                     if show_at_false:
                         return HTML.tag('i', class_="icon-false", title='False')
                     return HTML.tag('i')
             def b64(inp):
                 return base64.b64encode(inp)
             #==============================================================================
             # PERMS
             #==============================================================================
             from rhodecode.lib.auth import (
                 HasPermissionAny, HasPermissionAll,
                 HasRepoPermissionAny, HasRepoPermissionAll, HasRepoGroupPermissionAll,
                 HasRepoGroupPermissionAny, HasRepoPermissionAnyApi, get_csrf_token,
                 csrf_token_key, AuthUser)
             #==============================================================================
             # GRAVATAR URL
             #==============================================================================
             class InitialsGravatar(object):
                 def __init__(self, email_address, first_name, last_name, size=30,
                              background=None, text_color='#fff'):
                     self.size = size
                     self.first_name = first_name
                     self.last_name = last_name
                     self.email_address = email_address
                     self.background = background or self.str2color(email_address)
                     self.text_color = text_color
                 def get_color_bank(self):
                     """
                     returns a predefined list of colors that gravatars can use.
                     Those are randomized distinct colors that guarantee readability and
                     uniqueness.
                     generated with: http://phrogz.net/css/distinct-colors.html
                     """
                     return [
                         '#bf3030', '#a67f53', '#00ff00', '#5989b3', '#392040', '#d90000',
                         '#402910', '#204020', '#79baf2', '#a700b3', '#bf6060', '#7f5320',
                         '#008000', '#003059', '#ee00ff', '#ff0000', '#8c4b00', '#007300',
                         '#005fb3', '#de73e6', '#ff4040', '#ffaa00', '#3df255', '#203140',
                         '#47004d', '#591616', '#664400', '#59b365', '#0d2133', '#83008c',
                         '#592d2d', '#bf9f60', '#73e682', '#1d3f73', '#73006b', '#402020',
                         '#b2862d', '#397341', '#597db3', '#e600d6', '#a60000', '#736039',
                         '#00b318', '#79aaf2', '#330d30', '#ff8080', '#403010', '#16591f',
                         '#002459', '#8c4688', '#e50000', '#ffbf40', '#00732e', '#102340',
                         '#bf60ac', '#8c4646', '#cc8800', '#00a642', '#1d3473', '#b32d98',
                         '#660e00', '#ffd580', '#80ffb2', '#7391e6', '#733967', '#d97b6c',
                         '#8c5e00', '#59b389', '#3967e6', '#590047', '#73281d', '#665200',
                         '#00e67a', '#2d50b3', '#8c2377', '#734139', '#b2982d', '#16593a',
                         '#001859', '#ff00aa', '#a65e53', '#ffcc00', '#0d3321', '#2d3959',
                         '#731d56', '#401610', '#4c3d00', '#468c6c', '#002ca6', '#d936a3',
                         '#d94c36', '#403920', '#36d9a3', '#0d1733', '#592d4a', '#993626',
                         '#cca300', '#00734d', '#46598c', '#8c005e', '#7f1100', '#8c7000',
                         '#00a66f', '#7382e6', '#b32d74', '#d9896c', '#ffe680', '#1d7362',
                         '#364cd9', '#73003d', '#d93a00', '#998a4d', '#59b3a1', '#5965b3',
                         '#e5007a', '#73341d', '#665f00', '#00b38f', '#0018b3', '#59163a',
                         '#b2502d', '#bfb960', '#00ffcc', '#23318c', '#a6537f', '#734939',
                         '#b2a700', '#104036', '#3d3df2', '#402031', '#e56739', '#736f39',
                         '#79f2ea', '#000059', '#401029', '#4c1400', '#ffee00', '#005953',
                         '#101040', '#990052', '#402820', '#403d10', '#00ffee', '#0000d9',
                         '#ff80c4', '#a66953', '#eeff00', '#00ccbe', '#8080ff', '#e673a1',
                         '#a62c00', '#474d00', '#1a3331', '#46468c', '#733950', '#662900',
                         '#858c23', '#238c85', '#0f0073', '#b20047', '#d9986c', '#becc00',
                         '#396f73', '#281d73', '#ff0066', '#ff6600', '#dee673', '#59adb3',
                         '#6559b3', '#590024', '#b2622d', '#98b32d', '#36ced9', '#332d59',
                         '#40001a', '#733f1d', '#526600', '#005359', '#242040', '#bf6079',
                         '#735039', '#cef23d', '#007780', '#5630bf', '#66001b', '#b24700',
                         '#acbf60', '#1d6273', '#25008c', '#731d34', '#a67453', '#50592d',
                         '#00ccff', '#6600ff', '#ff0044', '#4c1f00', '#8a994d', '#79daf2',
                         '#a173e6', '#d93662', '#402310', '#aaff00', '#2d98b3', '#8c40ff',
                         '#592d39', '#ff8c40', '#354020', '#103640', '#1a0040', '#331a20',
                         '#331400', '#334d00', '#1d5673', '#583973', '#7f0022', '#4c3626',
                         '#88cc00', '#36a3d9', '#3d0073', '#d9364c', '#33241a', '#698c23',
                         '#5995b3', '#300059', '#e57382', '#7f3300', '#366600', '#00aaff',
                         '#3a1659', '#733941', '#663600', '#74b32d', '#003c59', '#7f53a6',
                         '#73000f', '#ff8800', '#baf279', '#79caf2', '#291040', '#a6293a',
                         '#b2742d', '#587339', '#0077b3', '#632699', '#400009', '#d9a66c',
                         '#294010', '#2d4a59', '#aa00ff', '#4c131b', '#b25f00', '#5ce600',
                         '#267399', '#a336d9', '#990014', '#664e33', '#86bf60', '#0088ff',
                         '#7700b3', '#593a16', '#073300', '#1d4b73', '#ac60bf', '#e59539',
                         '#4f8c46', '#368dd9', '#5c0073'
                     ]
                 def rgb_to_hex_color(self, rgb_tuple):
                     """
                     Converts an rgb_tuple passed to an hex color.
                     :param rgb_tuple: tuple with 3 ints represents rgb color space
                     """
                     return '#' + ("".join(map(chr, rgb_tuple)).encode('hex'))
                 def email_to_int_list(self, email_str):
                     """
                     Get every byte of the hex digest value of email and turn it to integer.
                     It's going to be always between 0-255
                     """
                     digest = md5_safe(email_str.lower())
                     return [int(digest[i * 2:i * 2 + 2], 16) for i in range(16)]
                 def pick_color_bank_index(self, email_str, color_bank):
                     return self.email_to_int_list(email_str)[0] % len(color_bank)
                 def str2color(self, email_str):
                     """
                     Tries to map in a stable algorithm an email to color
                     :param email_str:
                     """
                     color_bank = self.get_color_bank()
                     # pick position (module it's length so we always find it in the
                     # bank even if it's smaller than 256 values
                     pos = self.pick_color_bank_index(email_str, color_bank)
                     return color_bank[pos]
                 def normalize_email(self, email_address):
                     import unicodedata
                     # default host used to fill in the fake/missing email
-                    default_host = u'localhost'
+                    default_host = 'localhost'
                     if not email_address:
-                        email_address = u'%s@%s' % (User.DEFAULT_USER, default_host)
+                        email_address = '%s@%s' % (User.DEFAULT_USER, default_host)
                     email_address = safe_unicode(email_address)
                     if u'@' not in email_address:
                         email_address = u'%s@%s' % (email_address, default_host)
                     if email_address.endswith(u'@'):
                         email_address = u'%s%s' % (email_address, default_host)
                     email_address = unicodedata.normalize('NFKD', email_address)\
                         .encode('ascii', 'ignore')
                     return email_address
                 def get_initials(self):
                     """
                     Returns 2 letter initials calculated based on the input.
                     The algorithm picks first given email address, and takes first letter
                     of part before @, and then the first letter of server name. In case
                     the part before @ is in a format of `somestring.somestring2` it replaces
                     the server letter with first letter of somestring2
                     In case function was initialized with both first and lastname, this
                     overrides the extraction from email by first letter of the first and
                     last name. We add special logic to that functionality, In case Full name
                     is compound, like Guido Von Rossum, we use last part of the last name
                     (Von Rossum) picking `R`.
                     Function also normalizes the non-ascii characters to they ascii
                     representation, eg Ą => A
                     """
                     import unicodedata
                     # replace non-ascii to ascii
                     first_name = unicodedata.normalize(
                         'NFKD', safe_unicode(self.first_name)).encode('ascii', 'ignore')
                     last_name = unicodedata.normalize(
                         'NFKD', safe_unicode(self.last_name)).encode('ascii', 'ignore')
                     # do NFKD encoding, and also make sure email has proper format
                     email_address = self.normalize_email(self.email_address)
                     # first push the email initials
                     prefix, server = email_address.split('@', 1)
                     # check if prefix is maybe a 'first_name.last_name' syntax
                     _dot_split = prefix.rsplit('.', 1)
                     if len(_dot_split) == 2 and _dot_split[1]:
                         initials = [_dot_split[0][0], _dot_split[1][0]]
                     else:
                         initials = [prefix[0], server[0]]
                     # then try to replace either first_name or last_name
                     fn_letter = (first_name or " ")[0].strip()
                     ln_letter = (last_name.split(' ', 1)[-1] or " ")[0].strip()
                     if fn_letter:
                         initials[0] = fn_letter
                     if ln_letter:
                         initials[1] = ln_letter
                     return ''.join(initials).upper()
                 def get_img_data_by_type(self, font_family, img_type):
                     default_user = """
                     <svg xmlns="http://www.w3.org/2000/svg"
                     version="1.1" x="0px" y="0px" width="{size}" height="{size}"
                     viewBox="-15 -10 439.165 429.164"
                     xml:space="preserve"
                     style="background:{background};" >
                     <path d="M204.583,216.671c50.664,0,91.74-48.075,
 .74-107.378c0-82.237-41.074-107.377-91.74-107.377
                              c-50.668,0-91.74,25.14-91.74,107.377C112.844,
 .596,153.916,216.671,
 .583,216.671z" fill="{text_color}"/>
                     <path d="M407.164,374.717L360.88,
 .454c-2.117-4.771-5.836-8.728-10.465-11.138l-71.83-37.392
                              c-1.584-0.823-3.502-0.663-4.926,0.415c-20.316,
 .366-44.203,23.488-69.076,23.488c-24.877,
 -48.762-8.122-69.078-23.488
                              c-1.428-1.078-3.346-1.238-4.93-0.415L58.75,
 .316c-4.631,2.41-8.346,6.365-10.465,11.138L2.001,374.717
                              c-3.191,7.188-2.537,15.412,1.75,22.005c4.285,
 .592,11.537,10.526,19.4,10.526h362.861c7.863,0,15.117-3.936,
 .402-10.527 C409.699,390.129,
 .355,381.902,407.164,374.717z" fill="{text_color}"/>
                     </svg>""".format(
                         size=self.size,
                         background='#979797',  # @grey4
                         text_color=self.text_color,
                         font_family=font_family)
                     return {
                         "default_user": default_user
                     }[img_type]
                 def get_img_data(self, svg_type=None):
                     """
                     generates the svg metadata for image
                     """
                     fonts = [
                         '-apple-system',
                          'BlinkMacSystemFont',
                          'Segoe UI',
                          'Roboto',
                          'Oxygen-Sans',
                          'Ubuntu',
                          'Cantarell',
                          'Helvetica Neue',
                          'sans-serif'
                     ]
                     font_family = ','.join(fonts)
                     if svg_type:
                         return self.get_img_data_by_type(font_family, svg_type)
                     initials = self.get_initials()
                     img_data = """
                     <svg xmlns="http://www.w3.org/2000/svg" pointer-events="none"
                          width="{size}" height="{size}"
                          style="width: 100%; height: 100%; background-color: {background}"
                          viewBox="0 0 {size} {size}">
                         <text text-anchor="middle" y="50%" x="50%" dy="0.35em"
                               pointer-events="auto" fill="{text_color}"
                               font-family="{font_family}"
                               style="font-weight: 400; font-size: {f_size}px;">{text}
                         </text>
                     </svg>""".format(
                         size=self.size,
                         f_size=self.size/2.05,  # scale the text inside the box nicely
                         background=self.background,
                         text_color=self.text_color,
                         text=initials.upper(),
                         font_family=font_family)
                     return img_data
                 def generate_svg(self, svg_type=None):
                     img_data = self.get_img_data(svg_type)
                     return "data:image/svg+xml;base64,%s" % base64.b64encode(img_data)
             def initials_gravatar(request, email_address, first_name, last_name, size=30, store_on_disk=False):
                 svg_type = None
                 if email_address == User.DEFAULT_USER_EMAIL:
                     svg_type = 'default_user'
                 klass = InitialsGravatar(email_address, first_name, last_name, size)
                 if store_on_disk:
                     from rhodecode.apps.file_store import utils as store_utils
                     from rhodecode.apps.file_store.exceptions import FileNotAllowedException, \
                         FileOverSizeException
                     from rhodecode.model.db import Session
                     image_key = md5_safe(email_address.lower()
                                          + first_name.lower() + last_name.lower())
                     storage = store_utils.get_file_storage(request.registry.settings)
                     filename = '{}.svg'.format(image_key)
                     subdir = 'gravatars'
                     # since final name has a counter, we apply the 0
                     uid = storage.apply_counter(0, store_utils.uid_filename(filename, randomized=False))
                     store_uid = os.path.join(subdir, uid)
                     db_entry = FileStore.get_by_store_uid(store_uid)
                     if db_entry:
                         return request.route_path('download_file', fid=store_uid)
                     img_data = klass.get_img_data(svg_type=svg_type)
                     img_file = store_utils.bytes_to_file_obj(img_data)
                     try:
                         store_uid, metadata = storage.save_file(
                             img_file, filename, directory=subdir,
                             extensions=['.svg'], randomized_name=False)
                     except (FileNotAllowedException, FileOverSizeException):
                         raise
                     try:
                         entry = FileStore.create(
                             file_uid=store_uid, filename=metadata["filename"],
                             file_hash=metadata["sha256"], file_size=metadata["size"],
                             file_display_name=filename,
                             file_description=u'user gravatar `{}`'.format(safe_unicode(filename)),
                             hidden=True, check_acl=False, user_id=1
                         )
                         Session().add(entry)
                         Session().commit()
                         log.debug('Stored upload in DB as %s', entry)
                     except Exception:
                         raise
                     return request.route_path('download_file', fid=store_uid)
                 else:
                     return klass.generate_svg(svg_type=svg_type)
             def gravatar_external(request, gravatar_url_tmpl, email_address, size=30):
                 return safe_str(gravatar_url_tmpl)\
                     .replace('{email}', email_address) \
                     .replace('{md5email}', md5_safe(email_address.lower())) \
                     .replace('{netloc}', request.host) \
                     .replace('{scheme}', request.scheme) \
                     .replace('{size}', safe_str(size))
             def gravatar_url(email_address, size=30, request=None):
                 request = request or get_current_request()
                 _use_gravatar = request.call_context.visual.use_gravatar
                 email_address = email_address or User.DEFAULT_USER_EMAIL
                 if isinstance(email_address, str):
                     # hashlib crashes on unicode items
                     email_address = safe_str(email_address)
                 # empty email or default user
                 if not email_address or email_address == User.DEFAULT_USER_EMAIL:
                     return initials_gravatar(request, User.DEFAULT_USER_EMAIL, '', '', size=size)
                 if _use_gravatar:
                     gravatar_url_tmpl = request.call_context.visual.gravatar_url \
                                         or User.DEFAULT_GRAVATAR_URL
                     return gravatar_external(request, gravatar_url_tmpl, email_address, size=size)
                 else:
                     return initials_gravatar(request, email_address, '', '', size=size)
             def breadcrumb_repo_link(repo):
                 """
                 Makes a breadcrumbs path link to repo
                 ex::
                     group >> subgroup >> repo
                 :param repo: a Repository instance
                 """
                 path = [
                     link_to(group.name, route_path('repo_group_home', repo_group_name=group.group_name),
                             title='last change:{}'.format(format_date(group.last_commit_change)))
                     for group in repo.groups_with_parents
                 ] + [
                     link_to(repo.just_name, route_path('repo_summary', repo_name=repo.repo_name),
                             title='last change:{}'.format(format_date(repo.last_commit_change)))
                 ]
                 return literal(' &raquo; '.join(path))
             def breadcrumb_repo_group_link(repo_group):
                 """
                 Makes a breadcrumbs path link to repo
                 ex::
                     group >> subgroup
                 :param repo_group: a Repository Group instance
                 """
                 path = [
                     link_to(group.name,
                             route_path('repo_group_home', repo_group_name=group.group_name),
                             title='last change:{}'.format(format_date(group.last_commit_change)))
                     for group in repo_group.parents
                 ] + [
                     link_to(repo_group.name,
                             route_path('repo_group_home', repo_group_name=repo_group.group_name),
                             title='last change:{}'.format(format_date(repo_group.last_commit_change)))
                 ]
                 return literal(' &raquo; '.join(path))
             def format_byte_size_binary(file_size):
                 """
                 Formats file/folder sizes to standard.
                 """
                 if file_size is None:
                     file_size = 0
                 formatted_size = format_byte_size(file_size, binary=True)
                 return formatted_size
             def urlify_text(text_, safe=True, **href_attrs):
                 """
                 Extract urls from text and make html links out of them
                 """
                 url_pat = re.compile(r'''(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@#.&+]'''
                                      '''|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+)''')
                 def url_func(match_obj):
                     url_full = match_obj.groups()[0]
                     a_options = dict(href_attrs)
                     a_options['href'] = url_full
                     a_text = url_full
                     return HTML.tag("a", a_text, **a_options)
                 _new_text = url_pat.sub(url_func, text_)
                 if safe:
                     return literal(_new_text)
                 return _new_text
             def urlify_commits(text_, repo_name):
                 """
                 Extract commit ids from text and make link from them
                 :param text_:
                 :param repo_name: repo name to build the URL with
                 """
                 url_pat = re.compile(r'(^|\s)([0-9a-fA-F]{12,40})($|\s)')
                 def url_func(match_obj):
                     commit_id = match_obj.groups()[1]
                     pref = match_obj.groups()[0]
                     suf = match_obj.groups()[2]
                     tmpl = (
                         '%(pref)s<a class="tooltip-hovercard %(cls)s" href="%(url)s" data-hovercard-alt="%(hovercard_alt)s" data-hovercard-url="%(hovercard_url)s">'
                         '%(commit_id)s</a>%(suf)s'
                     )
                     return tmpl % {
                         'pref': pref,
                         'cls': 'revision-link',
                         'url': route_url(
                             'repo_commit', repo_name=repo_name, commit_id=commit_id),
                         'commit_id': commit_id,
                         'suf': suf,
                         'hovercard_alt': 'Commit: {}'.format(commit_id),
                         'hovercard_url': route_url(
                             'hovercard_repo_commit', repo_name=repo_name, commit_id=commit_id)
                     }
                 new_text = url_pat.sub(url_func, text_)
                 return new_text
             def _process_url_func(match_obj, repo_name, uid, entry,
                                   return_raw_data=False, link_format='html'):
                 pref = ''
                 if match_obj.group().startswith(' '):
                     pref = ' '
                 issue_id = ''.join(match_obj.groups())
                 if link_format == 'html':
                     tmpl = (
                         '%(pref)s<a class="tooltip %(cls)s" href="%(url)s" title="%(title)s">'
                         '%(issue-prefix)s%(id-repr)s'
                         '</a>')
                 elif link_format == 'html+hovercard':
                     tmpl = (
                         '%(pref)s<a class="tooltip-hovercard %(cls)s" href="%(url)s" data-hovercard-url="%(hovercard_url)s">'
                         '%(issue-prefix)s%(id-repr)s'
                         '</a>')
                 elif link_format in ['rst', 'rst+hovercard']:
                     tmpl = '`%(issue-prefix)s%(id-repr)s <%(url)s>`_'
                 elif link_format in ['markdown', 'markdown+hovercard']:
                     tmpl = '[%(pref)s%(issue-prefix)s%(id-repr)s](%(url)s)'
                 else:
                     raise ValueError('Bad link_format:{}'.format(link_format))
                 (repo_name_cleaned,
                  parent_group_name) = RepoGroupModel()._get_group_name_and_parent(repo_name)
                 # variables replacement
                 named_vars = {
                     'id': issue_id,
                     'repo': repo_name,
                     'repo_name': repo_name_cleaned,
                     'group_name': parent_group_name,
                     # set dummy keys so we always have them
                     'hostname': '',
                     'netloc': '',
                     'scheme': ''
                 }
                 request = get_current_request()
                 if request:
                     # exposes, hostname, netloc, scheme
                     host_data = get_host_info(request)
                     named_vars.update(host_data)
                 # named regex variables
                 named_vars.update(match_obj.groupdict())
                 _url = string.Template(entry['url']).safe_substitute(**named_vars)
                 desc = string.Template(escape(entry['desc'])).safe_substitute(**named_vars)
                 hovercard_url = string.Template(entry.get('hovercard_url', '')).safe_substitute(**named_vars)
                 def quote_cleaner(input_str):
                     """Remove quotes as it's HTML"""
                     return input_str.replace('"', '')
                 data = {
                     'pref': pref,
                     'cls': quote_cleaner('issue-tracker-link'),
                     'url': quote_cleaner(_url),
                     'id-repr': issue_id,
                     'issue-prefix': entry['pref'],
                     'serv': entry['url'],
                     'title': bleach.clean(desc, strip=True),
                     'hovercard_url': hovercard_url
                 }
                 if return_raw_data:
                     return {
                         'id': issue_id,
                         'url': _url
                     }
                 return tmpl % data
             def get_active_pattern_entries(repo_name):
                 repo = None
                 if repo_name:
                     # Retrieving repo_name to avoid invalid repo_name to explode on
                     # IssueTrackerSettingsModel but still passing invalid name further down
                     repo = Repository.get_by_repo_name(repo_name, cache=True)
                 settings_model = IssueTrackerSettingsModel(repo=repo)
                 active_entries = settings_model.get_settings(cache=True)
                 return active_entries
             pr_pattern_re = regex.compile(r'(?:(?:^!)|(?: !))(\d+)')
             allowed_link_formats = [
                 'html', 'rst', 'markdown', 'html+hovercard', 'rst+hovercard', 'markdown+hovercard']
             compile_cache = {
             }
             def process_patterns(text_string, repo_name, link_format='html', active_entries=None):
                 if link_format not in allowed_link_formats:
                     raise ValueError('Link format can be only one of:{} got {}'.format(
                                      allowed_link_formats, link_format))
                 issues_data = []
                 errors = []
                 new_text = text_string
                 if active_entries is None:
                     log.debug('Fetch active issue tracker patterns for repo: %s', repo_name)
                     active_entries = get_active_pattern_entries(repo_name)
                 log.debug('Got %s pattern entries to process', len(active_entries))
                 for uid, entry in active_entries.items():
                     if not (entry['pat'] and entry['url']):
                         log.debug('skipping due to missing data')
                         continue
                     log.debug('issue tracker entry: uid: `%s` PAT:%s URL:%s PREFIX:%s',
                               uid, entry['pat'], entry['url'], entry['pref'])
                     if entry.get('pat_compiled'):
                         pattern = entry['pat_compiled']
                     elif entry['pat'] in compile_cache:
                         pattern = compile_cache[entry['pat']]
                     else:
                         try:
                             pattern = regex.compile(r'%s' % entry['pat'])
                         except regex.error as e:
                             regex_err = ValueError('{}:{}'.format(entry['pat'], e))
                             log.exception('issue tracker pattern: `%s` failed to compile', regex_err)
                             errors.append(regex_err)
                             continue
                         compile_cache[entry['pat']] = pattern
                     data_func = partial(
                         _process_url_func, repo_name=repo_name, entry=entry, uid=uid,
                         return_raw_data=True)
                     for match_obj in pattern.finditer(text_string):
                         issues_data.append(data_func(match_obj))
                     url_func = partial(
                         _process_url_func, repo_name=repo_name, entry=entry, uid=uid,
                         link_format=link_format)
                     new_text = pattern.sub(url_func, new_text)
                     log.debug('processed prefix:uid `%s`', uid)
                 # finally use global replace, eg !123 -> pr-link, those will not catch
                 # if already similar pattern exists
                 server_url = '${scheme}://${netloc}'
                 pr_entry = {
                     'pref': '!',
                     'url': server_url + '/_admin/pull-requests/${id}',
                     'desc': 'Pull Request !${id}',
                     'hovercard_url': server_url + '/_hovercard/pull_request/${id}'
                 }
                 pr_url_func = partial(
                     _process_url_func, repo_name=repo_name, entry=pr_entry, uid=None,
                     link_format=link_format+'+hovercard')
                 new_text = pr_pattern_re.sub(pr_url_func, new_text)
                 log.debug('processed !pr pattern')
                 return new_text, issues_data, errors
             def urlify_commit_message(commit_text, repository=None, active_pattern_entries=None,
                                       issues_container_callback=None, error_container=None):
                 """
                 Parses given text message and makes proper links.
                 issues are linked to given issue-server, and rest is a commit link
                 """
                 def escaper(_text):
                     return _text.replace('<', '&lt;').replace('>', '&gt;')
                 new_text = escaper(commit_text)
                 # extract http/https links and make them real urls
                 new_text = urlify_text(new_text, safe=False)
                 # urlify commits - extract commit ids and make link out of them, if we have
                 # the scope of repository present.
                 if repository:
                     new_text = urlify_commits(new_text, repository)
                 # process issue tracker patterns
                 new_text, issues, errors = process_patterns(
                     new_text, repository or '', active_entries=active_pattern_entries)
                 if issues_container_callback is not None:
                     for issue in issues:
                         issues_container_callback(issue)
                 if error_container is not None:
                     error_container.extend(errors)
                 return literal(new_text)
             def render_binary(repo_name, file_obj):
                 """
                 Choose how to render a binary file
                 """
                 # unicode
                 filename = file_obj.name
                 # images
                 for ext in ['*.png', '*.jpeg', '*.jpg', '*.ico', '*.gif']:
                     if fnmatch.fnmatch(filename, pat=ext):
                         src = route_path(
                             'repo_file_raw', repo_name=repo_name,
                             commit_id=file_obj.commit.raw_id,
                             f_path=file_obj.path)
                         return literal(
                             '<img class="rendered-binary" alt="rendered-image" src="{}">'.format(src))
             def renderer_from_filename(filename, exclude=None):
                 """
                 choose a renderer based on filename, this works only for text based files
                 """
                 # ipython
                 for ext in ['*.ipynb']:
                     if fnmatch.fnmatch(filename, pat=ext):
                         return 'jupyter'
                 is_markup = MarkupRenderer.renderer_from_filename(filename, exclude=exclude)
                 if is_markup:
                     return is_markup
                 return None
             def render(source, renderer='rst', mentions=False, relative_urls=None,
                        repo_name=None, active_pattern_entries=None, issues_container_callback=None):
                 def maybe_convert_relative_links(html_source):
                     if relative_urls:
                         return relative_links(html_source, relative_urls)
                     return html_source
                 if renderer == 'plain':
                     return literal(
                         MarkupRenderer.plain(source, leading_newline=False))
                 elif renderer == 'rst':
                     if repo_name:
                         # process patterns on comments if we pass in repo name
                         source, issues, errors = process_patterns(
                             source, repo_name, link_format='rst',
                             active_entries=active_pattern_entries)
                         if issues_container_callback is not None:
                             for issue in issues:
                                 issues_container_callback(issue)
                     return literal(
                         '<div class="rst-block">%s</div>' %
                         maybe_convert_relative_links(
                             MarkupRenderer.rst(source, mentions=mentions)))
                 elif renderer == 'markdown':
                     if repo_name:
                         # process patterns on comments if we pass in repo name
                         source, issues, errors = process_patterns(
                             source, repo_name, link_format='markdown',
                             active_entries=active_pattern_entries)
                         if issues_container_callback is not None:
                             for issue in issues:
                                 issues_container_callback(issue)
                     return literal(
                         '<div class="markdown-block">%s</div>' %
                         maybe_convert_relative_links(
                             MarkupRenderer.markdown(source, flavored=True,
                                                     mentions=mentions)))
                 elif renderer == 'jupyter':
                     return literal(
                         '<div class="ipynb">%s</div>' %
                         maybe_convert_relative_links(
                             MarkupRenderer.jupyter(source)))
                 # None means just show the file-source
                 return None
             def commit_status(repo, commit_id):
                 return ChangesetStatusModel().get_status(repo, commit_id)
             def commit_status_lbl(commit_status):
                 return dict(ChangesetStatus.STATUSES).get(commit_status)
             def commit_time(repo_name, commit_id):
                 repo = Repository.get_by_repo_name(repo_name)
                 commit = repo.get_commit(commit_id=commit_id)
                 return commit.date
             def get_permission_name(key):
                 return dict(Permission.PERMS).get(key)
             def journal_filter_help(request):
                 _ = request.translate
                 from rhodecode.lib.audit_logger import ACTIONS
                 actions = '\n'.join(textwrap.wrap(', '.join(sorted(ACTIONS.keys())), 80))
                 return _(
                     'Example filter terms:\n' +
                     '     repository:vcs\n' +
                     '     username:marcin\n' +
                     '     username:(NOT marcin)\n' +
                     '     action:*push*\n' +
                     '     ip:127.0.0.1\n' +
                     '     date:20120101\n' +
                     '     date:[20120101100000 TO 20120102]\n' +
                     '\n' +
                     'Actions: {actions}\n' +
                     '\n' +
                     'Generate wildcards using \'*\' character:\n' +
                     '     "repository:vcs*" - search everything starting with \'vcs\'\n' +
                     '     "repository:*vcs*" - search for repository containing \'vcs\'\n' +
                     '\n' +
                     'Optional AND / OR operators in queries\n' +
                     '     "repository:vcs OR repository:test"\n' +
                     '     "username:test AND repository:test*"\n'
                 ).format(actions=actions)
             def not_mapped_error(repo_name):
                 from rhodecode.translation import _
                 flash(_('%s repository is not mapped to db perhaps'
                         ' it was created or renamed from the filesystem'
                         ' please run the application again'
                         ' in order to rescan repositories') % repo_name, category='error')
             def ip_range(ip_addr):
                 from rhodecode.model.db import UserIpMap
                 s, e = UserIpMap._get_ip_range(ip_addr)
                 return '%s - %s' % (s, e)
             def form(url, method='post', needs_csrf_token=True, **attrs):
                 """Wrapper around webhelpers.tags.form to prevent CSRF attacks."""
                 if method.lower() != 'get' and needs_csrf_token:
                     raise Exception(
                         'Forms to POST/PUT/DELETE endpoints should have (in general) a ' +
                         'CSRF token. If the endpoint does not require such token you can ' +
                         'explicitly set the parameter needs_csrf_token to false.')
                 return insecure_form(url, method=method, **attrs)
             def secure_form(form_url, method="POST", multipart=False, **attrs):
                 """Start a form tag that points the action to an url. This
                 form tag will also include the hidden field containing
                 the auth token.
                 The url options should be given either as a string, or as a
                 ``url()`` function. The method for the form defaults to POST.
                 Options:
                 ``multipart``
                     If set to True, the enctype is set to "multipart/form-data".
                 ``method``
                     The method to use when submitting the form, usually either
                     "GET" or "POST". If "PUT", "DELETE", or another verb is used, a
                     hidden input with name _method is added to simulate the verb
                     over POST.
                 """
                 if 'request' in attrs:
                     session = attrs['request'].session
                     del attrs['request']
                 else:
                     raise ValueError(
                         'Calling this form requires request= to be passed as argument')
                 _form = insecure_form(form_url, method, multipart, **attrs)
                 token = literal(
                     '<input type="hidden" name="{}" value="{}">'.format(
                         csrf_token_key, get_csrf_token(session)))
                 return literal("%s\n%s" % (_form, token))
             def dropdownmenu(name, selected, options, enable_filter=False, **attrs):
                 select_html = select(name, selected, options, **attrs)
                 select2 = """
                     <script>
                         $(document).ready(function() {
                               $('#%s').select2({
                                   containerCssClass: 'drop-menu %s',
                                   dropdownCssClass: 'drop-menu-dropdown',
                                   dropdownAutoWidth: true%s
                               });
                         });
                     </script>
                 """
                 filter_option = """,
                                     minimumResultsForSearch: -1
                 """
                 input_id = attrs.get('id') or name
                 extra_classes = ' '.join(attrs.pop('extra_classes', []))
                 filter_enabled = "" if enable_filter else filter_option
                 select_script = literal(select2 % (input_id, extra_classes, filter_enabled))
                 return literal(select_html+select_script)
             def get_visual_attr(tmpl_context_var, attr_name):
                 """
                 A safe way to get a variable from visual variable of template context
                 :param tmpl_context_var: instance of tmpl_context, usually present as `c`
                 :param attr_name: name of the attribute we fetch from the c.visual
                 """
                 visual = getattr(tmpl_context_var, 'visual', None)
                 if not visual:
                     return
                 else:
                     return getattr(visual, attr_name, None)
             def get_last_path_part(file_node):
                 if not file_node.path:
                     return u'/'
                 path = safe_unicode(file_node.path.split('/')[-1])
                 return u'../' + path
             def route_url(*args, **kwargs):
                 """
                 Wrapper around pyramids `route_url` (fully qualified url) function.
                 """
                 req = get_current_request()
                 return req.route_url(*args, **kwargs)
             def route_path(*args, **kwargs):
                 """
                 Wrapper around pyramids `route_path` function.
                 """
                 req = get_current_request()
                 return req.route_path(*args, **kwargs)
             def route_path_or_none(*args, **kwargs):
                 try:
                     return route_path(*args, **kwargs)
                 except KeyError:
                     return None
             def current_route_path(request, **kw):
                 new_args = request.GET.mixed()
                 new_args.update(kw)
                 return request.current_route_path(_query=new_args)
             def curl_api_example(method, args):
                 args_json = json.dumps(OrderedDict([
                     ('id', 1),
                     ('auth_token', 'SECRET'),
                     ('method', method),
                     ('args', args)
                 ]))
                 return "curl {api_url} -X POST -H 'content-type:text/plain' --data-binary '{args_json}'".format(
                     api_url=route_url('apiv2'),
                     args_json=args_json
                 )
             def api_call_example(method, args):
                 """
                 Generates an API call example via CURL
                 """
                 curl_call = curl_api_example(method, args)
                 return literal(
                     curl_call +
                     "<br/><br/>SECRET can be found in <a href=\"{token_url}\">auth-tokens</a> page, "
                     "and needs to be of `api calls` role."
                     .format(token_url=route_url('my_account_auth_tokens')))
             def notification_description(notification, request):
                 """
                 Generate notification human readable description based on notification type
                 """
                 from rhodecode.model.notification import NotificationModel
                 return NotificationModel().make_description(
                     notification, translate=request.translate)
             def go_import_header(request, db_repo=None):
                 """
                 Creates a header for go-import functionality in Go Lang
                 """
                 if not db_repo:
                     return
                 if 'go-get' not in request.GET:
                     return
                 clone_url = db_repo.clone_url()
                 prefix = re.split(r'^https?:\/\/', clone_url)[-1]
                 # we have a repo and go-get flag,
                 return literal('<meta name="go-import" content="{} {} {}">'.format(
                     prefix, db_repo.repo_type, clone_url))
             def reviewer_as_json(*args, **kwargs):
                 from rhodecode.apps.repository.utils import reviewer_as_json as _reviewer_as_json
                 return _reviewer_as_json(*args, **kwargs)
             def get_repo_view_type(request):
                 route_name = request.matched_route.name
                 route_to_view_type = {
                     'repo_changelog': 'commits',
                     'repo_commits': 'commits',
                     'repo_files': 'files',
                     'repo_summary': 'summary',
                     'repo_commit': 'commit'
                 }
                 return route_to_view_type.get(route_name)
             def is_active(menu_entry, selected):
                 """
                 Returns active class for selecting menus in templates
                 <li class=${h.is_active('settings', current_active)}></li>
                 """
                 if not isinstance(menu_entry, list):
                     menu_entry = [menu_entry]
                 if selected in menu_entry:
                     return "active"
             class IssuesRegistry(object):
                 """
                 issue_registry = IssuesRegistry()
                 some_func(issues_callback=issues_registry(...))
                 """
                 def __init__(self):
                     self.issues = []
                     self.unique_issues = collections.defaultdict(lambda: [])
                 def __call__(self, commit_dict=None):
                     def callback(issue):
                         if commit_dict and issue:
                             issue['commit'] = commit_dict
                         self.issues.append(issue)
                         self.unique_issues[issue['id']].append(issue)
                     return callback
                 def get_issues(self):
                     return self.issues
                 @property
                 def issues_unique_count(self):
                     return len(set(i['id'] for i in self.issues))

rhodecode/lib/vcs/backends/hg/repository.py

0 +3 -2

             # -*- coding: utf-8 -*-
             # Copyright (C) 2014-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             HG repository module
             """
             import os
             import logging
             import binascii
             import configparser
             import urllib.request, urllib.parse, urllib.error
             from zope.cachedescriptors.property import Lazy as LazyProperty
             from collections import OrderedDict
             from rhodecode.lib.datelib import (
                 date_to_timestamp_plus_offset, utcdate_fromtimestamp, makedate)
             from rhodecode.lib.utils import safe_unicode, safe_str
             from rhodecode.lib.utils2 import CachedProperty
             from rhodecode.lib.vcs import connection, exceptions
             from rhodecode.lib.vcs.backends.base import (
                 BaseRepository, CollectionGenerator, Config, MergeResponse,
                 MergeFailureReason, Reference, BasePathPermissionChecker)
             from rhodecode.lib.vcs.backends.hg.commit import MercurialCommit
             from rhodecode.lib.vcs.backends.hg.diff import MercurialDiff
             from rhodecode.lib.vcs.backends.hg.inmemory import MercurialInMemoryCommit
             from rhodecode.lib.vcs.exceptions import (
                 EmptyRepositoryError, RepositoryError, TagAlreadyExistError,
                 TagDoesNotExistError, CommitDoesNotExistError, SubrepoMergeError, UnresolvedFilesInRepo)
             hexlify = binascii.hexlify
             nullid = "\0" * 20
             log = logging.getLogger(__name__)
             class MercurialRepository(BaseRepository):
                 """
                 Mercurial repository backend
                 """
                 DEFAULT_BRANCH_NAME = 'default'
                 def __init__(self, repo_path, config=None, create=False, src_url=None,
                              do_workspace_checkout=False, with_wire=None, bare=False):
                     """
                     Raises RepositoryError if repository could not be find at the given
                     ``repo_path``.
                     :param repo_path: local path of the repository
                     :param config: config object containing the repo configuration
                     :param create=False: if set to True, would try to create repository if
                        it does not exist rather than raising exception
                     :param src_url=None: would try to clone repository from given location
                     :param do_workspace_checkout=False: sets update of working copy after
                        making a clone
                     :param bare: not used, compatible with other VCS
                     """
                     self.path = safe_str(os.path.abspath(repo_path))
                     # mercurial since 4.4.X requires certain configuration to be present
                     # because sometimes we init the repos with config we need to meet
                     # special requirements
                     self.config = config if config else self.get_default_config(
                         default=[('extensions', 'largefiles', '1')])
                     self.with_wire = with_wire or {"cache": False}  # default should not use cache
                     self._init_repo(create, src_url, do_workspace_checkout)
                     # caches
                     self._commit_ids = {}
                 @LazyProperty
                 def _remote(self):
                     repo_id = self.path
                     return connection.Hg(self.path, repo_id, self.config, with_wire=self.with_wire)
                 @CachedProperty
                 def commit_ids(self):
                     """
                     Returns list of commit ids, in ascending order.  Being lazy
                     attribute allows external tools to inject shas from cache.
                     """
                     commit_ids = self._get_all_commit_ids()
                     self._rebuild_cache(commit_ids)
                     return commit_ids
                 def _rebuild_cache(self, commit_ids):
                     self._commit_ids = dict((commit_id, index)
                                             for index, commit_id in enumerate(commit_ids))
                 @CachedProperty
                 def branches(self):
                     return self._get_branches()
                 @CachedProperty
                 def branches_closed(self):
                     return self._get_branches(active=False, closed=True)
                 @CachedProperty
                 def branches_all(self):
                     all_branches = {}
                     all_branches.update(self.branches)
                     all_branches.update(self.branches_closed)
                     return all_branches
                 def _get_branches(self, active=True, closed=False):
                     """
                     Gets branches for this repository
                     Returns only not closed active branches by default
                     :param active: return also active branches
                     :param closed: return also closed branches
                     """
                     if self.is_empty():
                         return {}
                     def get_name(ctx):
                         return ctx[0]
                     _branches = [(safe_unicode(n), hexlify(h),) for n, h in
                                  self._remote.branches(active, closed).items()]
                     return OrderedDict(sorted(_branches, key=get_name, reverse=False))
                 @CachedProperty
                 def tags(self):
                     """
                     Gets tags for this repository
                     """
                     return self._get_tags()
                 def _get_tags(self):
                     if self.is_empty():
                         return {}
                     def get_name(ctx):
                         return ctx[0]
                     _tags = [(safe_unicode(n), hexlify(h),) for n, h in
                              self._remote.tags().items()]
                     return OrderedDict(sorted(_tags, key=get_name, reverse=True))
                 def tag(self, name, user, commit_id=None, message=None, date=None, **kwargs):
                     """
                     Creates and returns a tag for the given ``commit_id``.
                     :param name: name for new tag
                     :param user: full username, i.e.: "Joe Doe <joe.doe@example.com>"
                     :param commit_id: commit id for which new tag would be created
                     :param message: message of the tag's commit
                     :param date: date of tag's commit
                     :raises TagAlreadyExistError: if tag with same name already exists
                     """
                     if name in self.tags:
                         raise TagAlreadyExistError("Tag %s already exists" % name)
                     commit = self.get_commit(commit_id=commit_id)
                     local = kwargs.setdefault('local', False)
                     if message is None:
                         message = "Added tag %s for commit %s" % (name, commit.short_id)
                     date, tz = date_to_timestamp_plus_offset(date)
                     self._remote.tag(name, commit.raw_id, message, local, user, date, tz)
                     self._remote.invalidate_vcs_cache()
                     # Reinitialize tags
                     self._invalidate_prop_cache('tags')
                     tag_id = self.tags[name]
                     return self.get_commit(commit_id=tag_id)
                 def remove_tag(self, name, user, message=None, date=None):
                     """
                     Removes tag with the given `name`.
                     :param name: name of the tag to be removed
                     :param user: full username, i.e.: "Joe Doe <joe.doe@example.com>"
                     :param message: message of the tag's removal commit
                     :param date: date of tag's removal commit
                     :raises TagDoesNotExistError: if tag with given name does not exists
                     """
                     if name not in self.tags:
                         raise TagDoesNotExistError("Tag %s does not exist" % name)
                     if message is None:
                         message = "Removed tag %s" % name
                     local = False
                     date, tz = date_to_timestamp_plus_offset(date)
                     self._remote.tag(name, nullid, message, local, user, date, tz)
                     self._remote.invalidate_vcs_cache()
                     self._invalidate_prop_cache('tags')
                 @LazyProperty
                 def bookmarks(self):
                     """
                     Gets bookmarks for this repository
                     """
                     return self._get_bookmarks()
                 def _get_bookmarks(self):
                     if self.is_empty():
                         return {}
                     def get_name(ctx):
                         return ctx[0]
                     _bookmarks = [
                         (safe_unicode(n), hexlify(h)) for n, h in
                         self._remote.bookmarks().items()]
                     return OrderedDict(sorted(_bookmarks, key=get_name))
                 def _get_all_commit_ids(self):
                     return self._remote.get_all_commit_ids('visible')
                 def get_diff(
                         self, commit1, commit2, path='', ignore_whitespace=False,
                         context=3, path1=None):
                     """
                     Returns (git like) *diff*, as plain text. Shows changes introduced by
                     `commit2` since `commit1`.
                     :param commit1: Entry point from which diff is shown. Can be
                       ``self.EMPTY_COMMIT`` - in this case, patch showing all
                       the changes since empty state of the repository until `commit2`
                     :param commit2: Until which commit changes should be shown.
                     :param ignore_whitespace: If set to ``True``, would not show whitespace
                       changes. Defaults to ``False``.
                     :param context: How many lines before/after changed lines should be
                       shown. Defaults to ``3``.
                     """
                     self._validate_diff_commits(commit1, commit2)
                     if path1 is not None and path1 != path:
                         raise ValueError("Diff of two different paths not supported.")
                     if path:
                         file_filter = [self.path, path]
                     else:
                         file_filter = None
                     diff = self._remote.diff(
                         commit1.raw_id, commit2.raw_id, file_filter=file_filter,
                         opt_git=True, opt_ignorews=ignore_whitespace,
                         context=context)
                     return MercurialDiff(diff)
                 def strip(self, commit_id, branch=None):
                     self._remote.strip(commit_id, update=False, backup="none")
                     self._remote.invalidate_vcs_cache()
                     # clear cache
                     self._invalidate_prop_cache('commit_ids')
                     return len(self.commit_ids)
                 def verify(self):
                     verify = self._remote.verify()
                     self._remote.invalidate_vcs_cache()
                     return verify
                 def hg_update_cache(self):
                     update_cache = self._remote.hg_update_cache()
                     self._remote.invalidate_vcs_cache()
                     return update_cache
                 def hg_rebuild_fn_cache(self):
                     update_cache = self._remote.hg_rebuild_fn_cache()
                     self._remote.invalidate_vcs_cache()
                     return update_cache
                 def get_common_ancestor(self, commit_id1, commit_id2, repo2):
                     log.debug('Calculating common ancestor between %sc1:%s and %sc2:%s',
                               self, commit_id1, repo2, commit_id2)
                     if commit_id1 == commit_id2:
                         return commit_id1
                     ancestors = self._remote.revs_from_revspec(
                         "ancestor(id(%s), id(%s))", commit_id1, commit_id2,
                         other_path=repo2.path)
                     ancestor_id = repo2[ancestors[0]].raw_id if ancestors else None
                     log.debug('Found common ancestor with sha: %s', ancestor_id)
                     return ancestor_id
                 def compare(self, commit_id1, commit_id2, repo2, merge, pre_load=None):
                     if commit_id1 == commit_id2:
                         commits = []
                     else:
                         if merge:
                             indexes = self._remote.revs_from_revspec(
                                 "ancestors(id(%s)) - ancestors(id(%s)) - id(%s)",
                                 commit_id2, commit_id1, commit_id1, other_path=repo2.path)
                         else:
                             indexes = self._remote.revs_from_revspec(
                                 "id(%s)..id(%s) - id(%s)", commit_id1, commit_id2,
                                 commit_id1, other_path=repo2.path)
                         commits = [repo2.get_commit(commit_idx=idx, pre_load=pre_load)
                                    for idx in indexes]
                     return commits
                 @staticmethod
                 def check_url(url, config):
                     """
                     Function will check given url and try to verify if it's a valid
                     link. Sometimes it may happened that mercurial will issue basic
                     auth request that can cause whole API to hang when used from python
                     or other external calls.
                     On failures it'll raise urllib2.HTTPError, exception is also thrown
                     when the return code is non 200
                     """
                     # check first if it's not an local url
                     if os.path.isdir(url) or url.startswith('file:'):
                         return True
                     # Request the _remote to verify the url
                     return connection.Hg.check_url(url, config.serialize())
                 @staticmethod
                 def is_valid_repository(path):
                     return os.path.isdir(os.path.join(path, '.hg'))
                 def _init_repo(self, create, src_url=None, do_workspace_checkout=False):
                     """
                     Function will check for mercurial repository in given path. If there
                     is no repository in that path it will raise an exception unless
                     `create` parameter is set to True - in that case repository would
                     be created.
                     If `src_url` is given, would try to clone repository from the
                     location at given clone_point. Additionally it'll make update to
                     working copy accordingly to `do_workspace_checkout` flag.
                     """
                     if create and os.path.exists(self.path):
                         raise RepositoryError(
                             "Cannot create repository at %s, location already exist"
                             % self.path)
                     if src_url:
                         url = str(self._get_url(src_url))
                         MercurialRepository.check_url(url, self.config)
                         self._remote.clone(url, self.path, do_workspace_checkout)
                         # Don't try to create if we've already cloned repo
                         create = False
                     if create:
                         os.makedirs(self.path, mode=0o755)
                     self._remote.localrepository(create)
                 @LazyProperty
                 def in_memory_commit(self):
                     return MercurialInMemoryCommit(self)
                 @LazyProperty
                 def description(self):
                     description = self._remote.get_config_value(
                         'web', 'description', untrusted=True)
                     return safe_unicode(description or self.DEFAULT_DESCRIPTION)
                 @LazyProperty
                 def contact(self):
                     contact = (
                         self._remote.get_config_value("web", "contact") or
                         self._remote.get_config_value("ui", "username"))
                     return safe_unicode(contact or self.DEFAULT_CONTACT)
                 @LazyProperty
                 def last_change(self):
                     """
                     Returns last change made on this repository as
                     `datetime.datetime` object.
                     """
                     try:
                         return self.get_commit().date
                     except RepositoryError:
                         tzoffset = makedate()[1]
                         return utcdate_fromtimestamp(self._get_fs_mtime(), tzoffset)
                 def _get_fs_mtime(self):
                     # fallback to filesystem
                     cl_path = os.path.join(self.path, '.hg', "00changelog.i")
                     st_path = os.path.join(self.path, '.hg', "store")
                     if os.path.exists(cl_path):
                         return os.stat(cl_path).st_mtime
                     else:
                         return os.stat(st_path).st_mtime
                 def _get_url(self, url):
                     """
                     Returns normalized url. If schema is not given, would fall
                     to filesystem
                     (``file:///``) schema.
                     """
                     url = url.encode('utf8')
                     if url != 'default' and '://' not in url:
                         url = "file:" + urllib.request.pathname2url(url)
                     return url
                 def get_hook_location(self):
                     """
                     returns absolute path to location where hooks are stored
                     """
                     return os.path.join(self.path, '.hg', '.hgrc')
                 def get_commit(self, commit_id=None, commit_idx=None, pre_load=None,
                                translate_tag=None, maybe_unreachable=False, reference_obj=None):
                     """
                     Returns ``MercurialCommit`` object representing repository's
                     commit at the given `commit_id` or `commit_idx`.
                     """
                     if self.is_empty():
                         raise EmptyRepositoryError("There are no commits yet")
                     if commit_id is not None:
                         self._validate_commit_id(commit_id)
                         try:
                             # we have cached idx, use it without contacting the remote
                             idx = self._commit_ids[commit_id]
                             return MercurialCommit(self, commit_id, idx, pre_load=pre_load)
                         except KeyError:
                             pass
                     elif commit_idx is not None:
                         self._validate_commit_idx(commit_idx)
                         try:
                             _commit_id = self.commit_ids[commit_idx]
                             if commit_idx < 0:
                                 commit_idx = self.commit_ids.index(_commit_id)
                             return MercurialCommit(self, _commit_id, commit_idx, pre_load=pre_load)
                         except IndexError:
                             commit_id = commit_idx
                     else:
                         commit_id = "tip"
-                    if isinstance(commit_id, unicode):
+                    #TODO: decide if we pass bytes or str into lookup ?
-                        commit_id = safe_str(commit_id)
+                    # if isinstance(commit_id, unicode):
+                    #     commit_id = safe_str(commit_id)
                     try:
                         raw_id, idx = self._remote.lookup(commit_id, both=True)
                     except CommitDoesNotExistError:
                         msg = "Commit {} does not exist for `{}`".format(
                             *map(safe_str, [commit_id, self.name]))
                         raise CommitDoesNotExistError(msg)
                     return MercurialCommit(self, raw_id, idx, pre_load=pre_load)
                 def get_commits(
                         self, start_id=None, end_id=None, start_date=None, end_date=None,
                         branch_name=None, show_hidden=False, pre_load=None, translate_tags=None):
                     """
                     Returns generator of ``MercurialCommit`` objects from start to end
                     (both are inclusive)
                     :param start_id: None, str(commit_id)
                     :param end_id: None, str(commit_id)
                     :param start_date: if specified, commits with commit date less than
                       ``start_date`` would be filtered out from returned set
                     :param end_date: if specified, commits with commit date greater than
                       ``end_date`` would be filtered out from returned set
                     :param branch_name: if specified, commits not reachable from given
                       branch would be filtered out from returned set
                     :param show_hidden: Show hidden commits such as obsolete or hidden from
                         Mercurial evolve
                     :raise BranchDoesNotExistError: If given ``branch_name`` does not
                         exist.
                     :raise CommitDoesNotExistError: If commit for given ``start`` or
                       ``end`` could not be found.
                     """
                     # actually we should check now if it's not an empty repo
                     if self.is_empty():
                         raise EmptyRepositoryError("There are no commits yet")
                     self._validate_branch_name(branch_name)
                     branch_ancestors = False
                     if start_id is not None:
                         self._validate_commit_id(start_id)
                         c_start = self.get_commit(commit_id=start_id)
                         start_pos = self._commit_ids[c_start.raw_id]
                     else:
                         start_pos = None
                     if end_id is not None:
                         self._validate_commit_id(end_id)
                         c_end = self.get_commit(commit_id=end_id)
                         end_pos = max(0, self._commit_ids[c_end.raw_id])
                     else:
                         end_pos = None
                     if None not in [start_id, end_id] and start_pos > end_pos:
                         raise RepositoryError(
                             "Start commit '%s' cannot be after end commit '%s'" %
                             (start_id, end_id))
                     if end_pos is not None:
                         end_pos += 1
                     commit_filter = []
                     if branch_name and not branch_ancestors:
                         commit_filter.append('branch("%s")' % (branch_name,))
                     elif branch_name and branch_ancestors:
                         commit_filter.append('ancestors(branch("%s"))' % (branch_name,))
                     if start_date and not end_date:
                         commit_filter.append('date(">%s")' % (start_date,))
                     if end_date and not start_date:
                         commit_filter.append('date("<%s")' % (end_date,))
                     if start_date and end_date:
                         commit_filter.append(
                             'date(">%s") and date("<%s")' % (start_date, end_date))
                     if not show_hidden:
                         commit_filter.append('not obsolete()')
                         commit_filter.append('not hidden()')
                     # TODO: johbo: Figure out a simpler way for this solution
                     collection_generator = CollectionGenerator
                     if commit_filter:
                         commit_filter = ' and '.join(map(safe_str, commit_filter))
                         revisions = self._remote.rev_range([commit_filter])
                         collection_generator = MercurialIndexBasedCollectionGenerator
                     else:
                         revisions = self.commit_ids
                     if start_pos or end_pos:
                         revisions = revisions[start_pos:end_pos]
                     return collection_generator(self, revisions, pre_load=pre_load)
                 def pull(self, url, commit_ids=None):
                     """
                     Pull changes from external location.
                     :param commit_ids: Optional. Can be set to a list of commit ids
                        which shall be pulled from the other repository.
                     """
                     url = self._get_url(url)
                     self._remote.pull(url, commit_ids=commit_ids)
                     self._remote.invalidate_vcs_cache()
                 def fetch(self, url, commit_ids=None):
                     """
                     Backward compatibility with GIT fetch==pull
                     """
                     return self.pull(url, commit_ids=commit_ids)
                 def push(self, url):
                     url = self._get_url(url)
                     self._remote.sync_push(url)
                 def _local_clone(self, clone_path):
                     """
                     Create a local clone of the current repo.
                     """
                     self._remote.clone(self.path, clone_path, update_after_clone=True,
                                        hooks=False)
                 def _update(self, revision, clean=False):
                     """
                     Update the working copy to the specified revision.
                     """
                     log.debug('Doing checkout to commit: `%s` for %s', revision, self)
                     self._remote.update(revision, clean=clean)
                 def _identify(self):
                     """
                     Return the current state of the working directory.
                     """
                     return self._remote.identify().strip().rstrip('+')
                 def _heads(self, branch=None):
                     """
                     Return the commit ids of the repository heads.
                     """
                     return self._remote.heads(branch=branch).strip().split(' ')
                 def _ancestor(self, revision1, revision2):
                     """
                     Return the common ancestor of the two revisions.
                     """
                     return self._remote.ancestor(revision1, revision2)
                 def _local_push(
                         self, revision, repository_path, push_branches=False,
                         enable_hooks=False):
                     """
                     Push the given revision to the specified repository.
                     :param push_branches: allow to create branches in the target repo.
                     """
                     self._remote.push(
                         [revision], repository_path, hooks=enable_hooks,
                         push_branches=push_branches)
                 def _local_merge(self, target_ref, merge_message, user_name, user_email,
                                  source_ref, use_rebase=False, close_commit_id=None, dry_run=False):
                     """
                     Merge the given source_revision into the checked out revision.
                     Returns the commit id of the merge and a boolean indicating if the
                     commit needs to be pushed.
                     """
                     source_ref_commit_id = source_ref.commit_id
                     target_ref_commit_id = target_ref.commit_id
                     # update our workdir to target ref, for proper merge
                     self._update(target_ref_commit_id, clean=True)
                     ancestor = self._ancestor(target_ref_commit_id, source_ref_commit_id)
                     is_the_same_branch = self._is_the_same_branch(target_ref, source_ref)
                     if close_commit_id:
                         # NOTE(marcink): if we get the close commit, this is our new source
                         # which will include the close commit itself.
                         source_ref_commit_id = close_commit_id
                     if ancestor == source_ref_commit_id:
                         # Nothing to do, the changes were already integrated
                         return target_ref_commit_id, False
                     elif ancestor == target_ref_commit_id and is_the_same_branch:
                         # In this case we should force a commit message
                         return source_ref_commit_id, True
                     unresolved = None
                     if use_rebase:
                         try:
                             bookmark_name = 'rcbook%s%s' % (source_ref_commit_id, target_ref_commit_id)
                             self.bookmark(bookmark_name, revision=source_ref.commit_id)
                             self._remote.rebase(
                                 source=source_ref_commit_id, dest=target_ref_commit_id)
                             self._remote.invalidate_vcs_cache()
                             self._update(bookmark_name, clean=True)
                             return self._identify(), True
                         except RepositoryError as e:
                             # The rebase-abort may raise another exception which 'hides'
                             # the original one, therefore we log it here.
                             log.exception('Error while rebasing shadow repo during merge.')
                             if 'unresolved conflicts' in safe_str(e):
                                 unresolved = self._remote.get_unresolved_files()
                                 log.debug('unresolved files: %s', unresolved)
                             # Cleanup any rebase leftovers
                             self._remote.invalidate_vcs_cache()
                             self._remote.rebase(abort=True)
                             self._remote.invalidate_vcs_cache()
                             self._remote.update(clean=True)
                             if unresolved:
                                 raise UnresolvedFilesInRepo(unresolved)
                             else:
                                 raise
                     else:
                         try:
                             self._remote.merge(source_ref_commit_id)
                             self._remote.invalidate_vcs_cache()
                             self._remote.commit(
                                 message=safe_str(merge_message),
                                 username=safe_str('%s <%s>' % (user_name, user_email)))
                             self._remote.invalidate_vcs_cache()
                             return self._identify(), True
                         except RepositoryError as e:
                             # The merge-abort may raise another exception which 'hides'
                             # the original one, therefore we log it here.
                             log.exception('Error while merging shadow repo during merge.')
                             if 'unresolved merge conflicts' in safe_str(e):
                                 unresolved = self._remote.get_unresolved_files()
                                 log.debug('unresolved files: %s', unresolved)
                             # Cleanup any merge leftovers
                             self._remote.update(clean=True)
                             if unresolved:
                                 raise UnresolvedFilesInRepo(unresolved)
                             else:
                                 raise
                 def _local_close(self, target_ref, user_name, user_email,
                                  source_ref, close_message=''):
                     """
                     Close the branch of the given source_revision
                     Returns the commit id of the close and a boolean indicating if the
                     commit needs to be pushed.
                     """
                     self._update(source_ref.commit_id)
                     message = close_message or "Closing branch: `{}`".format(source_ref.name)
                     try:
                         self._remote.commit(
                             message=safe_str(message),
                             username=safe_str('%s <%s>' % (user_name, user_email)),
                             close_branch=True)
                         self._remote.invalidate_vcs_cache()
                         return self._identify(), True
                     except RepositoryError:
                         # Cleanup any commit leftovers
                         self._remote.update(clean=True)
                         raise
                 def _is_the_same_branch(self, target_ref, source_ref):
                     return (
                         self._get_branch_name(target_ref) ==
                         self._get_branch_name(source_ref))
                 def _get_branch_name(self, ref):
                     if ref.type == 'branch':
                         return ref.name
                     return self._remote.ctx_branch(ref.commit_id)
                 def _maybe_prepare_merge_workspace(
                         self, repo_id, workspace_id, unused_target_ref, unused_source_ref):
                     shadow_repository_path = self._get_shadow_repository_path(
                         self.path, repo_id, workspace_id)
                     if not os.path.exists(shadow_repository_path):
                         self._local_clone(shadow_repository_path)
                         log.debug(
                             'Prepared shadow repository in %s', shadow_repository_path)
                     return shadow_repository_path
                 def _merge_repo(self, repo_id, workspace_id, target_ref,
                                 source_repo, source_ref, merge_message,
                                 merger_name, merger_email, dry_run=False,
                                 use_rebase=False, close_branch=False):
                     log.debug('Executing merge_repo with %s strategy, dry_run mode:%s',
                               'rebase' if use_rebase else 'merge', dry_run)
                     if target_ref.commit_id not in self._heads():
                         return MergeResponse(
                             False, False, None, MergeFailureReason.TARGET_IS_NOT_HEAD,
                             metadata={'target_ref': target_ref})
                     try:
                         if target_ref.type == 'branch' and len(self._heads(target_ref.name)) != 1:
                             heads_all = self._heads(target_ref.name)
                             max_heads = 10
                             if len(heads_all) > max_heads:
                                 heads = '\n,'.join(
                                     heads_all[:max_heads] +
                                     ['and {} more.'.format(len(heads_all)-max_heads)])
                             else:
                                 heads = '\n,'.join(heads_all)
                             metadata = {
                                 'target_ref': target_ref,
                                 'source_ref': source_ref,
                                 'heads': heads
                             }
                             return MergeResponse(
                                 False, False, None,
                                 MergeFailureReason.HG_TARGET_HAS_MULTIPLE_HEADS,
                                 metadata=metadata)
                     except CommitDoesNotExistError:
                         log.exception('Failure when looking up branch heads on hg target')
                         return MergeResponse(
                             False, False, None, MergeFailureReason.MISSING_TARGET_REF,
                             metadata={'target_ref': target_ref})
                     shadow_repository_path = self._maybe_prepare_merge_workspace(
                         repo_id, workspace_id, target_ref, source_ref)
                     shadow_repo = self.get_shadow_instance(shadow_repository_path)
                     log.debug('Pulling in target reference %s', target_ref)
                     self._validate_pull_reference(target_ref)
                     shadow_repo._local_pull(self.path, target_ref)
                     try:
                         log.debug('Pulling in source reference %s', source_ref)
                         source_repo._validate_pull_reference(source_ref)
                         shadow_repo._local_pull(source_repo.path, source_ref)
                     except CommitDoesNotExistError:
                         log.exception('Failure when doing local pull on hg shadow repo')
                         return MergeResponse(
                             False, False, None, MergeFailureReason.MISSING_SOURCE_REF,
                             metadata={'source_ref': source_ref})
                     merge_ref = None
                     merge_commit_id = None
                     close_commit_id = None
                     merge_failure_reason = MergeFailureReason.NONE
                     metadata = {}
                     # enforce that close branch should be used only in case we source from
                     # an actual Branch
                     close_branch = close_branch and source_ref.type == 'branch'
                     # don't allow to close branch if source and target are the same
                     close_branch = close_branch and source_ref.name != target_ref.name
                     needs_push_on_close = False
                     if close_branch and not use_rebase and not dry_run:
                         try:
                             close_commit_id, needs_push_on_close = shadow_repo._local_close(
                                 target_ref, merger_name, merger_email, source_ref)
                             merge_possible = True
                         except RepositoryError:
                             log.exception('Failure when doing close branch on '
                                           'shadow repo: %s', shadow_repo)
                             merge_possible = False
                             merge_failure_reason = MergeFailureReason.MERGE_FAILED
                     else:
                         merge_possible = True
                     needs_push = False
                     if merge_possible:
                         try:
                             merge_commit_id, needs_push = shadow_repo._local_merge(
                                 target_ref, merge_message, merger_name, merger_email,
                                 source_ref, use_rebase=use_rebase,
                                 close_commit_id=close_commit_id, dry_run=dry_run)
                             merge_possible = True
                             # read the state of the close action, if it
                             # maybe required a push
                             needs_push = needs_push or needs_push_on_close
                             # Set a bookmark pointing to the merge commit. This bookmark
                             # may be used to easily identify the last successful merge
                             # commit in the shadow repository.
                             shadow_repo.bookmark('pr-merge', revision=merge_commit_id)
                             merge_ref = Reference('book', 'pr-merge', merge_commit_id)
                         except SubrepoMergeError:
                             log.exception(
                                 'Subrepo merge error during local merge on hg shadow repo.')
                             merge_possible = False
                             merge_failure_reason = MergeFailureReason.SUBREPO_MERGE_FAILED
                             needs_push = False
                         except RepositoryError as e:
                             log.exception('Failure when doing local merge on hg shadow repo')
                             if isinstance(e, UnresolvedFilesInRepo):
                                 all_conflicts = list(e.args[0])
                                 max_conflicts = 20
                                 if len(all_conflicts) > max_conflicts:
                                     conflicts = all_conflicts[:max_conflicts] \
                                                 + ['and {} more.'.format(len(all_conflicts)-max_conflicts)]
                                 else:
                                     conflicts = all_conflicts
                                 metadata['unresolved_files'] = \
                                     '\n* conflict: ' + \
                                     ('\n * conflict: '.join(conflicts))
                             merge_possible = False
                             merge_failure_reason = MergeFailureReason.MERGE_FAILED
                             needs_push = False
                     if merge_possible and not dry_run:
                         if needs_push:
                             # In case the target is a bookmark, update it, so after pushing
                             # the bookmarks is also updated in the target.
                             if target_ref.type == 'book':
                                 shadow_repo.bookmark(
                                     target_ref.name, revision=merge_commit_id)
                             try:
                                 shadow_repo_with_hooks = self.get_shadow_instance(
                                     shadow_repository_path,
                                     enable_hooks=True)
                                 # This is the actual merge action, we push from shadow
                                 # into origin.
                                 # Note: the push_branches option will push any new branch
                                 # defined in the source repository to the target. This may
                                 # be dangerous as branches are permanent in Mercurial.
                                 # This feature was requested in issue #441.
                                 shadow_repo_with_hooks._local_push(
                                     merge_commit_id, self.path, push_branches=True,
                                     enable_hooks=True)
                                 # maybe we also need to push the close_commit_id
                                 if close_commit_id:
                                     shadow_repo_with_hooks._local_push(
                                         close_commit_id, self.path, push_branches=True,
                                         enable_hooks=True)
                                 merge_succeeded = True
                             except RepositoryError:
                                 log.exception(
                                     'Failure when doing local push from the shadow '
                                     'repository to the target repository at %s.', self.path)
                                 merge_succeeded = False
                                 merge_failure_reason = MergeFailureReason.PUSH_FAILED
                                 metadata['target'] = 'hg shadow repo'
                                 metadata['merge_commit'] = merge_commit_id
                         else:
                             merge_succeeded = True
                     else:
                         merge_succeeded = False
                     return MergeResponse(
                         merge_possible, merge_succeeded, merge_ref, merge_failure_reason,
                         metadata=metadata)
                 def get_shadow_instance(self, shadow_repository_path, enable_hooks=False, cache=False):
                     config = self.config.copy()
                     if not enable_hooks:
                         config.clear_section('hooks')
                     return MercurialRepository(shadow_repository_path, config, with_wire={"cache": cache})
                 def _validate_pull_reference(self, reference):
                     if not (reference.name in self.bookmarks or
                             reference.name in self.branches or
                             self.get_commit(reference.commit_id)):
                         raise CommitDoesNotExistError(
                             'Unknown branch, bookmark or commit id')
                 def _local_pull(self, repository_path, reference):
                     """
                     Fetch a branch, bookmark or commit from a local repository.
                     """
                     repository_path = os.path.abspath(repository_path)
                     if repository_path == self.path:
                         raise ValueError('Cannot pull from the same repository')
                     reference_type_to_option_name = {
                         'book': 'bookmark',
                         'branch': 'branch',
                     }
                     option_name = reference_type_to_option_name.get(
                         reference.type, 'revision')
                     if option_name == 'revision':
                         ref = reference.commit_id
                     else:
                         ref = reference.name
                     options = {option_name: [ref]}
                     self._remote.pull_cmd(repository_path, hooks=False, **options)
                     self._remote.invalidate_vcs_cache()
                 def bookmark(self, bookmark, revision=None):
                     if isinstance(bookmark, unicode):
                         bookmark = safe_str(bookmark)
                     self._remote.bookmark(bookmark, revision=revision)
                     self._remote.invalidate_vcs_cache()
                 def get_path_permissions(self, username):
                     hgacl_file = os.path.join(self.path, '.hg/hgacl')
                     def read_patterns(suffix):
                         svalue = None
                         for section, option in [
                             ('narrowacl', username + suffix),
                             ('narrowacl', 'default' + suffix),
                             ('narrowhgacl', username + suffix),
                             ('narrowhgacl', 'default' + suffix)
                         ]:
                             try:
                                 svalue = hgacl.get(section, option)
                                 break  # stop at the first value we find
                             except configparser.NoOptionError:
                                 pass
                         if not svalue:
                             return None
                         result = ['/']
                         for pattern in svalue.split():
                             result.append(pattern)
                             if '*' not in pattern and '?' not in pattern:
                                 result.append(pattern + '/*')
                         return result
                     if os.path.exists(hgacl_file):
                         try:
                             hgacl = configparser.RawConfigParser()
                             hgacl.read(hgacl_file)
                             includes = read_patterns('.includes')
                             excludes = read_patterns('.excludes')
                             return BasePathPermissionChecker.create_from_patterns(
                                 includes, excludes)
                         except BaseException as e:
                             msg = 'Cannot read ACL settings from {} on {}: {}'.format(
                                 hgacl_file, self.name, e)
                             raise exceptions.RepositoryRequirementError(msg)
                     else:
                         return None
             class MercurialIndexBasedCollectionGenerator(CollectionGenerator):
                 def _commit_factory(self, commit_id):
                     return self.repo.get_commit(
                         commit_idx=commit_id, pre_load=self.pre_load)

rhodecode/lib/vcs/nodes.py

0 +7 -7

             # -*- coding: utf-8 -*-
             # Copyright (C) 2014-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Module holding everything related to vcs nodes, with vcs2 architecture.
             """
             import os
             import stat
             from zope.cachedescriptors.property import Lazy as LazyProperty
             import rhodecode
             from rhodecode.config.conf import LANGUAGES_EXTENSIONS_MAP
             from rhodecode.lib.utils import safe_unicode, safe_str
             from rhodecode.lib.utils2 import md5
             from rhodecode.lib.vcs import path as vcspath
             from rhodecode.lib.vcs.backends.base import EmptyCommit, FILEMODE_DEFAULT
             from rhodecode.lib.vcs.conf.mtypes import get_mimetypes_db
             from rhodecode.lib.vcs.exceptions import NodeError, RemovedFileNodeError
             LARGEFILE_PREFIX = '.hglf'
             class NodeKind:
                 SUBMODULE = -1
                 DIR = 1
                 FILE = 2
                 LARGEFILE = 3
             class NodeState:
-                ADDED = u'added'
+                ADDED = 'added'
-                CHANGED = u'changed'
+                CHANGED = 'changed'
-                NOT_CHANGED = u'not changed'
+                NOT_CHANGED = 'not changed'
-                REMOVED = u'removed'
+                REMOVED = 'removed'
             class NodeGeneratorBase(object):
                 """
                 Base class for removed added and changed filenodes, it's a lazy generator
                 class that will create filenodes only on iteration or call
                 The len method doesn't need to create filenodes at all
                 """
                 def __init__(self, current_paths, cs):
                     self.cs = cs
                     self.current_paths = current_paths
                 def __call__(self):
                     return [n for n in self]
                 def __getslice__(self, i, j):
                     for p in self.current_paths[i:j]:
                         yield self.cs.get_node(p)
                 def __len__(self):
                     return len(self.current_paths)
                 def __iter__(self):
                     for p in self.current_paths:
                         yield self.cs.get_node(p)
             class AddedFileNodesGenerator(NodeGeneratorBase):
                 """
                 Class holding added files for current commit
                 """
             class ChangedFileNodesGenerator(NodeGeneratorBase):
                 """
                 Class holding changed files for current commit
                 """
             class RemovedFileNodesGenerator(NodeGeneratorBase):
                 """
                 Class holding removed files for current commit
                 """
                 def __iter__(self):
                     for p in self.current_paths:
                         yield RemovedFileNode(path=p)
                 def __getslice__(self, i, j):
                     for p in self.current_paths[i:j]:
                         yield RemovedFileNode(path=p)
             class Node(object):
                 """
                 Simplest class representing file or directory on repository.  SCM backends
                 should use ``FileNode`` and ``DirNode`` subclasses rather than ``Node``
                 directly.
                 Node's ``path`` cannot start with slash as we operate on *relative* paths
                 only. Moreover, every single node is identified by the ``path`` attribute,
                 so it cannot end with slash, too. Otherwise, path could lead to mistakes.
                 """
-                RTLO_MARKER = u"\u202E"  # RTLO marker allows swapping text, and certain
+                RTLO_MARKER = "\u202E"  # RTLO marker allows swapping text, and certain
                                          # security attacks could be used with this
                 commit = None
                 def __init__(self, path, kind):
                     self._validate_path(path)  # can throw exception if path is invalid
                     self.path = safe_str(path.rstrip('/'))  # we store paths as str
                     if path == '' and kind != NodeKind.DIR:
                         raise NodeError("Only DirNode and its subclasses may be "
                                         "initialized with empty path")
                     self.kind = kind
                     if self.is_root() and not self.is_dir():
                         raise NodeError("Root node cannot be FILE kind")
                 def _validate_path(self, path):
                     if path.startswith('/'):
                         raise NodeError(
                             "Cannot initialize Node objects with slash at "
                             "the beginning as only relative paths are supported. "
                             "Got %s" % (path,))
                 @LazyProperty
                 def parent(self):
                     parent_path = self.get_parent_path()
                     if parent_path:
                         if self.commit:
                             return self.commit.get_node(parent_path)
                         return DirNode(parent_path)
                     return None
                 @LazyProperty
                 def unicode_path(self):
                     return safe_unicode(self.path)
                 @LazyProperty
                 def has_rtlo(self):
                     """Detects if a path has right-to-left-override marker"""
                     return self.RTLO_MARKER in self.unicode_path
                 @LazyProperty
                 def unicode_path_safe(self):
                     """
                     Special SAFE representation of path without the right-to-left-override.
                     This should be only used for "showing" the file, cannot be used for any
                     urls etc.
                     """
                     return safe_unicode(self.path).replace(self.RTLO_MARKER, '')
                 @LazyProperty
                 def dir_path(self):
                     """
                     Returns name of the directory from full path of this vcs node. Empty
                     string is returned if there's no directory in the path
                     """
                     _parts = self.path.rstrip('/').rsplit('/', 1)
                     if len(_parts) == 2:
                         return safe_unicode(_parts[0])
-                    return u''
+                    return ''
                 @LazyProperty
                 def name(self):
                     """
                     Returns name of the node so if its path
                     then only last part is returned.
                     """
                     return safe_unicode(self.path.rstrip('/').split('/')[-1])
                 @property
                 def kind(self):
                     return self._kind
                 @kind.setter
                 def kind(self, kind):
                     if hasattr(self, '_kind'):
                         raise NodeError("Cannot change node's kind")
                     else:
                         self._kind = kind
                         # Post setter check (path's trailing slash)
                         if self.path.endswith('/'):
                             raise NodeError("Node's path cannot end with slash")
                 def __cmp__(self, other):
                     """
                     Comparator using name of the node, needed for quick list sorting.
                     """
                     kind_cmp = cmp(self.kind, other.kind)
                     if kind_cmp:
                         if isinstance(self, SubModuleNode):
                             # we make submodules equal to dirnode for "sorting" purposes
                             return NodeKind.DIR
                         return kind_cmp
                     return cmp(self.name, other.name)
                 def __eq__(self, other):
                     for attr in ['name', 'path', 'kind']:
                         if getattr(self, attr) != getattr(other, attr):
                             return False
                     if self.is_file():
                         if self.content != other.content:
                             return False
                     else:
                         # For DirNode's check without entering each dir
                         self_nodes_paths = list(sorted(n.path for n in self.nodes))
                         other_nodes_paths = list(sorted(n.path for n in self.nodes))
                         if self_nodes_paths != other_nodes_paths:
                             return False
                     return True
                 def __ne__(self, other):
                     return not self.__eq__(other)
                 def __repr__(self):
                     return '<%s %r>' % (self.__class__.__name__, self.path)
                 def __str__(self):
                     return self.__repr__()
                 def __unicode__(self):
                     return self.name
                 def get_parent_path(self):
                     """
                     Returns node's parent path or empty string if node is root.
                     """
                     if self.is_root():
                         return ''
                     return vcspath.dirname(self.path.rstrip('/')) + '/'
                 def is_file(self):
                     """
                     Returns ``True`` if node's kind is ``NodeKind.FILE``, ``False``
                     otherwise.
                     """
                     return self.kind == NodeKind.FILE
                 def is_dir(self):
                     """
                     Returns ``True`` if node's kind is ``NodeKind.DIR``, ``False``
                     otherwise.
                     """
                     return self.kind == NodeKind.DIR
                 def is_root(self):
                     """
                     Returns ``True`` if node is a root node and ``False`` otherwise.
                     """
                     return self.kind == NodeKind.DIR and self.path == ''
                 def is_submodule(self):
                     """
                     Returns ``True`` if node's kind is ``NodeKind.SUBMODULE``, ``False``
                     otherwise.
                     """
                     return self.kind == NodeKind.SUBMODULE
                 def is_largefile(self):
                     """
                     Returns ``True`` if node's kind is ``NodeKind.LARGEFILE``, ``False``
                     otherwise
                     """
                     return self.kind == NodeKind.LARGEFILE
                 def is_link(self):
                     if self.commit:
                         return self.commit.is_link(self.path)
                     return False
                 @LazyProperty
                 def added(self):
                     return self.state is NodeState.ADDED
                 @LazyProperty
                 def changed(self):
                     return self.state is NodeState.CHANGED
                 @LazyProperty
                 def not_changed(self):
                     return self.state is NodeState.NOT_CHANGED
                 @LazyProperty
                 def removed(self):
                     return self.state is NodeState.REMOVED
             class FileNode(Node):
                 """
                 Class representing file nodes.
                 :attribute: path: path to the node, relative to repository's root
                 :attribute: content: if given arbitrary sets content of the file
                 :attribute: commit: if given, first time content is accessed, callback
                 :attribute: mode: stat mode for a node. Default is `FILEMODE_DEFAULT`.
                 """
                 _filter_pre_load = []
                 def __init__(self, path, content=None, commit=None, mode=None, pre_load=None):
                     """
                     Only one of ``content`` and ``commit`` may be given. Passing both
                     would raise ``NodeError`` exception.
                     :param path: relative path to the node
                     :param content: content may be passed to constructor
                     :param commit: if given, will use it to lazily fetch content
                     :param mode: ST_MODE (i.e. 0100644)
                     """
                     if content and commit:
                         raise NodeError("Cannot use both content and commit")
                     super(FileNode, self).__init__(path, kind=NodeKind.FILE)
                     self.commit = commit
                     self._content = content
                     self._mode = mode or FILEMODE_DEFAULT
                     self._set_bulk_properties(pre_load)
                 def _set_bulk_properties(self, pre_load):
                     if not pre_load:
                         return
                     pre_load = [entry for entry in pre_load
                                 if entry not in self._filter_pre_load]
                     if not pre_load:
                         return
                     for attr_name in pre_load:
                         result = getattr(self, attr_name)
                         if callable(result):
                             result = result()
                         self.__dict__[attr_name] = result
                 @LazyProperty
                 def mode(self):
                     """
                     Returns lazily mode of the FileNode. If `commit` is not set, would
                     use value given at initialization or `FILEMODE_DEFAULT` (default).
                     """
                     if self.commit:
                         mode = self.commit.get_file_mode(self.path)
                     else:
                         mode = self._mode
                     return mode
                 @LazyProperty
                 def raw_bytes(self):
                     """
                     Returns lazily the raw bytes of the FileNode.
                     """
                     if self.commit:
                         if self._content is None:
                             self._content = self.commit.get_file_content(self.path)
                         content = self._content
                     else:
                         content = self._content
                     return content
                 def stream_bytes(self):
                     """
                     Returns an iterator that will stream the content of the file directly from
                     vcsserver without loading it to memory.
                     """
                     if self.commit:
                         return self.commit.get_file_content_streamed(self.path)
                     raise NodeError("Cannot retrieve stream_bytes without related commit attribute")
                 @LazyProperty
                 def md5(self):
                     """
                     Returns md5 of the file node.
                     """
                     return md5(self.raw_bytes)
                 def metadata_uncached(self):
                     """
                     Returns md5, binary flag of the file node, without any cache usage.
                     """
                     content = self.content_uncached()
                     is_binary = content and '\0' in content
                     size = 0
                     if content:
                         size = len(content)
                     return is_binary, md5(content), size, content
                 def content_uncached(self):
                     """
                     Returns lazily content of the FileNode. If possible, would try to
                     decode content from UTF-8.
                     """
                     if self.commit:
                         content = self.commit.get_file_content(self.path)
                     else:
                         content = self._content
                     return content
                 @LazyProperty
                 def content(self):
                     """
                     Returns lazily content of the FileNode. If possible, would try to
                     decode content from UTF-8.
                     """
                     content = self.raw_bytes
                     if self.is_binary:
                         return content
                     return safe_unicode(content)
                 @LazyProperty
                 def size(self):
                     if self.commit:
                         return self.commit.get_file_size(self.path)
                     raise NodeError(
                         "Cannot retrieve size of the file without related "
                         "commit attribute")
                 @LazyProperty
                 def message(self):
                     if self.commit:
                         return self.last_commit.message
                     raise NodeError(
                         "Cannot retrieve message of the file without related "
                         "commit attribute")
                 @LazyProperty
                 def last_commit(self):
                     if self.commit:
                         pre_load = ["author", "date", "message", "parents"]
                         return self.commit.get_path_commit(self.path, pre_load=pre_load)
                     raise NodeError(
                         "Cannot retrieve last commit of the file without "
                         "related commit attribute")
                 def get_mimetype(self):
                     """
                     Mimetype is calculated based on the file's content. If ``_mimetype``
                     attribute is available, it will be returned (backends which store
                     mimetypes or can easily recognize them, should set this private
                     attribute to indicate that type should *NOT* be calculated).
                     """
                     if hasattr(self, '_mimetype'):
                         if (isinstance(self._mimetype, (tuple, list,)) and
                                 len(self._mimetype) == 2):
                             return self._mimetype
                         else:
                             raise NodeError('given _mimetype attribute must be an 2 '
                                             'element list or tuple')
                     db = get_mimetypes_db()
                     mtype, encoding = db.guess_type(self.name)
                     if mtype is None:
                         if not self.is_largefile() and self.is_binary:
                             mtype = 'application/octet-stream'
                             encoding = None
                         else:
                             mtype = 'text/plain'
                             encoding = None
                             # try with pygments
                             try:
                                 from pygments.lexers import get_lexer_for_filename
                                 mt = get_lexer_for_filename(self.name).mimetypes
                             except Exception:
                                 mt = None
                             if mt:
                                 mtype = mt[0]
                     return mtype, encoding
                 @LazyProperty
                 def mimetype(self):
                     """
                     Wrapper around full mimetype info. It returns only type of fetched
                     mimetype without the encoding part. use get_mimetype function to fetch
                     full set of (type,encoding)
                     """
                     return self.get_mimetype()[0]
                 @LazyProperty
                 def mimetype_main(self):
                     return self.mimetype.split('/')[0]
                 @classmethod
                 def get_lexer(cls, filename, content=None):
                     from pygments import lexers
                     extension = filename.split('.')[-1]
                     lexer = None
                     try:
                         lexer = lexers.guess_lexer_for_filename(
                             filename, content, stripnl=False)
                     except lexers.ClassNotFound:
                         lexer = None
                     # try our EXTENSION_MAP
                     if not lexer:
                         try:
                             lexer_class = LANGUAGES_EXTENSIONS_MAP.get(extension)
                             if lexer_class:
                                 lexer = lexers.get_lexer_by_name(lexer_class[0])
                         except lexers.ClassNotFound:
                             lexer = None
                     if not lexer:
                         lexer = lexers.TextLexer(stripnl=False)
                     return lexer
                 @LazyProperty
                 def lexer(self):
                     """
                     Returns pygment's lexer class. Would try to guess lexer taking file's
                     content, name and mimetype.
                     """
                     return self.get_lexer(self.name, self.content)
                 @LazyProperty
                 def lexer_alias(self):
                     """
                     Returns first alias of the lexer guessed for this file.
                     """
                     return self.lexer.aliases[0]
                 @LazyProperty
                 def history(self):
                     """
                     Returns a list of commit for this file in which the file was changed
                     """
                     if self.commit is None:
                         raise NodeError('Unable to get commit for this FileNode')
                     return self.commit.get_path_history(self.path)
                 @LazyProperty
                 def annotate(self):
                     """
                     Returns a list of three element tuples with lineno, commit and line
                     """
                     if self.commit is None:
                         raise NodeError('Unable to get commit for this FileNode')
                     pre_load = ["author", "date", "message", "parents"]
                     return self.commit.get_file_annotate(self.path, pre_load=pre_load)
                 @LazyProperty
                 def state(self):
                     if not self.commit:
                         raise NodeError(
                             "Cannot check state of the node if it's not "
                             "linked with commit")
                     elif self.path in (node.path for node in self.commit.added):
                         return NodeState.ADDED
                     elif self.path in (node.path for node in self.commit.changed):
                         return NodeState.CHANGED
                     else:
                         return NodeState.NOT_CHANGED
                 @LazyProperty
                 def is_binary(self):
                     """
                     Returns True if file has binary content.
                     """
                     if self.commit:
                         return self.commit.is_node_binary(self.path)
                     else:
                         raw_bytes = self._content
                         return raw_bytes and '\0' in raw_bytes
                 @LazyProperty
                 def extension(self):
                     """Returns filenode extension"""
                     return self.name.split('.')[-1]
                 @property
                 def is_executable(self):
                     """
                     Returns ``True`` if file has executable flag turned on.
                     """
                     return bool(self.mode & stat.S_IXUSR)
                 def get_largefile_node(self):
                     """
                     Try to return a Mercurial FileNode from this node. It does internal
                     checks inside largefile store, if that file exist there it will
                     create special instance of LargeFileNode which can get content from
                     LF store.
                     """
                     if self.commit:
                         return self.commit.get_largefile_node(self.path)
                 def count_lines(self, content, count_empty=False):
                     if count_empty:
                         all_lines = 0
                         empty_lines = 0
                         for line in content.splitlines(True):
                             if line == '\n':
                                 empty_lines += 1
                             all_lines += 1
                         return all_lines, all_lines - empty_lines
                     else:
                         # fast method
                         empty_lines = all_lines = content.count('\n')
                         if all_lines == 0 and content:
                             # one-line without a newline
                             empty_lines = all_lines = 1
                     return all_lines, empty_lines
                 def lines(self, count_empty=False):
                     all_lines, empty_lines = 0, 0
                     if not self.is_binary:
                         content = self.content
                         all_lines, empty_lines = self.count_lines(content, count_empty=count_empty)
                     return all_lines, empty_lines
                 def __repr__(self):
                     return '<%s %r @ %s>' % (self.__class__.__name__, self.path,
                                              getattr(self.commit, 'short_id', ''))
             class RemovedFileNode(FileNode):
                 """
                 Dummy FileNode class - trying to access any public attribute except path,
                 name, kind or state (or methods/attributes checking those two) would raise
                 RemovedFileNodeError.
                 """
                 ALLOWED_ATTRIBUTES = [
                     'name', 'path', 'state', 'is_root', 'is_file', 'is_dir', 'kind',
                     'added', 'changed', 'not_changed', 'removed'
                 ]
                 def __init__(self, path):
                     """
                     :param path: relative path to the node
                     """
                     super(RemovedFileNode, self).__init__(path=path)
                 def __getattribute__(self, attr):
                     if attr.startswith('_') or attr in RemovedFileNode.ALLOWED_ATTRIBUTES:
                         return super(RemovedFileNode, self).__getattribute__(attr)
                     raise RemovedFileNodeError(
                         "Cannot access attribute %s on RemovedFileNode" % attr)
                 @LazyProperty
                 def state(self):
                     return NodeState.REMOVED
             class DirNode(Node):
                 """
                 DirNode stores list of files and directories within this node.
                 Nodes may be used standalone but within repository context they
                 lazily fetch data within same repository's commit.
                 """
                 def __init__(self, path, nodes=(), commit=None):
                     """
                     Only one of ``nodes`` and ``commit`` may be given. Passing both
                     would raise ``NodeError`` exception.
                     :param path: relative path to the node
                     :param nodes: content may be passed to constructor
                     :param commit: if given, will use it to lazily fetch content
                     """
                     if nodes and commit:
                         raise NodeError("Cannot use both nodes and commit")
                     super(DirNode, self).__init__(path, NodeKind.DIR)
                     self.commit = commit
                     self._nodes = nodes
                 @LazyProperty
                 def content(self):
                     raise NodeError(
                         "%s represents a dir and has no `content` attribute" % self)
                 @LazyProperty
                 def nodes(self):
                     if self.commit:
                         nodes = self.commit.get_nodes(self.path)
                     else:
                         nodes = self._nodes
                     self._nodes_dict = dict((node.path, node) for node in nodes)
                     return sorted(nodes)
                 @LazyProperty
                 def files(self):
                     return sorted((node for node in self.nodes if node.is_file()))
                 @LazyProperty
                 def dirs(self):
                     return sorted((node for node in self.nodes if node.is_dir()))
                 def __iter__(self):
                     for node in self.nodes:
                         yield node
                 def get_node(self, path):
                     """
                     Returns node from within this particular ``DirNode``, so it is now
                     allowed to fetch, i.e. node located at 'docs/api/index.rst' from node
                     'docs'. In order to access deeper nodes one must fetch nodes between
                     them first - this would work::
                        docs = root.get_node('docs')
                        docs.get_node('api').get_node('index.rst')
                     :param: path - relative to the current node
                     .. note::
                        To access lazily (as in example above) node have to be initialized
                        with related commit object - without it node is out of
                        context and may know nothing about anything else than nearest
                        (located at same level) nodes.
                     """
                     try:
                         path = path.rstrip('/')
                         if path == '':
                             raise NodeError("Cannot retrieve node without path")
                         self.nodes  # access nodes first in order to set _nodes_dict
                         paths = path.split('/')
                         if len(paths) == 1:
                             if not self.is_root():
                                 path = '/'.join((self.path, paths[0]))
                             else:
                                 path = paths[0]
                             return self._nodes_dict[path]
                         elif len(paths) > 1:
                             if self.commit is None:
                                 raise NodeError("Cannot access deeper nodes without commit")
                             else:
                                 path1, path2 = paths[0], '/'.join(paths[1:])
                                 return self.get_node(path1).get_node(path2)
                         else:
                             raise KeyError
                     except KeyError:
                         raise NodeError("Node does not exist at %s" % path)
                 @LazyProperty
                 def state(self):
                     raise NodeError("Cannot access state of DirNode")
                 @LazyProperty
                 def size(self):
                     size = 0
                     for root, dirs, files in self.commit.walk(self.path):
                         for f in files:
                             size += f.size
                     return size
                 @LazyProperty
                 def last_commit(self):
                     if self.commit:
                         pre_load = ["author", "date", "message", "parents"]
                         return self.commit.get_path_commit(self.path, pre_load=pre_load)
                     raise NodeError(
                         "Cannot retrieve last commit of the file without "
                         "related commit attribute")
                 def __repr__(self):
                     return '<%s %r @ %s>' % (self.__class__.__name__, self.path,
                                              getattr(self.commit, 'short_id', ''))
             class RootNode(DirNode):
                 """
                 DirNode being the root node of the repository.
                 """
                 def __init__(self, nodes=(), commit=None):
                     super(RootNode, self).__init__(path='', nodes=nodes, commit=commit)
                 def __repr__(self):
                     return '<%s>' % self.__class__.__name__
             class SubModuleNode(Node):
                 """
                 represents a SubModule of Git or SubRepo of Mercurial
                 """
                 is_binary = False
                 size = 0
                 def __init__(self, name, url=None, commit=None, alias=None):
                     self.path = name
                     self.kind = NodeKind.SUBMODULE
                     self.alias = alias
                     # we have to use EmptyCommit here since this can point to svn/git/hg
                     # submodules we cannot get from repository
                     self.commit = EmptyCommit(str(commit), alias=alias)
                     self.url = url or self._extract_submodule_url()
                 def __repr__(self):
                     return '<%s %r @ %s>' % (self.__class__.__name__, self.path,
                                              getattr(self.commit, 'short_id', ''))
                 def _extract_submodule_url(self):
                     # TODO: find a way to parse gits submodule file and extract the
                     # linking URL
                     return self.path
                 @LazyProperty
                 def name(self):
                     """
                     Returns name of the node so if its path
                     then only last part is returned.
                     """
                     org = safe_unicode(self.path.rstrip('/').split('/')[-1])
-                    return u'%s @ %s' % (org, self.commit.short_id)
+                    return '%s @ %s' % (org, self.commit.short_id)
             class LargeFileNode(FileNode):
                 def __init__(self, path, url=None, commit=None, alias=None, org_path=None):
                     self.path = path
                     self.org_path = org_path
                     self.kind = NodeKind.LARGEFILE
                     self.alias = alias
                     self._content = ''
                 def _validate_path(self, path):
                     """
                     we override check since the LargeFileNode path is system absolute
                     """
                     pass
                 def __repr__(self):
                     return '<%s %r>' % (self.__class__.__name__, self.path)
                 @LazyProperty
                 def size(self):
                     return os.stat(self.path).st_size
                 @LazyProperty
                 def raw_bytes(self):
                     with open(self.path, 'rb') as f:
                         content = f.read()
                     return content
                 @LazyProperty
                 def name(self):
                     """
                     Overwrites name to be the org lf path
                     """
                     return self.org_path
                 def stream_bytes(self):
                     with open(self.path, 'rb') as stream:
                         while True:
                             data = stream.read(16 * 1024)
                             if not data:
                                 break
                             yield data

rhodecode/model/db.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages