rhodecode-enterprise-ce Commit - r5070:175fe6cb

models: major update for python3,...

super-admin -

r5070:175fe6cb default

parent child

rhodecode/model/changeset_status.py

0 +5 -4

             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import itertools
             import logging
             import collections
             from rhodecode.model import BaseModel
             from rhodecode.model.db import (
                 ChangesetStatus, ChangesetComment, PullRequest, PullRequestReviewers, Session)
             from rhodecode.lib.exceptions import StatusChangeOnClosedPullRequestError
             from rhodecode.lib.markup_renderer import (
                 DEFAULT_COMMENTS_RENDERER, RstTemplateRenderer)
             log = logging.getLogger(__name__)
             class ChangesetStatusModel(BaseModel):
                 cls = ChangesetStatus
                 def __get_changeset_status(self, changeset_status):
                     return self._get_instance(ChangesetStatus, changeset_status)
                 def __get_pull_request(self, pull_request):
                     return self._get_instance(PullRequest, pull_request)
                 def _get_status_query(self, repo, revision, pull_request,
                                       with_revisions=False):
                     repo = self._get_repo(repo)
                     q = ChangesetStatus.query()\
                         .filter(ChangesetStatus.repo == repo)
                     if not with_revisions:
                         q = q.filter(ChangesetStatus.version == 0)
                     if revision:
                         q = q.filter(ChangesetStatus.revision == revision)
                     elif pull_request:
                         pull_request = self.__get_pull_request(pull_request)
                         # TODO: johbo: Think about the impact of this join, there must
                         # be a reason why ChangesetStatus and ChanagesetComment is linked
                         # to the pull request. Might be that we want to do the same for
                         # the pull_request_version_id.
                         q = q.join(ChangesetComment).filter(
                             ChangesetStatus.pull_request == pull_request,
                             ChangesetComment.pull_request_version_id == None)
                     else:
                         raise Exception('Please specify revision or pull_request')
                     q = q.order_by(ChangesetStatus.version.asc())
                     return q
                 def calculate_group_vote(self, group_id, group_statuses_by_reviewers,
                                          trim_votes=True):
                     """
                     Calculate status based on given group members, and voting rule
                     group1 - 4 members, 3 required for approval
                         user1 - approved
                         user2 - reject
                         user3 - approved
                         user4 - rejected
                     final_state: rejected, reasons not at least 3 votes
                     group1 - 4 members, 2 required for approval
                         user1 - approved
                         user2 - reject
                         user3 - approved
                         user4 - rejected
                     final_state: approved, reasons got at least 2 approvals
                     group1 - 4 members, ALL required for approval
                         user1 - approved
                         user2 - reject
                         user3 - approved
                         user4 - rejected
                     final_state: rejected, reasons not all approvals
                     group1 - 4 members, ALL required for approval
                         user1 - approved
                         user2 - approved
                         user3 - approved
                         user4 - approved
                     final_state: approved, reason all approvals received
                     group1 - 4 members, 5 required for approval
                         (approval should be shorted to number of actual members)
                         user1 - approved
                         user2 - approved
                         user3 - approved
                         user4 - approved
                     final_state: approved, reason all approvals received
                     """
                     group_vote_data = {}
                     got_rule = False
                     members = collections.OrderedDict()
                     for review_obj, user, reasons, mandatory, statuses \
                             in group_statuses_by_reviewers:
                         if not got_rule:
                             group_vote_data = review_obj.rule_user_group_data()
                             got_rule = bool(group_vote_data)
                         members[user.user_id] = statuses
                     if not group_vote_data:
                         return []
                     required_votes = group_vote_data['vote_rule']
                     if required_votes == -1:
                         # -1 means all required, so we replace it with how many people
                         # are in the members
                         required_votes = len(members)
                     if trim_votes and required_votes > len(members):
                         # we require more votes than we have members in the group
                         # in this case we trim the required votes to the number of members
                         required_votes = len(members)
                     approvals = sum([
 for statuses in members.values()
                         if statuses and
                            statuses[0][1].status == ChangesetStatus.STATUS_APPROVED])
                     calculated_votes = []
                     # we have all votes from users, now check if we have enough votes
                     # to fill other
                     fill_in = ChangesetStatus.STATUS_UNDER_REVIEW
                     if approvals >= required_votes:
                         fill_in = ChangesetStatus.STATUS_APPROVED
                     for member, statuses in members.items():
                         if statuses:
                             ver, latest = statuses[0]
                             if fill_in == ChangesetStatus.STATUS_APPROVED:
                                 calculated_votes.append(fill_in)
                             else:
                                 calculated_votes.append(latest.status)
                         else:
                             calculated_votes.append(fill_in)
                     return calculated_votes
                 def calculate_status(self, statuses_by_reviewers):
                     """
                     Given the approval statuses from reviewers, calculates final approval
                     status. There can only be 3 results, all approved, all rejected. If
                     there is no consensus the PR is under review.
                     :param statuses_by_reviewers:
                     """
                     def group_rule(element):
-                        review_obj = element[0]
+                        _review_obj = element[0]
-                        rule_data = review_obj.rule_user_group_data()
+                        rule_data = _review_obj.rule_user_group_data()
                         if rule_data and rule_data['id']:
                             return rule_data['id']
+                        # don't return None, as we cant compare this
+                        return 0
-                    voting_groups = itertools.groupby(
+                    voting_groups = itertools.groupby(sorted(statuses_by_reviewers, key=group_rule), group_rule)
-                        sorted(statuses_by_reviewers, key=group_rule), group_rule)
                     voting_by_groups = [(x, list(y)) for x, y in voting_groups]
                     reviewers_number = len(statuses_by_reviewers)
                     votes = collections.defaultdict(int)
                     for group, group_statuses_by_reviewers in voting_by_groups:
                         if group:
                             # calculate how the "group" voted
                             for vote_status in self.calculate_group_vote(
                                     group, group_statuses_by_reviewers):
                                 votes[vote_status] += 1
                         else:
                             for review_obj, user, reasons, mandatory, statuses \
                                     in group_statuses_by_reviewers:
                                 # individual vote
                                 if statuses:
                                     ver, latest = statuses[0]
                                     votes[latest.status] += 1
                     approved_votes_count = votes[ChangesetStatus.STATUS_APPROVED]
                     rejected_votes_count = votes[ChangesetStatus.STATUS_REJECTED]
                     # TODO(marcink): with group voting, how does rejected work,
                     # do we ever get rejected state ?
                     if approved_votes_count and (approved_votes_count == reviewers_number):
                         return ChangesetStatus.STATUS_APPROVED
                     if rejected_votes_count and (rejected_votes_count == reviewers_number):
                         return ChangesetStatus.STATUS_REJECTED
                     return ChangesetStatus.STATUS_UNDER_REVIEW
                 def get_statuses(self, repo, revision=None, pull_request=None,
                                  with_revisions=False):
                     q = self._get_status_query(repo, revision, pull_request,
                                                with_revisions)
                     return q.all()
                 def get_status(self, repo, revision=None, pull_request=None, as_str=True):
                     """
                     Returns latest status of changeset for given revision or for given
                     pull request. Statuses are versioned inside a table itself and
                     version == 0 is always the current one
                     :param repo:
                     :param revision: 40char hash or None
                     :param pull_request: pull_request reference
                     :param as_str: return status as string not object
                     """
                     q = self._get_status_query(repo, revision, pull_request)
                     # need to use first here since there can be multiple statuses
                     # returned from pull_request
                     status = q.first()
                     if as_str:
                         status = status.status if status else status
                         st = status or ChangesetStatus.DEFAULT
                         return str(st)
                     return status
                 def _render_auto_status_message(
                         self, status, commit_id=None, pull_request=None):
                     """
                     render the message using DEFAULT_COMMENTS_RENDERER (RST renderer),
                     so it's always looking the same disregarding on which default
                     renderer system is using.
                     :param status: status text to change into
                     :param commit_id: the commit_id we change the status for
                     :param pull_request: the pull request we change the status for
                     """
                     new_status = ChangesetStatus.get_status_lbl(status)
                     params = {
                         'new_status_label': new_status,
                         'pull_request': pull_request,
                         'commit_id': commit_id,
                     }
                     renderer = RstTemplateRenderer()
                     return renderer.render('auto_status_change.mako', **params)
                 def set_status(self, repo, status, user, comment=None, revision=None,
                                pull_request=None, dont_allow_on_closed_pull_request=False):
                     """
                     Creates new status for changeset or updates the old ones bumping their
                     version, leaving the current status at
                     :param repo:
                     :param revision:
                     :param status:
                     :param user:
                     :param comment:
                     :param dont_allow_on_closed_pull_request: don't allow a status change
                         if last status was for pull request and it's closed. We shouldn't
                         mess around this manually
                     """
                     repo = self._get_repo(repo)
                     q = ChangesetStatus.query()
                     if revision:
                         q = q.filter(ChangesetStatus.repo == repo)
                         q = q.filter(ChangesetStatus.revision == revision)
                     elif pull_request:
                         pull_request = self.__get_pull_request(pull_request)
                         q = q.filter(ChangesetStatus.repo == pull_request.source_repo)
                         q = q.filter(ChangesetStatus.revision.in_(pull_request.revisions))
                     cur_statuses = q.all()
                     # if statuses exists and last is associated with a closed pull request
                     # we need to check if we can allow this status change
                     if (dont_allow_on_closed_pull_request and cur_statuses
                         and getattr(cur_statuses[0].pull_request, 'status', '')
                             == PullRequest.STATUS_CLOSED):
                         raise StatusChangeOnClosedPullRequestError(
                             'Changing status on closed pull request is not allowed'
                         )
                     # update all current statuses with older version
                     if cur_statuses:
                         for st in cur_statuses:
                             st.version += 1
                             Session().add(st)
                         Session().flush()
                     def _create_status(user, repo, status, comment, revision, pull_request):
                         new_status = ChangesetStatus()
                         new_status.author = self._get_user(user)
                         new_status.repo = self._get_repo(repo)
                         new_status.status = status
                         new_status.comment = comment
                         new_status.revision = revision
                         new_status.pull_request = pull_request
                         return new_status
                     if not comment:
                         from rhodecode.model.comment import CommentsModel
                         comment = CommentsModel().create(
                             text=self._render_auto_status_message(
                                 status, commit_id=revision, pull_request=pull_request),
                             repo=repo,
                             user=user,
                             pull_request=pull_request,
                             send_email=False, renderer=DEFAULT_COMMENTS_RENDERER
                         )
                     if revision:
                         new_status = _create_status(
                             user=user, repo=repo, status=status, comment=comment,
                             revision=revision, pull_request=pull_request)
                         Session().add(new_status)
                         return new_status
                     elif pull_request:
                         # pull request can have more than one revision associated to it
                         # we need to create new version for each one
                         new_statuses = []
                         repo = pull_request.source_repo
                         for rev in pull_request.revisions:
                             new_status = _create_status(
                                 user=user, repo=repo, status=status, comment=comment,
                                 revision=rev, pull_request=pull_request)
                             new_statuses.append(new_status)
                             Session().add(new_status)
                         return new_statuses
                 def aggregate_votes_by_user(self, commit_statuses, reviewers_data, user=None):
                     commit_statuses_map = collections.defaultdict(list)
                     for st in commit_statuses:
                         commit_statuses_map[st.author.username] += [st]
                     reviewers = []
                     def version(commit_status):
                         return commit_status.version
                     for obj in reviewers_data:
                         if not obj.user:
                             continue
                         if user and obj.user.username != user.username:
                             # single user filter
                             continue
                         statuses = commit_statuses_map.get(obj.user.username, None)
                         if statuses:
                             status_groups = itertools.groupby(
                                 sorted(statuses, key=version), version)
                             statuses = [(x, list(y)[0]) for x, y in status_groups]
                         reviewers.append((obj, obj.user, obj.reasons, obj.mandatory, statuses))
                     if user:
                         return reviewers[0] if reviewers else reviewers
                     else:
                         return reviewers
                 def reviewers_statuses(self, pull_request, user=None):
                     _commit_statuses = self.get_statuses(
                         pull_request.source_repo,
                         pull_request=pull_request,
                         with_revisions=True)
                     reviewers = pull_request.get_pull_request_reviewers(
                         role=PullRequestReviewers.ROLE_REVIEWER)
                     return self.aggregate_votes_by_user(_commit_statuses, reviewers, user=user)
                 def calculated_review_status(self, pull_request):
                     """
                     calculate pull request status based on reviewers, it should be a list
                     of two element lists.
                     """
                     reviewers = self.reviewers_statuses(pull_request)
                     return self.calculate_status(reviewers)

rhodecode/model/comment.py

0 0 -3

             # Copyright (C) 2011-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             comments model for RhodeCode
             """
             import datetime
             import logging
             import traceback
             import collections
             from pyramid.threadlocal import get_current_registry, get_current_request
             from sqlalchemy.sql.expression import null
             from sqlalchemy.sql.functions import coalesce
             from rhodecode.lib import helpers as h, diffs, channelstream, hooks_utils
             from rhodecode.lib import audit_logger
             from rhodecode.lib.exceptions import CommentVersionMismatch
             from rhodecode.lib.utils2 import extract_mentioned_users, safe_str, safe_int
             from rhodecode.model import BaseModel
             from rhodecode.model.db import (
                 false, true,
                 ChangesetComment,
                 User,
                 Notification,
                 PullRequest,
                 AttributeDict,
                 ChangesetCommentHistory,
             )
             from rhodecode.model.notification import NotificationModel
             from rhodecode.model.meta import Session
             from rhodecode.model.settings import VcsSettingsModel
             from rhodecode.model.notification import EmailNotificationModel
             from rhodecode.model.validation_schema.schemas import comment_schema
             log = logging.getLogger(__name__)
             class CommentsModel(BaseModel):
                 cls = ChangesetComment
                 DIFF_CONTEXT_BEFORE = 3
                 DIFF_CONTEXT_AFTER = 3
                 def __get_commit_comment(self, changeset_comment):
                     return self._get_instance(ChangesetComment, changeset_comment)
                 def __get_pull_request(self, pull_request):
                     return self._get_instance(PullRequest, pull_request)
                 def _extract_mentions(self, s):
                     user_objects = []
                     for username in extract_mentioned_users(s):
                         user_obj = User.get_by_username(username, case_insensitive=True)
                         if user_obj:
                             user_objects.append(user_obj)
                     return user_objects
                 def _get_renderer(self, global_renderer='rst', request=None):
                     request = request or get_current_request()
                     try:
                         global_renderer = request.call_context.visual.default_renderer
                     except AttributeError:
                         log.debug("Renderer not set, falling back "
                                   "to default renderer '%s'", global_renderer)
                     except Exception:
                         log.error(traceback.format_exc())
                     return global_renderer
                 def aggregate_comments(self, comments, versions, show_version, inline=False):
                     # group by versions, and count until, and display objects
                     comment_groups = collections.defaultdict(list)
                     [comment_groups[_co.pull_request_version_id].append(_co) for _co in comments]
                     def yield_comments(pos):
                         for co in comment_groups[pos]:
                             yield co
                     comment_versions = collections.defaultdict(
                         lambda: collections.defaultdict(list))
                     prev_prvid = -1
                     # fake last entry with None, to aggregate on "latest" version which
                     # doesn't have an pull_request_version_id
                     for ver in versions + [AttributeDict({'pull_request_version_id': None})]:
                         prvid = ver.pull_request_version_id
                         if prev_prvid == -1:
                             prev_prvid = prvid
                         for co in yield_comments(prvid):
                             comment_versions[prvid]['at'].append(co)
                         # save until
                         current = comment_versions[prvid]['at']
                         prev_until = comment_versions[prev_prvid]['until']
                         cur_until = prev_until + current
                         comment_versions[prvid]['until'].extend(cur_until)
                         # save outdated
                         if inline:
                             outdated = [x for x in cur_until
                                         if x.outdated_at_version(show_version)]
                         else:
                             outdated = [x for x in cur_until
                                         if x.older_than_version(show_version)]
                         display = [x for x in cur_until if x not in outdated]
                         comment_versions[prvid]['outdated'] = outdated
                         comment_versions[prvid]['display'] = display
                         prev_prvid = prvid
                     return comment_versions
                 def get_repository_comments(self, repo, comment_type=None, user=None, commit_id=None):
                     qry = Session().query(ChangesetComment) \
                         .filter(ChangesetComment.repo == repo)
                     if comment_type and comment_type in ChangesetComment.COMMENT_TYPES:
                         qry = qry.filter(ChangesetComment.comment_type == comment_type)
                     if user:
                         user = self._get_user(user)
                         if user:
                             qry = qry.filter(ChangesetComment.user_id == user.user_id)
                     if commit_id:
                         qry = qry.filter(ChangesetComment.revision == commit_id)
                     qry = qry.order_by(ChangesetComment.created_on)
                     return qry.all()
                 def get_repository_unresolved_todos(self, repo):
                     todos = Session().query(ChangesetComment) \
                         .filter(ChangesetComment.repo == repo) \
                         .filter(ChangesetComment.resolved_by == None) \
                         .filter(ChangesetComment.comment_type
                                 == ChangesetComment.COMMENT_TYPE_TODO)
                     todos = todos.all()
                     return todos
                 def get_pull_request_unresolved_todos(self, pull_request, show_outdated=True, include_drafts=True):
                     todos = Session().query(ChangesetComment) \
                         .filter(ChangesetComment.pull_request == pull_request) \
                         .filter(ChangesetComment.resolved_by == None) \
                         .filter(ChangesetComment.comment_type
                                 == ChangesetComment.COMMENT_TYPE_TODO)
                     if not include_drafts:
                         todos = todos.filter(ChangesetComment.draft == false())
                     if not show_outdated:
                         todos = todos.filter(
                             coalesce(ChangesetComment.display_state, '') !=
                             ChangesetComment.COMMENT_OUTDATED)
                     todos = todos.all()
                     return todos
                 def get_pull_request_resolved_todos(self, pull_request, show_outdated=True, include_drafts=True):
                     todos = Session().query(ChangesetComment) \
                         .filter(ChangesetComment.pull_request == pull_request) \
                         .filter(ChangesetComment.resolved_by != None) \
                         .filter(ChangesetComment.comment_type
                                 == ChangesetComment.COMMENT_TYPE_TODO)
                     if not include_drafts:
                         todos = todos.filter(ChangesetComment.draft == false())
                     if not show_outdated:
                         todos = todos.filter(
                             coalesce(ChangesetComment.display_state, '') !=
                             ChangesetComment.COMMENT_OUTDATED)
                     todos = todos.all()
                     return todos
                 def get_pull_request_drafts(self, user_id, pull_request):
                     drafts = Session().query(ChangesetComment) \
                         .filter(ChangesetComment.pull_request == pull_request) \
                         .filter(ChangesetComment.user_id == user_id) \
                         .filter(ChangesetComment.draft == true())
                     return drafts.all()
                 def get_commit_unresolved_todos(self, commit_id, show_outdated=True, include_drafts=True):
                     todos = Session().query(ChangesetComment) \
                         .filter(ChangesetComment.revision == commit_id) \
                         .filter(ChangesetComment.resolved_by == None) \
                         .filter(ChangesetComment.comment_type
                                 == ChangesetComment.COMMENT_TYPE_TODO)
                     if not include_drafts:
                         todos = todos.filter(ChangesetComment.draft == false())
                     if not show_outdated:
                         todos = todos.filter(
                             coalesce(ChangesetComment.display_state, '') !=
                             ChangesetComment.COMMENT_OUTDATED)
                     todos = todos.all()
                     return todos
                 def get_commit_resolved_todos(self, commit_id, show_outdated=True, include_drafts=True):
                     todos = Session().query(ChangesetComment) \
                         .filter(ChangesetComment.revision == commit_id) \
                         .filter(ChangesetComment.resolved_by != None) \
                         .filter(ChangesetComment.comment_type
                                 == ChangesetComment.COMMENT_TYPE_TODO)
                     if not include_drafts:
                         todos = todos.filter(ChangesetComment.draft == false())
                     if not show_outdated:
                         todos = todos.filter(
                             coalesce(ChangesetComment.display_state, '') !=
                             ChangesetComment.COMMENT_OUTDATED)
                     todos = todos.all()
                     return todos
                 def get_commit_inline_comments(self, commit_id, include_drafts=True):
                     inline_comments = Session().query(ChangesetComment) \
                         .filter(ChangesetComment.line_no != None) \
                         .filter(ChangesetComment.f_path != None) \
                         .filter(ChangesetComment.revision == commit_id)
                     if not include_drafts:
                         inline_comments = inline_comments.filter(ChangesetComment.draft == false())
                     inline_comments = inline_comments.all()
                     return inline_comments
                 def _log_audit_action(self, action, action_data, auth_user, comment):
                     audit_logger.store(
                         action=action,
                         action_data=action_data,
                         user=auth_user,
                         repo=comment.repo)
                 def create(self, text, repo, user, commit_id=None, pull_request=None,
                            f_path=None, line_no=None, status_change=None,
                            status_change_type=None, comment_type=None, is_draft=False,
                            resolves_comment_id=None, closing_pr=False, send_email=True,
                            renderer=None, auth_user=None, extra_recipients=None):
                     """
                     Creates new comment for commit or pull request.
                     IF status_change is not none this comment is associated with a
                     status change of commit or commit associated with pull request
                     :param text:
                     :param repo:
                     :param user:
                     :param commit_id:
                     :param pull_request:
                     :param f_path:
                     :param line_no:
                     :param status_change: Label for status change
                     :param comment_type: Type of comment
                     :param is_draft: is comment a draft only
                     :param resolves_comment_id: id of comment which this one will resolve
                     :param status_change_type: type of status change
                     :param closing_pr:
                     :param send_email:
                     :param renderer: pick renderer for this comment
                     :param auth_user: current authenticated user calling this method
                     :param extra_recipients: list of extra users to be added to recipients
                     """
-                    if not text:
-                        log.warning('Missing text for comment, skipping...')
-                        return
                     request = get_current_request()
                     _ = request.translate
                     if not renderer:
                         renderer = self._get_renderer(request=request)
                     repo = self._get_repo(repo)
                     user = self._get_user(user)
                     auth_user = auth_user or user
                     schema = comment_schema.CommentSchema()
                     validated_kwargs = schema.deserialize(dict(
                         comment_body=text,
                         comment_type=comment_type,
                         is_draft=is_draft,
                         comment_file=f_path,
                         comment_line=line_no,
                         renderer_type=renderer,
                         status_change=status_change_type,
                         resolves_comment_id=resolves_comment_id,
                         repo=repo.repo_id,
                         user=user.user_id,
                     ))
                     is_draft = validated_kwargs['is_draft']
                     comment = ChangesetComment()
                     comment.renderer = validated_kwargs['renderer_type']
                     comment.text = validated_kwargs['comment_body']
                     comment.f_path = validated_kwargs['comment_file']
                     comment.line_no = validated_kwargs['comment_line']
                     comment.comment_type = validated_kwargs['comment_type']
                     comment.draft = is_draft
                     comment.repo = repo
                     comment.author = user
                     resolved_comment = self.__get_commit_comment(
                         validated_kwargs['resolves_comment_id'])
                     # check if the comment actually belongs to this PR
                     if resolved_comment and resolved_comment.pull_request and \
                             resolved_comment.pull_request != pull_request:
                         log.warning('Comment tried to resolved unrelated todo comment: %s',
                                     resolved_comment)
                         # comment not bound to this pull request, forbid
                         resolved_comment = None
                     elif resolved_comment and resolved_comment.repo and \
                             resolved_comment.repo != repo:
                         log.warning('Comment tried to resolved unrelated todo comment: %s',
                                     resolved_comment)
                         # comment not bound to this repo, forbid
                         resolved_comment = None
                     if resolved_comment and resolved_comment.resolved_by:
                         # if this comment is already resolved, don't mark it again!
                         resolved_comment = None
                     comment.resolved_comment = resolved_comment
                     pull_request_id = pull_request
                     commit_obj = None
                     pull_request_obj = None
                     if commit_id:
                         notification_type = EmailNotificationModel.TYPE_COMMIT_COMMENT
                         # do a lookup, so we don't pass something bad here
                         commit_obj = repo.scm_instance().get_commit(commit_id=commit_id)
                         comment.revision = commit_obj.raw_id
                     elif pull_request_id:
                         notification_type = EmailNotificationModel.TYPE_PULL_REQUEST_COMMENT
                         pull_request_obj = self.__get_pull_request(pull_request_id)
                         comment.pull_request = pull_request_obj
                     else:
                         raise Exception('Please specify commit or pull_request_id')
                     Session().add(comment)
                     Session().flush()
                     kwargs = {
                         'user': user,
                         'renderer_type': renderer,
                         'repo_name': repo.repo_name,
                         'status_change': status_change,
                         'status_change_type': status_change_type,
                         'comment_body': text,
                         'comment_file': f_path,
                         'comment_line': line_no,
                         'comment_type': comment_type or 'note',
                         'comment_id': comment.comment_id
                     }
                     if commit_obj:
                         recipients = ChangesetComment.get_users(
                             revision=commit_obj.raw_id)
                         # add commit author if it's in RhodeCode system
                         cs_author = User.get_from_cs_author(commit_obj.author)
                         if not cs_author:
                             # use repo owner if we cannot extract the author correctly
                             cs_author = repo.user
                         recipients += [cs_author]
                         commit_comment_url = self.get_url(comment, request=request)
                         commit_comment_reply_url = self.get_url(
                             comment, request=request,
                             anchor='comment-{}/?/ReplyToComment'.format(comment.comment_id))
                         target_repo_url = h.link_to(
                             repo.repo_name,
                             h.route_url('repo_summary', repo_name=repo.repo_name))
                         commit_url = h.route_url('repo_commit', repo_name=repo.repo_name,
                                                  commit_id=commit_id)
                         # commit specifics
                         kwargs.update({
                             'commit': commit_obj,
                             'commit_message': commit_obj.message,
                             'commit_target_repo_url': target_repo_url,
                             'commit_comment_url': commit_comment_url,
                             'commit_comment_reply_url': commit_comment_reply_url,
                             'commit_url': commit_url,
                             'thread_ids': [commit_url, commit_comment_url],
                         })
                     elif pull_request_obj:
                         # get the current participants of this pull request
                         recipients = ChangesetComment.get_users(
                             pull_request_id=pull_request_obj.pull_request_id)
                         # add pull request author
                         recipients += [pull_request_obj.author]
                         # add the reviewers to notification
                         recipients += [x.user for x in pull_request_obj.get_pull_request_reviewers()]
                         pr_target_repo = pull_request_obj.target_repo
                         pr_source_repo = pull_request_obj.source_repo
                         pr_comment_url = self.get_url(comment, request=request)
                         pr_comment_reply_url = self.get_url(
                             comment, request=request,
                             anchor='comment-{}/?/ReplyToComment'.format(comment.comment_id))
                         pr_url = h.route_url(
                             'pullrequest_show',
                             repo_name=pr_target_repo.repo_name,
                             pull_request_id=pull_request_obj.pull_request_id, )
                         # set some variables for email notification
                         pr_target_repo_url = h.route_url(
                             'repo_summary', repo_name=pr_target_repo.repo_name)
                         pr_source_repo_url = h.route_url(
                             'repo_summary', repo_name=pr_source_repo.repo_name)
                         # pull request specifics
                         kwargs.update({
                             'pull_request': pull_request_obj,
                             'pr_id': pull_request_obj.pull_request_id,
                             'pull_request_url': pr_url,
                             'pull_request_target_repo': pr_target_repo,
                             'pull_request_target_repo_url': pr_target_repo_url,
                             'pull_request_source_repo': pr_source_repo,
                             'pull_request_source_repo_url': pr_source_repo_url,
                             'pr_comment_url': pr_comment_url,
                             'pr_comment_reply_url': pr_comment_reply_url,
                             'pr_closing': closing_pr,
                             'thread_ids': [pr_url, pr_comment_url],
                         })
                     if send_email:
                         recipients += [self._get_user(u) for u in (extra_recipients or [])]
                         mention_recipients = set(
                             self._extract_mentions(text)).difference(recipients)
                         # create notification objects, and emails
                         NotificationModel().create(
                             created_by=user,
                             notification_subject='',  # Filled in based on the notification_type
                             notification_body='',  # Filled in based on the notification_type
                             notification_type=notification_type,
                             recipients=recipients,
                             mention_recipients=mention_recipients,
                             email_kwargs=kwargs,
                         )
                     Session().flush()
                     if comment.pull_request:
                         action = 'repo.pull_request.comment.create'
                     else:
                         action = 'repo.commit.comment.create'
                     if not is_draft:
                         comment_data = comment.get_api_data()
                         self._log_audit_action(
                             action, {'data': comment_data}, auth_user, comment)
                     return comment
                 def edit(self, comment_id, text, auth_user, version):
                     """
                     Change existing comment for commit or pull request.
                     :param comment_id:
                     :param text:
                     :param auth_user: current authenticated user calling this method
                     :param version: last comment version
                     """
                     if not text:
                         log.warning('Missing text for comment, skipping...')
                         return
                     comment = ChangesetComment.get(comment_id)
                     old_comment_text = comment.text
                     comment.text = text
                     comment.modified_at = datetime.datetime.now()
                     version = safe_int(version)
                     # NOTE(marcink): this returns initial comment + edits, so v2 from ui
                     # would return 3 here
                     comment_version = ChangesetCommentHistory.get_version(comment_id)
                     if isinstance(version, int) and (comment_version - version) != 1:
                         log.warning(
                             'Version mismatch comment_version {} submitted {}, skipping'.format(
                                 comment_version-1,  # -1 since note above
                                 version
                             )
                         )
                         raise CommentVersionMismatch()
                     comment_history = ChangesetCommentHistory()
                     comment_history.comment_id = comment_id
                     comment_history.version = comment_version
                     comment_history.created_by_user_id = auth_user.user_id
                     comment_history.text = old_comment_text
                     # TODO add email notification
                     Session().add(comment_history)
                     Session().add(comment)
                     Session().flush()
                     if comment.pull_request:
                         action = 'repo.pull_request.comment.edit'
                     else:
                         action = 'repo.commit.comment.edit'
                     comment_data = comment.get_api_data()
                     comment_data['old_comment_text'] = old_comment_text
                     self._log_audit_action(
                         action, {'data': comment_data}, auth_user, comment)
                     return comment_history
                 def delete(self, comment, auth_user):
                     """
                     Deletes given comment
                     """
                     comment = self.__get_commit_comment(comment)
                     old_data = comment.get_api_data()
                     Session().delete(comment)
                     if comment.pull_request:
                         action = 'repo.pull_request.comment.delete'
                     else:
                         action = 'repo.commit.comment.delete'
                     self._log_audit_action(
                         action, {'old_data': old_data}, auth_user, comment)
                     return comment
                 def get_all_comments(self, repo_id, revision=None, pull_request=None,
                                      include_drafts=True, count_only=False):
                     q = ChangesetComment.query()\
                             .filter(ChangesetComment.repo_id == repo_id)
                     if revision:
                         q = q.filter(ChangesetComment.revision == revision)
                     elif pull_request:
                         pull_request = self.__get_pull_request(pull_request)
                         q = q.filter(ChangesetComment.pull_request_id == pull_request.pull_request_id)
                     else:
                         raise Exception('Please specify commit or pull_request')
                     if not include_drafts:
                         q = q.filter(ChangesetComment.draft == false())
                     q = q.order_by(ChangesetComment.created_on)
                     if count_only:
                         return q.count()
                     return q.all()
                 def get_url(self, comment, request=None, permalink=False, anchor=None):
                     if not request:
                         request = get_current_request()
                     comment = self.__get_commit_comment(comment)
                     if anchor is None:
                         anchor = 'comment-{}'.format(comment.comment_id)
                     if comment.pull_request:
                         pull_request = comment.pull_request
                         if permalink:
                             return request.route_url(
                                 'pull_requests_global',
                                 pull_request_id=pull_request.pull_request_id,
                                 _anchor=anchor)
                         else:
                             return request.route_url(
                                 'pullrequest_show',
                                 repo_name=safe_str(pull_request.target_repo.repo_name),
                                 pull_request_id=pull_request.pull_request_id,
                                 _anchor=anchor)
                     else:
                         repo = comment.repo
                         commit_id = comment.revision
                         if permalink:
                             return request.route_url(
                                 'repo_commit', repo_name=safe_str(repo.repo_id),
                                 commit_id=commit_id,
                                 _anchor=anchor)
                         else:
                             return request.route_url(
                                 'repo_commit', repo_name=safe_str(repo.repo_name),
                                 commit_id=commit_id,
                                 _anchor=anchor)
                 def get_comments(self, repo_id, revision=None, pull_request=None):
                     """
                     Gets main comments based on revision or pull_request_id
                     :param repo_id:
                     :param revision:
                     :param pull_request:
                     """
                     q = ChangesetComment.query()\
                             .filter(ChangesetComment.repo_id == repo_id)\
                             .filter(ChangesetComment.line_no == None)\
                             .filter(ChangesetComment.f_path == None)
                     if revision:
                         q = q.filter(ChangesetComment.revision == revision)
                     elif pull_request:
                         pull_request = self.__get_pull_request(pull_request)
                         q = q.filter(ChangesetComment.pull_request == pull_request)
                     else:
                         raise Exception('Please specify commit or pull_request')
                     q = q.order_by(ChangesetComment.created_on)
                     return q.all()
                 def get_inline_comments(self, repo_id, revision=None, pull_request=None):
                     q = self._get_inline_comments_query(repo_id, revision, pull_request)
                     return self._group_comments_by_path_and_line_number(q)
                 def get_inline_comments_as_list(self, inline_comments, skip_outdated=True,
                                                 version=None):
                     inline_comms = []
                     for fname, per_line_comments in inline_comments.items():
                         for lno, comments in per_line_comments.items():
                             for comm in comments:
                                 if not comm.outdated_at_version(version) and skip_outdated:
                                     inline_comms.append(comm)
                     return inline_comms
                 def get_outdated_comments(self, repo_id, pull_request):
                     # TODO: johbo: Remove `repo_id`, it is not needed to find the comments
                     # of a pull request.
                     q = self._all_inline_comments_of_pull_request(pull_request)
                     q = q.filter(
                         ChangesetComment.display_state ==
                         ChangesetComment.COMMENT_OUTDATED
                     ).order_by(ChangesetComment.comment_id.asc())
                     return self._group_comments_by_path_and_line_number(q)
                 def _get_inline_comments_query(self, repo_id, revision, pull_request):
                     # TODO: johbo: Split this into two methods: One for PR and one for
                     # commit.
                     if revision:
                         q = Session().query(ChangesetComment).filter(
                             ChangesetComment.repo_id == repo_id,
                             ChangesetComment.line_no != null(),
                             ChangesetComment.f_path != null(),
                             ChangesetComment.revision == revision)
                     elif pull_request:
                         pull_request = self.__get_pull_request(pull_request)
                         if not CommentsModel.use_outdated_comments(pull_request):
                             q = self._visible_inline_comments_of_pull_request(pull_request)
                         else:
                             q = self._all_inline_comments_of_pull_request(pull_request)
                     else:
                         raise Exception('Please specify commit or pull_request_id')
                     q = q.order_by(ChangesetComment.comment_id.asc())
                     return q
                 def _group_comments_by_path_and_line_number(self, q):
                     comments = q.all()
                     paths = collections.defaultdict(lambda: collections.defaultdict(list))
                     for co in comments:
                         paths[co.f_path][co.line_no].append(co)
                     return paths
                 @classmethod
                 def needed_extra_diff_context(cls):
                     return max(cls.DIFF_CONTEXT_BEFORE, cls.DIFF_CONTEXT_AFTER)
                 def outdate_comments(self, pull_request, old_diff_data, new_diff_data):
                     if not CommentsModel.use_outdated_comments(pull_request):
                         return
                     comments = self._visible_inline_comments_of_pull_request(pull_request)
                     comments_to_outdate = comments.all()
                     for comment in comments_to_outdate:
                         self._outdate_one_comment(comment, old_diff_data, new_diff_data)
                 def _outdate_one_comment(self, comment, old_diff_proc, new_diff_proc):
                     diff_line = _parse_comment_line_number(comment.line_no)
                     try:
                         old_context = old_diff_proc.get_context_of_line(
                             path=comment.f_path, diff_line=diff_line)
                         new_context = new_diff_proc.get_context_of_line(
                             path=comment.f_path, diff_line=diff_line)
                     except (diffs.LineNotInDiffException,
                             diffs.FileNotInDiffException):
                         if not comment.draft:
                             comment.display_state = ChangesetComment.COMMENT_OUTDATED
                         return
                     if old_context == new_context:
                         return
                     if self._should_relocate_diff_line(diff_line):
                         new_diff_lines = new_diff_proc.find_context(
                             path=comment.f_path, context=old_context,
                             offset=self.DIFF_CONTEXT_BEFORE)
                         if not new_diff_lines and not comment.draft:
                             comment.display_state = ChangesetComment.COMMENT_OUTDATED
                         else:
                             new_diff_line = self._choose_closest_diff_line(
                                 diff_line, new_diff_lines)
                             comment.line_no = _diff_to_comment_line_number(new_diff_line)
                     else:
                         if not comment.draft:
                             comment.display_state = ChangesetComment.COMMENT_OUTDATED
                 def _should_relocate_diff_line(self, diff_line):
                     """
                     Checks if relocation shall be tried for the given `diff_line`.
                     If a comment points into the first lines, then we can have a situation
                     that after an update another line has been added on top. In this case
                     we would find the context still and move the comment around. This
                     would be wrong.
                     """
                     should_relocate = (
                         (diff_line.new and diff_line.new > self.DIFF_CONTEXT_BEFORE) or
                         (diff_line.old and diff_line.old > self.DIFF_CONTEXT_BEFORE))
                     return should_relocate
                 def _choose_closest_diff_line(self, diff_line, new_diff_lines):
                     candidate = new_diff_lines[0]
                     best_delta = _diff_line_delta(diff_line, candidate)
                     for new_diff_line in new_diff_lines[1:]:
                         delta = _diff_line_delta(diff_line, new_diff_line)
                         if delta < best_delta:
                             candidate = new_diff_line
                             best_delta = delta
                     return candidate
                 def _visible_inline_comments_of_pull_request(self, pull_request):
                     comments = self._all_inline_comments_of_pull_request(pull_request)
                     comments = comments.filter(
                         coalesce(ChangesetComment.display_state, '') !=
                         ChangesetComment.COMMENT_OUTDATED)
                     return comments
                 def _all_inline_comments_of_pull_request(self, pull_request):
                     comments = Session().query(ChangesetComment)\
                         .filter(ChangesetComment.line_no != None)\
                         .filter(ChangesetComment.f_path != None)\
                         .filter(ChangesetComment.pull_request == pull_request)
                     return comments
                 def _all_general_comments_of_pull_request(self, pull_request):
                     comments = Session().query(ChangesetComment)\
                         .filter(ChangesetComment.line_no == None)\
                         .filter(ChangesetComment.f_path == None)\
                         .filter(ChangesetComment.pull_request == pull_request)
                     return comments
                 @staticmethod
                 def use_outdated_comments(pull_request):
                     settings_model = VcsSettingsModel(repo=pull_request.target_repo)
                     settings = settings_model.get_general_settings()
                     return settings.get('rhodecode_use_outdated_comments', False)
                 def trigger_commit_comment_hook(self, repo, user, action, data=None):
                     repo = self._get_repo(repo)
                     target_scm = repo.scm_instance()
                     if action == 'create':
                         trigger_hook = hooks_utils.trigger_comment_commit_hooks
                     elif action == 'edit':
                         trigger_hook = hooks_utils.trigger_comment_commit_edit_hooks
                     else:
                         return
                     log.debug('Handling repo %s trigger_commit_comment_hook with action %s: %s',
                               repo, action, trigger_hook)
                     trigger_hook(
                         username=user.username,
                         repo_name=repo.repo_name,
                         repo_type=target_scm.alias,
                         repo=repo,
                         data=data)
             def _parse_comment_line_number(line_no):
                 """
                 Parses line numbers of the form "(o|n)\d+" and returns them in a tuple.
                 """
                 old_line = None
                 new_line = None
                 if line_no.startswith('o'):
                     old_line = int(line_no[1:])
                 elif line_no.startswith('n'):
                     new_line = int(line_no[1:])
                 else:
                     raise ValueError("Comment lines have to start with either 'o' or 'n'.")
                 return diffs.DiffLineNumber(old_line, new_line)
             def _diff_to_comment_line_number(diff_line):
                 if diff_line.new is not None:
                     return u'n{}'.format(diff_line.new)
                 elif diff_line.old is not None:
                     return u'o{}'.format(diff_line.old)
                 return u''
             def _diff_line_delta(a, b):
                 if None not in (a.new, b.new):
                     return abs(a.new - b.new)
                 elif None not in (a.old, b.old):
                     return abs(a.old - b.old)
                 else:
                     raise ValueError(
                         "Cannot compute delta between {} and {}".format(a, b))

rhodecode/model/gist.py

0 +6 -6

             # Copyright (C) 2013-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             gist model for RhodeCode
             """
             import os
             import time
             import logging
             import traceback
             import shutil
             from pyramid.threadlocal import get_current_request
             from rhodecode.lib.utils2 import (
-                safe_unicode, unique_id, safe_int, time_to_datetime, AttributeDict)
+                unique_id, safe_int, safe_str, time_to_datetime, AttributeDict)
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.vcs import VCSError
             from rhodecode.model import BaseModel
             from rhodecode.model.db import Gist
             from rhodecode.model.repo import RepoModel
             from rhodecode.model.scm import ScmModel
             log = logging.getLogger(__name__)
             GIST_STORE_LOC = '.rc_gist_store'
             GIST_METADATA_FILE = '.rc_gist_metadata'
             class GistModel(BaseModel):
                 cls = Gist
                 vcs_backend = 'hg'
                 def _get_gist(self, gist):
                     """
                     Helper method to get gist by ID, or gist_access_id as a fallback
                     :param gist: GistID, gist_access_id, or Gist instance
                     """
                     return self._get_instance(Gist, gist, callback=Gist.get_by_access_id)
                 def __delete_gist(self, gist):
                     """
                     removes gist from filesystem
                     :param gist: gist object
                     """
                     root_path = RepoModel().repos_path
                     rm_path = os.path.join(root_path, GIST_STORE_LOC, gist.gist_access_id)
                     log.info("Removing %s", rm_path)
                     shutil.rmtree(rm_path)
                 def _store_metadata(self, repo, gist_id, gist_access_id, user_id, username,
                                     gist_type, gist_expires, gist_acl_level):
                     """
                     store metadata inside the gist repo, this can be later used for imports
                     or gist identification. Currently we use this inside RhodeCode tools
                     to do cleanup of gists that are in storage but not in database.
                     """
                     metadata = {
                         'metadata_version': '2',
                         'gist_db_id': gist_id,
                         'gist_access_id': gist_access_id,
                         'gist_owner_id': user_id,
                         'gist_owner_username': username,
                         'gist_type': gist_type,
                         'gist_expires': gist_expires,
                         'gist_updated': time.time(),
                         'gist_acl_level': gist_acl_level,
                     }
                     metadata_file = os.path.join(repo.path, '.hg', GIST_METADATA_FILE)
                     with open(metadata_file, 'wb') as f:
                         f.write(json.dumps(metadata))
                 def get_gist(self, gist):
                     return self._get_gist(gist)
                 def get_gist_files(self, gist_access_id, revision=None):
                     """
                     Get files for given gist
                     :param gist_access_id:
                     """
                     repo = Gist.get_by_access_id(gist_access_id)
                     vcs_repo = repo.scm_instance()
                     if not vcs_repo:
                         raise VCSError('Failed to load gist repository for {}'.format(repo))
                     commit = vcs_repo.get_commit(commit_id=revision)
                     return commit, [n for n in commit.get_node('/')]
                 def create(self, description, owner, gist_mapping,
                            gist_type=Gist.GIST_PUBLIC, lifetime=-1, gist_id=None,
                            gist_acl_level=Gist.ACL_LEVEL_PRIVATE):
                     """
                     Create a gist
                     :param description: description of the gist
                     :param owner: user who created this gist
                     :param gist_mapping: mapping [{'filename': 'file1.txt', 'content': content}, ...}]
                     :param gist_type: type of gist private/public
                     :param lifetime: in minutes, -1 == forever
                     :param gist_acl_level: acl level for this gist
                     """
                     owner = self._get_user(owner)
-                    gist_id = safe_unicode(gist_id or unique_id(20))
+                    gist_id = safe_str(gist_id or unique_id(20))
                     lifetime = safe_int(lifetime, -1)
                     gist_expires = time.time() + (lifetime * 60) if lifetime != -1 else -1
                     expiration = (time_to_datetime(gist_expires)
                                   if gist_expires != -1 else 'forever')
                     log.debug('set GIST expiration date to: %s', expiration)
                     # create the Database version
                     gist = Gist()
                     gist.gist_description = description
                     gist.gist_access_id = gist_id
                     gist.gist_owner = owner.user_id
                     gist.gist_expires = gist_expires
-                    gist.gist_type = safe_unicode(gist_type)
+                    gist.gist_type = safe_str(gist_type)
                     gist.acl_level = gist_acl_level
                     self.sa.add(gist)
                     self.sa.flush()
                     if gist_type == Gist.GIST_PUBLIC:
                         # use DB ID for easy to use GIST ID
-                        gist_id = safe_unicode(gist.gist_id)
+                        gist_id = safe_str(gist.gist_id)
                         gist.gist_access_id = gist_id
                         self.sa.add(gist)
                     gist_repo_path = os.path.join(GIST_STORE_LOC, gist_id)
                     log.debug('Creating new %s GIST repo in %s', gist_type, gist_repo_path)
                     repo = RepoModel()._create_filesystem_repo(
                         repo_name=gist_id, repo_type=self.vcs_backend, repo_group=GIST_STORE_LOC,
                         use_global_config=True)
                     # now create single multifile commit
                     message = 'added file'
                     message += 's: ' if len(gist_mapping) > 1 else ': '
-                    message += ', '.join([x for x in gist_mapping])
+                    message += ', '.join([safe_str(x) for x in gist_mapping])
                     # fake RhodeCode Repository object
                     fake_repo = AttributeDict({
                         'repo_name': gist_repo_path,
                         'scm_instance': lambda *args, **kwargs: repo,
                     })
                     ScmModel().create_nodes(
                         user=owner.user_id, repo=fake_repo,
                         message=message,
                         nodes=gist_mapping,
                         trigger_push_hook=False
                     )
                     self._store_metadata(repo, gist.gist_id, gist.gist_access_id,
                                          owner.user_id, owner.username, gist.gist_type,
                                          gist.gist_expires, gist_acl_level)
                     return gist
                 def delete(self, gist, fs_remove=True):
                     gist = self._get_gist(gist)
                     try:
                         self.sa.delete(gist)
                         if fs_remove:
                             self.__delete_gist(gist)
                         else:
                             log.debug('skipping removal from filesystem')
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def update(self, gist, description, owner, gist_mapping, lifetime,
                            gist_acl_level):
                     gist = self._get_gist(gist)
                     gist_repo = gist.scm_instance()
                     if lifetime == 0:  # preserve old value
                         gist_expires = gist.gist_expires
                     else:
                         gist_expires = (
                             time.time() + (lifetime * 60) if lifetime != -1 else -1)
                     # calculate operation type based on given data
                     gist_mapping_op = {}
                     for k, v in gist_mapping.items():
                         # add, mod, del
                         if not v['filename_org'] and v['filename']:
                             op = 'add'
                         elif v['filename_org'] and not v['filename']:
                             op = 'del'
                         else:
                             op = 'mod'
                         v['op'] = op
                         gist_mapping_op[k] = v
                     gist.gist_description = description
                     gist.gist_expires = gist_expires
                     gist.owner = owner
                     gist.acl_level = gist_acl_level
                     self.sa.add(gist)
                     self.sa.flush()
                     message = 'updated file'
                     message += 's: ' if len(gist_mapping) > 1 else ': '
-                    message += ', '.join([x for x in gist_mapping])
+                    message += ', '.join([safe_str(x) for x in gist_mapping])
                     # fake RhodeCode Repository object
                     fake_repo = AttributeDict({
                         'repo_name': gist_repo.path,
                         'scm_instance': lambda *args, **kwargs: gist_repo,
                     })
                     self._store_metadata(gist_repo, gist.gist_id, gist.gist_access_id,
                                          owner.user_id, owner.username, gist.gist_type,
                                          gist.gist_expires, gist_acl_level)
                     # this can throw NodeNotChangedError, if changes we're trying to commit
                     # are not actually changes...
                     ScmModel().update_nodes(
                         user=owner.user_id,
                         repo=fake_repo,
                         message=message,
                         nodes=gist_mapping_op,
                         trigger_push_hook=False
                     )
                     return gist
                 def get_url(self, gist, request=None):
                     import rhodecode
                     if not request:
                         request = get_current_request()
                     alias_url = rhodecode.CONFIG.get('gist_alias_url')
                     if alias_url:
                         return alias_url.replace('{gistid}', gist.gist_access_id)
                     return request.route_url('gist_show', gist_id=gist.gist_access_id)

rhodecode/model/integration.py

0 +7 -9

             # Copyright (C) 2011-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Model for integrations
             """
             import logging
             from sqlalchemy import or_, and_
-            import rhodecode
             from rhodecode import events
             from rhodecode.integrations.types.base import EEIntegration
             from rhodecode.lib.caching_query import FromCache
             from rhodecode.model import BaseModel
-            from rhodecode.model.db import Integration, Repository, RepoGroup, true, false, case
+            from rhodecode.model.db import Integration, Repository, RepoGroup, true, false, case, null
             from rhodecode.integrations import integration_type_registry
             log = logging.getLogger(__name__)
             class IntegrationModel(BaseModel):
                 cls = Integration
                 def __get_integration(self, integration):
                     if isinstance(integration, Integration):
                         return integration
                     elif isinstance(integration, int):
                         return self.sa.query(Integration).get(integration)
                     else:
                         if integration:
                             raise Exception('integration must be int or Instance'
                                             ' of Integration got %s' % type(integration))
-                def create(self, IntegrationType, name, enabled, repo, repo_group,
+                def create(self, IntegrationType, name, enabled, repo, repo_group, child_repos_only, settings):
-                    child_repos_only, settings):
                     """ Create an IntegrationType integration """
                     integration = Integration()
                     integration.integration_type = IntegrationType.key
                     self.sa.add(integration)
                     self.update_integration(integration, name, enabled, repo, repo_group,
                                             child_repos_only, settings)
                     self.sa.commit()
                     return integration
                 def update_integration(self, integration, name, enabled, repo, repo_group,
                     child_repos_only, settings):
                     integration = self.__get_integration(integration)
                     integration.repo = repo
                     integration.repo_group = repo_group
                     integration.child_repos_only = child_repos_only
                     integration.name = name
                     integration.enabled = enabled
                     integration.settings = settings
                     return integration
                 def delete(self, integration):
                     integration = self.__get_integration(integration)
                     if integration:
                         self.sa.delete(integration)
                         return True
                     return False
                 def get_integration_handler(self, integration):
                     TypeClass = integration_type_registry.get(integration.integration_type)
                     if not TypeClass:
                         log.error('No class could be found for integration type: {}'.format(
                             integration.integration_type))
                         return None
                     elif isinstance(TypeClass, EEIntegration) or issubclass(TypeClass, EEIntegration):
                         log.error('EE integration cannot be '
                                   'executed for integration type: {}'.format(
                             integration.integration_type))
                         return None
                     return TypeClass(integration.settings)
                 def send_event(self, integration, event):
                     """ Send an event to an integration """
                     handler = self.get_integration_handler(integration)
                     if handler:
                         log.debug(
                             'events: sending event %s on integration %s using handler %s',
                             event, integration, handler)
                         handler.send_event(event)
                 def get_integrations(self, scope, IntegrationType=None):
                     """
                     Return integrations for a scope, which must be one of:
                     'all' - every integration, global/repogroup/repo
                     'global' - global integrations only
                     <Repository> instance - integrations for this repo only
                     <RepoGroup> instance - integrations for this repogroup only
                     """
                     if isinstance(scope, Repository):
                         query = self.sa.query(Integration).filter(
                             Integration.repo == scope)
                     elif isinstance(scope, RepoGroup):
                         query = self.sa.query(Integration).filter(
                             Integration.repo_group == scope)
                     elif scope == 'global':
                         # global integrations
                         query = self.sa.query(Integration).filter(
                             and_(Integration.repo_id == None, Integration.repo_group_id == None)
                         )
                     elif scope == 'root-repos':
                         query = self.sa.query(Integration).filter(
                             and_(Integration.repo_id == None,
                                  Integration.repo_group_id == None,
                                  Integration.child_repos_only == true())
                         )
                     elif scope == 'all':
                         query = self.sa.query(Integration)
                     else:
                         raise Exception(
                             "invalid `scope`, must be one of: "
                             "['global', 'all', <Repository>, <RepoGroup>]")
                     if IntegrationType is not None:
                         query = query.filter(
                             Integration.integration_type==IntegrationType.key)
                     result = []
                     for integration in query.all():
                         IntType = integration_type_registry.get(integration.integration_type)
                         result.append((IntType, integration))
                     return result
                 def get_for_event(self, event, cache=False):
                     """
                     Get integrations that match an event
                     """
                     # base query
                     query = self.sa.query(
                         Integration
                     ).filter(
                         Integration.enabled == true()
                     )
                     global_integrations_filter = and_(
-                        Integration.repo_id == None,
+                        Integration.repo_id == null(),
-                        Integration.repo_group_id == None,
+                        Integration.repo_group_id == null(),
                         Integration.child_repos_only == false(),
                     )
                     if isinstance(event, events.RepoEvent):
                         root_repos_integrations_filter = and_(
-                            Integration.repo_id == None,
+                            Integration.repo_id == null(),
-                            Integration.repo_group_id == None,
+                            Integration.repo_group_id == null(),
                             Integration.child_repos_only == true(),
                         )
                         clauses = [
                             global_integrations_filter,
                         ]
                         cases = [
                             (global_integrations_filter, 1),
                             (root_repos_integrations_filter, 2),
                         ]
                         # repo group integrations
                         if event.repo.group:
                             # repo group with only root level repos
                             group_child_repos_filter = and_(
                                 Integration.repo_group_id == event.repo.group.group_id,
                                 Integration.child_repos_only == true()
                             )
                             clauses.append(group_child_repos_filter)
                             cases.append(
                                 (group_child_repos_filter, 3),
                             )
                             # repo group cascade to kids
                             group_recursive_repos_filter = and_(
                                 Integration.repo_group_id.in_(
                                     [group.group_id for group in event.repo.groups_with_parents]
                                 ),
                                 Integration.child_repos_only == false()
                             )
                             clauses.append(group_recursive_repos_filter)
                             cases.append(
                                 (group_recursive_repos_filter, 4),
                             )
                         if not event.repo.group:  # root repo
                             clauses.append(root_repos_integrations_filter)
                         # repo integrations
                         if event.repo.repo_id:  # pre create events dont have a repo_id yet
                             specific_repo_filter = Integration.repo_id == event.repo.repo_id
                             clauses.append(specific_repo_filter)
                             cases.append(
                                 (specific_repo_filter, 5),
                             )
                         order_by_criterion = case(cases)
                         query = query.filter(or_(*clauses))
                         query = query.order_by(order_by_criterion)
                         if cache:
-                            cache_key = "get_enabled_repo_integrations_%i" % event.repo.repo_id
+                            cache_key = f"get_enabled_repo_integrations_{event.repo.repo_id}"
                             query = query.options(
                                 FromCache("sql_cache_short", cache_key))
                     else:  # only global integrations
                         order_by_criterion = Integration.integration_id
                         query = query.filter(global_integrations_filter)
                         query = query.order_by(order_by_criterion)
                         if cache:
                             query = query.options(
                                 FromCache("sql_cache_short", "get_enabled_global_integrations"))
                     result = query.all()
                     return result

rhodecode/model/notification.py

0 +5 -1

             # Copyright (C) 2011-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Model for notifications
             """
             import logging
             import traceback
             import premailer
             from pyramid.threadlocal import get_current_request
             from sqlalchemy.sql.expression import false, true
             import rhodecode
             from rhodecode.lib import helpers as h
             from rhodecode.model import BaseModel
             from rhodecode.model.db import Notification, User, UserNotification
             from rhodecode.model.meta import Session
             from rhodecode.translation import TranslationString
             log = logging.getLogger(__name__)
             class NotificationModel(BaseModel):
                 cls = Notification
                 def __get_notification(self, notification):
                     if isinstance(notification, Notification):
                         return notification
                     elif isinstance(notification, int):
                         return Notification.get(notification)
                     else:
                         if notification:
                             raise Exception('notification must be int or Instance'
                                             ' of Notification got %s' % type(notification))
                 def create(
                         self, created_by, notification_subject='', notification_body='',
                         notification_type=Notification.TYPE_MESSAGE, recipients=None,
                         mention_recipients=None, with_email=True, email_kwargs=None):
                     """
                     Creates notification of given type
                     :param created_by: int, str or User instance. User who created this
                         notification
                     :param notification_subject: subject of notification itself,
                         it will be generated automatically from notification_type if not specified
                     :param notification_body: body of notification text
                         it will be generated automatically from notification_type if not specified
                     :param notification_type: type of notification, based on that we
                         pick templates
                     :param recipients: list of int, str or User objects, when None
                         is given send to all admins
                     :param mention_recipients: list of int, str or User objects,
                         that were mentioned
                     :param with_email: send email with this notification
                     :param email_kwargs: dict with arguments to generate email
                     """
                     from rhodecode.lib.celerylib import tasks, run_task
                     if recipients and not getattr(recipients, '__iter__', False):
                         raise Exception('recipients must be an iterable object')
                     if not (notification_subject and notification_body) and not notification_type:
                         raise ValueError('notification_subject, and notification_body '
                                          'cannot be empty when notification_type is not specified')
                     created_by_obj = self._get_user(created_by)
                     if not created_by_obj:
                         raise Exception('unknown user %s' % created_by)
                     # default MAIN body if not given
                     email_kwargs = email_kwargs or {'body': notification_body}
                     mention_recipients = mention_recipients or set()
                     if recipients is None:
                         # recipients is None means to all admins
                         recipients_objs = User.query().filter(User.admin == true()).all()
                         log.debug('sending notifications %s to admins: %s',
                                   notification_type, recipients_objs)
                     else:
                         recipients_objs = set()
                         for u in recipients:
                             obj = self._get_user(u)
                             if obj:
                                 recipients_objs.add(obj)
                             else:  # we didn't find this user, log the error and carry on
                                 log.error('cannot notify unknown user %r', u)
                         if not recipients_objs:
                             raise Exception('no valid recipients specified')
                         log.debug('sending notifications %s to %s',
                                   notification_type, recipients_objs)
                     # add mentioned users into recipients
                     final_recipients = set(recipients_objs).union(mention_recipients)
                     (subject, email_body, email_body_plaintext) = \
                         EmailNotificationModel().render_email(notification_type, **email_kwargs)
                     if not notification_subject:
                         notification_subject = subject
                     if not notification_body:
                         notification_body = email_body_plaintext
                     notification = Notification.create(
                         created_by=created_by_obj, subject=notification_subject,
                         body=notification_body, recipients=final_recipients,
                         type_=notification_type
                     )
                     if not with_email:  # skip sending email, and just create notification
                         return notification
                     # don't send email to person who created this comment
                     rec_objs = set(recipients_objs).difference({created_by_obj})
                     # now notify all recipients in question
                     for recipient in rec_objs.union(mention_recipients):
                         # inject current recipient
                         email_kwargs['recipient'] = recipient
                         email_kwargs['mention'] = recipient in mention_recipients
                         (subject, email_body, email_body_plaintext) = EmailNotificationModel().render_email(
                             notification_type, **email_kwargs)
                         extra_headers = None
                         if 'thread_ids' in email_kwargs:
                             extra_headers = {'thread_ids': email_kwargs.pop('thread_ids')}
                         log.debug('Creating notification email task for user:`%s`', recipient)
                         task = run_task(tasks.send_email, recipient.email, subject,
                                         email_body_plaintext, email_body, extra_headers=extra_headers)
                         log.debug('Created email task: %s', task)
                     return notification
                 def delete(self, user, notification):
                     # we don't want to remove actual notification just the assignment
                     try:
                         notification = self.__get_notification(notification)
                         user = self._get_user(user)
                         if notification and user:
                             obj = UserNotification.query()\
                                 .filter(UserNotification.user == user)\
                                 .filter(UserNotification.notification == notification)\
                                 .one()
                             Session().delete(obj)
                             return True
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def get_for_user(self, user, filter_=None):
                     """
                     Get mentions for given user, filter them if filter dict is given
                     """
                     user = self._get_user(user)
                     q = UserNotification.query()\
                         .filter(UserNotification.user == user)\
                         .join((
                             Notification, UserNotification.notification_id ==
                             Notification.notification_id))
                     if filter_ == ['all']:
                         q = q  # no filter
                     elif filter_ == ['unread']:
                         q = q.filter(UserNotification.read == false())
                     elif filter_:
                         q = q.filter(Notification.type_.in_(filter_))
                     return q
                 def mark_read(self, user, notification):
                     try:
                         notification = self.__get_notification(notification)
                         user = self._get_user(user)
                         if notification and user:
                             obj = UserNotification.query()\
                                 .filter(UserNotification.user == user)\
                                 .filter(UserNotification.notification == notification)\
                                 .one()
                             obj.read = True
                             Session().add(obj)
                             return True
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def mark_all_read_for_user(self, user, filter_=None):
                     user = self._get_user(user)
                     q = UserNotification.query()\
                         .filter(UserNotification.user == user)\
                         .filter(UserNotification.read == false())\
                         .join((
                             Notification, UserNotification.notification_id ==
                             Notification.notification_id))
                     if filter_ == ['unread']:
                         q = q.filter(UserNotification.read == false())
                     elif filter_:
                         q = q.filter(Notification.type_.in_(filter_))
                     # this is a little inefficient but sqlalchemy doesn't support
                     # update on joined tables :(
                     for obj in q.all():
                         obj.read = True
                         Session().add(obj)
                 def get_unread_cnt_for_user(self, user):
                     user = self._get_user(user)
                     return UserNotification.query()\
                         .filter(UserNotification.read == false())\
                         .filter(UserNotification.user == user).count()
                 def get_unread_for_user(self, user):
                     user = self._get_user(user)
                     return [x.notification for x in UserNotification.query()
                             .filter(UserNotification.read == false())
                             .filter(UserNotification.user == user).all()]
                 def get_user_notification(self, user, notification):
                     user = self._get_user(user)
                     notification = self.__get_notification(notification)
                     return UserNotification.query()\
                         .filter(UserNotification.notification == notification)\
                         .filter(UserNotification.user == user).scalar()
                 def make_description(self, notification, translate, show_age=True):
                     """
                     Creates a human readable description based on properties
                     of notification object
                     """
                     _ = translate
                     _map = {
                         notification.TYPE_CHANGESET_COMMENT: [
                             _('%(user)s commented on commit %(date_or_age)s'),
                             _('%(user)s commented on commit at %(date_or_age)s'),
                             ],
                         notification.TYPE_MESSAGE: [
                             _('%(user)s sent message %(date_or_age)s'),
                             _('%(user)s sent message at %(date_or_age)s'),
                             ],
                         notification.TYPE_MENTION: [
                             _('%(user)s mentioned you %(date_or_age)s'),
                             _('%(user)s mentioned you at %(date_or_age)s'),
                             ],
                         notification.TYPE_REGISTRATION: [
                             _('%(user)s registered in RhodeCode %(date_or_age)s'),
                             _('%(user)s registered in RhodeCode at %(date_or_age)s'),
                             ],
                         notification.TYPE_PULL_REQUEST: [
                             _('%(user)s opened new pull request %(date_or_age)s'),
                             _('%(user)s opened new pull request at %(date_or_age)s'),
                             ],
                         notification.TYPE_PULL_REQUEST_UPDATE: [
                             _('%(user)s updated pull request %(date_or_age)s'),
                             _('%(user)s updated pull request at %(date_or_age)s'),
                         ],
                         notification.TYPE_PULL_REQUEST_COMMENT: [
                             _('%(user)s commented on pull request %(date_or_age)s'),
                             _('%(user)s commented on pull request at %(date_or_age)s'),
                             ],
                     }
                     templates = _map[notification.type_]
                     if show_age:
                         template = templates[0]
                         date_or_age = h.age(notification.created_on)
                         if translate:
                             date_or_age = translate(date_or_age)
                         if isinstance(date_or_age, TranslationString):
                             date_or_age = date_or_age.interpolate()
                     else:
                         template = templates[1]
                         date_or_age = h.format_date(notification.created_on)
                     return template % {
                         'user': notification.created_by_user.username,
                         'date_or_age': date_or_age,
                     }
             # Templates for Titles, that could be overwritten by rcextensions
             # Title of email for pull-request update
             EMAIL_PR_UPDATE_SUBJECT_TEMPLATE = ''
             # Title of email for request for pull request review
             EMAIL_PR_REVIEW_SUBJECT_TEMPLATE = ''
             # Title of email for general comment on pull request
             EMAIL_PR_COMMENT_SUBJECT_TEMPLATE = ''
             # Title of email for general comment which includes status change on pull request
             EMAIL_PR_COMMENT_STATUS_CHANGE_SUBJECT_TEMPLATE = ''
             # Title of email for inline comment on a file in pull request
             EMAIL_PR_COMMENT_FILE_SUBJECT_TEMPLATE = ''
             # Title of email for general comment on commit
             EMAIL_COMMENT_SUBJECT_TEMPLATE = ''
             # Title of email for general comment which includes status change on commit
             EMAIL_COMMENT_STATUS_CHANGE_SUBJECT_TEMPLATE = ''
             # Title of email for inline comment on a file in commit
             EMAIL_COMMENT_FILE_SUBJECT_TEMPLATE = ''
             import cssutils
             # hijack css utils logger and replace with ours
             log = logging.getLogger('rhodecode.cssutils.premailer')
+            log.setLevel(logging.INFO)
             cssutils.log.setLog(log)
             class EmailNotificationModel(BaseModel):
                 TYPE_COMMIT_COMMENT = Notification.TYPE_CHANGESET_COMMENT
                 TYPE_REGISTRATION = Notification.TYPE_REGISTRATION
                 TYPE_PULL_REQUEST = Notification.TYPE_PULL_REQUEST
                 TYPE_PULL_REQUEST_COMMENT = Notification.TYPE_PULL_REQUEST_COMMENT
                 TYPE_PULL_REQUEST_UPDATE = Notification.TYPE_PULL_REQUEST_UPDATE
                 TYPE_MAIN = Notification.TYPE_MESSAGE
                 TYPE_PASSWORD_RESET = 'password_reset'
                 TYPE_PASSWORD_RESET_CONFIRMATION = 'password_reset_confirmation'
                 TYPE_EMAIL_TEST = 'email_test'
                 TYPE_EMAIL_EXCEPTION = 'exception'
                 TYPE_UPDATE_AVAILABLE = 'update_available'
                 TYPE_TEST = 'test'
                 email_types = {
                     TYPE_MAIN:
                         'rhodecode:templates/email_templates/main.mako',
                     TYPE_TEST:
                         'rhodecode:templates/email_templates/test.mako',
                     TYPE_EMAIL_EXCEPTION:
                         'rhodecode:templates/email_templates/exception_tracker.mako',
                     TYPE_UPDATE_AVAILABLE:
                         'rhodecode:templates/email_templates/update_available.mako',
                     TYPE_EMAIL_TEST:
                         'rhodecode:templates/email_templates/email_test.mako',
                     TYPE_REGISTRATION:
                         'rhodecode:templates/email_templates/user_registration.mako',
                     TYPE_PASSWORD_RESET:
                         'rhodecode:templates/email_templates/password_reset.mako',
                     TYPE_PASSWORD_RESET_CONFIRMATION:
                         'rhodecode:templates/email_templates/password_reset_confirmation.mako',
                     TYPE_COMMIT_COMMENT:
                         'rhodecode:templates/email_templates/commit_comment.mako',
                     TYPE_PULL_REQUEST:
                         'rhodecode:templates/email_templates/pull_request_review.mako',
                     TYPE_PULL_REQUEST_COMMENT:
                         'rhodecode:templates/email_templates/pull_request_comment.mako',
                     TYPE_PULL_REQUEST_UPDATE:
                         'rhodecode:templates/email_templates/pull_request_update.mako',
                 }
-                premailer_instance = premailer.Premailer()
+                premailer_instance = premailer.Premailer(
+                    #cssutils_logging_handler=log.handlers[0],
+                    #cssutils_logging_level=logging.INFO
+                )
                 def __init__(self):
                     """
                     Example usage::
                         (subject, email_body, email_body_plaintext) = EmailNotificationModel().render_email(
                             EmailNotificationModel.TYPE_TEST, **email_kwargs)
                     """
                     super(EmailNotificationModel, self).__init__()
                     self.rhodecode_instance_name = rhodecode.CONFIG.get('rhodecode_title')
                 def _update_kwargs_for_render(self, kwargs):
                     """
                     Inject params required for Mako rendering
                     :param kwargs:
                     """
                     kwargs['rhodecode_instance_name'] = self.rhodecode_instance_name
                     kwargs['rhodecode_version'] = rhodecode.__version__
                     instance_url = h.route_url('home')
                     _kwargs = {
                         'instance_url': instance_url,
                         'whitespace_filter': self.whitespace_filter,
                         'email_pr_update_subject_template': EMAIL_PR_UPDATE_SUBJECT_TEMPLATE,
                         'email_pr_review_subject_template': EMAIL_PR_REVIEW_SUBJECT_TEMPLATE,
                         'email_pr_comment_subject_template': EMAIL_PR_COMMENT_SUBJECT_TEMPLATE,
                         'email_pr_comment_status_change_subject_template': EMAIL_PR_COMMENT_STATUS_CHANGE_SUBJECT_TEMPLATE,
                         'email_pr_comment_file_subject_template': EMAIL_PR_COMMENT_FILE_SUBJECT_TEMPLATE,
                         'email_comment_subject_template': EMAIL_COMMENT_SUBJECT_TEMPLATE,
                         'email_comment_status_change_subject_template': EMAIL_COMMENT_STATUS_CHANGE_SUBJECT_TEMPLATE,
                         'email_comment_file_subject_template': EMAIL_COMMENT_FILE_SUBJECT_TEMPLATE,
                     }
                     _kwargs.update(kwargs)
                     return _kwargs
                 def whitespace_filter(self, text):
                     return text.replace('\n', '').replace('\t', '')
                 def get_renderer(self, type_, request):
                     template_name = self.email_types[type_]
                     return request.get_partial_renderer(template_name)
                 def render_email(self, type_, **kwargs):
                     """
                     renders template for email, and returns a tuple of
                     (subject, email_headers, email_html_body, email_plaintext_body)
                     """
                     request = get_current_request()
                     # translator and helpers inject
                     _kwargs = self._update_kwargs_for_render(kwargs)
                     email_template = self.get_renderer(type_, request=request)
                     subject = email_template.render('subject', **_kwargs)
                     try:
                         body_plaintext = email_template.render('body_plaintext', **_kwargs)
                     except AttributeError:
                         # it's not defined in template, ok we can skip it
                         body_plaintext = ''
                     # render WHOLE template
                     body = email_template.render(None, **_kwargs)
                     try:
                         # Inline CSS styles and conversion
                         body = self.premailer_instance.transform(body)
                     except Exception:
                         log.exception('Failed to parse body with premailer')
                         pass
                     return subject, body, body_plaintext

rhodecode/model/permission.py

0 +14 -6

             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             permissions model for RhodeCode
             """
             import collections
             import logging
             import traceback
             from sqlalchemy.exc import DatabaseError
             from rhodecode import events
             from rhodecode.model import BaseModel
             from rhodecode.model.db import (
                 User, Permission, UserToPerm, UserRepoToPerm, UserRepoGroupToPerm,
                 UserUserGroupToPerm, UserGroup, UserGroupToPerm, UserToRepoBranchPermission)
             from rhodecode.lib.utils2 import str2bool, safe_int
             log = logging.getLogger(__name__)
             class PermissionModel(BaseModel):
                 """
                 Permissions model for RhodeCode
                 """
                 FORKING_DISABLED = 'hg.fork.none'
                 FORKING_ENABLED = 'hg.fork.repository'
                 cls = Permission
                 global_perms = {
                     'default_repo_create': None,
                     # special case for create repos on write access to group
                     'default_repo_create_on_write': None,
                     'default_repo_group_create': None,
                     'default_user_group_create': None,
                     'default_fork_create': None,
                     'default_inherit_default_permissions': None,
                     'default_register': None,
                     'default_password_reset': None,
                     'default_extern_activate': None,
                     # object permissions below
                     'default_repo_perm': None,
                     'default_group_perm': None,
                     'default_user_group_perm': None,
                     # branch
                     'default_branch_perm': None,
                 }
                 def set_global_permission_choices(self, c_obj, gettext_translator):
                     _ = gettext_translator
                     c_obj.repo_perms_choices = [
                         ('repository.none', _('None'),),
                         ('repository.read', _('Read'),),
                         ('repository.write', _('Write'),),
                         ('repository.admin', _('Admin'),)]
                     c_obj.group_perms_choices = [
                         ('group.none', _('None'),),
                         ('group.read', _('Read'),),
                         ('group.write', _('Write'),),
                         ('group.admin', _('Admin'),)]
                     c_obj.user_group_perms_choices = [
                         ('usergroup.none', _('None'),),
                         ('usergroup.read', _('Read'),),
                         ('usergroup.write', _('Write'),),
                         ('usergroup.admin', _('Admin'),)]
                     c_obj.branch_perms_choices = [
                         ('branch.none', _('Protected/No Access'),),
                         ('branch.merge', _('Web merge'),),
                         ('branch.push', _('Push'),),
                         ('branch.push_force', _('Force Push'),)]
                     c_obj.register_choices = [
                         ('hg.register.none', _('Disabled')),
                         ('hg.register.manual_activate', _('Allowed with manual account activation')),
                         ('hg.register.auto_activate', _('Allowed with automatic account activation'))]
                     c_obj.password_reset_choices = [
                         ('hg.password_reset.enabled', _('Allow password recovery')),
                         ('hg.password_reset.hidden', _('Hide password recovery link')),
                         ('hg.password_reset.disabled', _('Disable password recovery'))]
                     c_obj.extern_activate_choices = [
                         ('hg.extern_activate.manual', _('Manual activation of external account')),
                         ('hg.extern_activate.auto', _('Automatic activation of external account'))]
                     c_obj.repo_create_choices = [
                         ('hg.create.none', _('Disabled')),
                         ('hg.create.repository', _('Enabled'))]
                     c_obj.repo_create_on_write_choices = [
                         ('hg.create.write_on_repogroup.false', _('Disabled')),
                         ('hg.create.write_on_repogroup.true', _('Enabled'))]
                     c_obj.user_group_create_choices = [
                         ('hg.usergroup.create.false', _('Disabled')),
                         ('hg.usergroup.create.true', _('Enabled'))]
                     c_obj.repo_group_create_choices = [
                         ('hg.repogroup.create.false', _('Disabled')),
                         ('hg.repogroup.create.true', _('Enabled'))]
                     c_obj.fork_choices = [
                         (self.FORKING_DISABLED, _('Disabled')),
                         (self.FORKING_ENABLED, _('Enabled'))]
                     c_obj.inherit_default_permission_choices = [
                         ('hg.inherit_default_perms.false', _('Disabled')),
                         ('hg.inherit_default_perms.true', _('Enabled'))]
                 def get_default_perms(self, object_perms, suffix):
                     defaults = {}
                     for perm in object_perms:
                         # perms
                         if perm.permission.permission_name.startswith('repository.'):
                             defaults['default_repo_perm' + suffix] = perm.permission.permission_name
                         if perm.permission.permission_name.startswith('group.'):
                             defaults['default_group_perm' + suffix] = perm.permission.permission_name
                         if perm.permission.permission_name.startswith('usergroup.'):
                             defaults['default_user_group_perm' + suffix] = perm.permission.permission_name
                         # branch
                         if perm.permission.permission_name.startswith('branch.'):
                             defaults['default_branch_perm' + suffix] = perm.permission.permission_name
                         # creation of objects
                         if perm.permission.permission_name.startswith('hg.create.write_on_repogroup'):
                             defaults['default_repo_create_on_write' + suffix] = perm.permission.permission_name
                         elif perm.permission.permission_name.startswith('hg.create.'):
                             defaults['default_repo_create' + suffix] = perm.permission.permission_name
                         if perm.permission.permission_name.startswith('hg.fork.'):
                             defaults['default_fork_create' + suffix] = perm.permission.permission_name
                         if perm.permission.permission_name.startswith('hg.inherit_default_perms.'):
                             defaults['default_inherit_default_permissions' + suffix] = perm.permission.permission_name
                         if perm.permission.permission_name.startswith('hg.repogroup.'):
                             defaults['default_repo_group_create' + suffix] = perm.permission.permission_name
                         if perm.permission.permission_name.startswith('hg.usergroup.'):
                             defaults['default_user_group_create' + suffix] = perm.permission.permission_name
                         # registration and external account activation
                         if perm.permission.permission_name.startswith('hg.register.'):
                             defaults['default_register' + suffix] = perm.permission.permission_name
                         if perm.permission.permission_name.startswith('hg.password_reset.'):
                             defaults['default_password_reset' + suffix] = perm.permission.permission_name
                         if perm.permission.permission_name.startswith('hg.extern_activate.'):
                             defaults['default_extern_activate' + suffix] = perm.permission.permission_name
                     return defaults
                 def _make_new_user_perm(self, user, perm_name):
                     log.debug('Creating new user permission:%s', perm_name)
+                    new_perm = Permission.get_by_key(perm_name)
+                    if not new_perm:
+                        raise ValueError(f'permission with name {perm_name} not found')
                     new = UserToPerm()
                     new.user = user
-                    new.permission = Permission.get_by_key(perm_name)
+                    new.permission = new_perm
                     return new
                 def _make_new_user_group_perm(self, user_group, perm_name):
                     log.debug('Creating new user group permission:%s', perm_name)
+                    new_perm = Permission.get_by_key(perm_name)
+                    if not new_perm:
+                        raise ValueError(f'permission with name {perm_name} not found')
                     new = UserGroupToPerm()
                     new.users_group = user_group
-                    new.permission = Permission.get_by_key(perm_name)
+                    new.permission = new_perm
                     return new
                 def _keep_perm(self, perm_name, keep_fields):
                     def get_pat(field_name):
                         return {
                             # global perms
                             'default_repo_create': 'hg.create.',
                             # special case for create repos on write access to group
                             'default_repo_create_on_write': 'hg.create.write_on_repogroup.',
                             'default_repo_group_create': 'hg.repogroup.create.',
                             'default_user_group_create': 'hg.usergroup.create.',
                             'default_fork_create': 'hg.fork.',
                             'default_inherit_default_permissions': 'hg.inherit_default_perms.',
                             # application perms
                             'default_register': 'hg.register.',
                             'default_password_reset': 'hg.password_reset.',
                             'default_extern_activate': 'hg.extern_activate.',
                             # object permissions below
                             'default_repo_perm': 'repository.',
                             'default_group_perm': 'group.',
                             'default_user_group_perm': 'usergroup.',
                             # branch
                             'default_branch_perm': 'branch.',
                         }[field_name]
                     for field in keep_fields:
                         pat = get_pat(field)
                         if perm_name.startswith(pat):
                             return True
                     return False
                 def _clear_object_perm(self, object_perms, preserve=None):
                     preserve = preserve or []
                     _deleted = []
                     for perm in object_perms:
                         perm_name = perm.permission.permission_name
                         if not self._keep_perm(perm_name, keep_fields=preserve):
                             _deleted.append(perm_name)
                             self.sa.delete(perm)
                     return _deleted
                 def _clear_user_perms(self, user_id, preserve=None):
                     perms = self.sa.query(UserToPerm)\
                         .filter(UserToPerm.user_id == user_id)\
                         .all()
                     return self._clear_object_perm(perms, preserve=preserve)
                 def _clear_user_group_perms(self, user_group_id, preserve=None):
                     perms = self.sa.query(UserGroupToPerm)\
                         .filter(UserGroupToPerm.users_group_id == user_group_id)\
                         .all()
                     return self._clear_object_perm(perms, preserve=preserve)
                 def _set_new_object_perms(self, obj_type, to_object, form_result, preserve=None):
                     # clear current entries, to make this function idempotent
                     # it will fix even if we define more permissions or permissions
                     # are somehow missing
                     preserve = preserve or []
                     _global_perms = self.global_perms.copy()
                     if obj_type not in ['user', 'user_group']:
                         raise ValueError("obj_type must be on of 'user' or 'user_group'")
                     global_perms = len(_global_perms)
                     default_user_perms = len(Permission.DEFAULT_USER_PERMISSIONS)
                     if global_perms != default_user_perms:
                         raise Exception(
                             'Inconsistent permissions definition. Got {} vs {}'.format(
                                 global_perms, default_user_perms))
                     if obj_type == 'user':
                         self._clear_user_perms(to_object.user_id, preserve)
                     if obj_type == 'user_group':
                         self._clear_user_group_perms(to_object.users_group_id, preserve)
                     # now kill the keys that we want to preserve from the form.
                     for key in preserve:
                         del _global_perms[key]
                     for k in _global_perms.copy():
                         _global_perms[k] = form_result[k]
                     # at that stage we validate all are passed inside form_result
                     for _perm_key, perm_value in _global_perms.items():
                         if perm_value is None:
                             raise ValueError('Missing permission for %s' % (_perm_key,))
                         if obj_type == 'user':
-                            p = self._make_new_user_perm(object, perm_value)
+                            p = self._make_new_user_perm(to_object, perm_value)
                             self.sa.add(p)
                         if obj_type == 'user_group':
-                            p = self._make_new_user_group_perm(object, perm_value)
+                            p = self._make_new_user_group_perm(to_object, perm_value)
                             self.sa.add(p)
                 def _set_new_user_perms(self, user, form_result, preserve=None):
                     return self._set_new_object_perms(
                         'user', user, form_result, preserve)
                 def _set_new_user_group_perms(self, user_group, form_result, preserve=None):
                     return self._set_new_object_perms(
                         'user_group', user_group, form_result, preserve)
                 def set_new_user_perms(self, user, form_result):
                     # calculate what to preserve from what is given in form_result
                     preserve = set(self.global_perms.keys()).difference(set(form_result.keys()))
                     return self._set_new_user_perms(user, form_result, preserve)
                 def set_new_user_group_perms(self, user_group, form_result):
                     # calculate what to preserve from what is given in form_result
                     preserve = set(self.global_perms.keys()).difference(set(form_result.keys()))
                     return self._set_new_user_group_perms(user_group, form_result, preserve)
                 def create_permissions(self):
                     """
                     Create permissions for whole system
                     """
                     for p in Permission.PERMS:
                         if not Permission.get_by_key(p[0]):
                             new_perm = Permission()
                             new_perm.permission_name = p[0]
                             new_perm.permission_longname = p[0]  # translation err with p[1]
                             self.sa.add(new_perm)
                 def _create_default_object_permission(self, obj_type, obj, obj_perms,
                                                       force=False):
                     if obj_type not in ['user', 'user_group']:
                         raise ValueError("obj_type must be on of 'user' or 'user_group'")
                     def _get_group(perm_name):
                         return '.'.join(perm_name.split('.')[:1])
-                    defined_perms_groups = map(
+                    defined_perms_groups = list(map(
-                        _get_group, (x.permission.permission_name for x in obj_perms))
+                        _get_group, (x.permission.permission_name for x in obj_perms)))
                     log.debug('GOT ALREADY DEFINED:%s', obj_perms)
                     if force:
                         self._clear_object_perm(obj_perms)
                         self.sa.commit()
                         defined_perms_groups = []
                     # for every default permission that needs to be created, we check if
                     # it's group is already defined, if it's not we create default perm
                     for perm_name in Permission.DEFAULT_USER_PERMISSIONS:
                         gr = _get_group(perm_name)
                         if gr not in defined_perms_groups:
                             log.debug('GR:%s not found, creating permission %s',
                                       gr, perm_name)
                             if obj_type == 'user':
                                 new_perm = self._make_new_user_perm(obj, perm_name)
                                 self.sa.add(new_perm)
                             if obj_type == 'user_group':
                                 new_perm = self._make_new_user_group_perm(obj, perm_name)
                                 self.sa.add(new_perm)
                 def create_default_user_permissions(self, user, force=False):
                     """
                     Creates only missing default permissions for user, if force is set it
                     resets the default permissions for that user
                     :param user:
                     :param force:
                     """
                     user = self._get_user(user)
                     obj_perms = UserToPerm.query().filter(UserToPerm.user == user).all()
                     return self._create_default_object_permission(
                         'user', user, obj_perms, force)
                 def create_default_user_group_permissions(self, user_group, force=False):
                     """
                     Creates only missing default permissions for user group, if force is
                     set it resets the default permissions for that user group
                     :param user_group:
                     :param force:
                     """
                     user_group = self._get_user_group(user_group)
                     obj_perms = UserToPerm.query().filter(UserGroupToPerm.users_group == user_group).all()
                     return self._create_default_object_permission(
                         'user_group', user_group, obj_perms, force)
                 def update_application_permissions(self, form_result):
                     if 'perm_user_id' in form_result:
                         perm_user = User.get(safe_int(form_result['perm_user_id']))
                     else:
                         # used mostly to do lookup for default user
                         perm_user = User.get_by_username(form_result['perm_user_name'])
                     try:
                         # stage 1 set anonymous access
                         if perm_user.username == User.DEFAULT_USER:
                             perm_user.active = str2bool(form_result['anonymous'])
                             self.sa.add(perm_user)
                         # stage 2 reset defaults and set them from form data
                         self._set_new_user_perms(perm_user, form_result, preserve=[
                             'default_repo_perm',
                             'default_group_perm',
                             'default_user_group_perm',
                             'default_branch_perm',
                             'default_repo_group_create',
                             'default_user_group_create',
                             'default_repo_create_on_write',
                             'default_repo_create',
                             'default_fork_create',
                             'default_inherit_default_permissions'])
                         self.sa.commit()
                     except (DatabaseError,):
                         log.error(traceback.format_exc())
                         self.sa.rollback()
                         raise
                 def update_user_permissions(self, form_result):
                     if 'perm_user_id' in form_result:
                         perm_user = User.get(safe_int(form_result['perm_user_id']))
                     else:
                         # used mostly to do lookup for default user
                         perm_user = User.get_by_username(form_result['perm_user_name'])
                     try:
                         # stage 2 reset defaults and set them from form data
                         self._set_new_user_perms(perm_user, form_result, preserve=[
                             'default_repo_perm',
                             'default_group_perm',
                             'default_user_group_perm',
                             'default_branch_perm',
                             'default_register',
                             'default_password_reset',
                             'default_extern_activate'])
                         self.sa.commit()
                     except (DatabaseError,):
                         log.error(traceback.format_exc())
                         self.sa.rollback()
                         raise
                 def update_user_group_permissions(self, form_result):
                     if 'perm_user_group_id' in form_result:
                         perm_user_group = UserGroup.get(safe_int(form_result['perm_user_group_id']))
                     else:
                         # used mostly to do lookup for default user
                         perm_user_group = UserGroup.get_by_group_name(form_result['perm_user_group_name'])
                     try:
                         # stage 2 reset defaults and set them from form data
                         self._set_new_user_group_perms(perm_user_group, form_result, preserve=[
                             'default_repo_perm',
                             'default_group_perm',
                             'default_user_group_perm',
                             'default_branch_perm',
                             'default_register',
                             'default_password_reset',
                             'default_extern_activate'])
                         self.sa.commit()
                     except (DatabaseError,):
                         log.error(traceback.format_exc())
                         self.sa.rollback()
                         raise
                 def update_object_permissions(self, form_result):
                     if 'perm_user_id' in form_result:
                         perm_user = User.get(safe_int(form_result['perm_user_id']))
                     else:
                         # used mostly to do lookup for default user
                         perm_user = User.get_by_username(form_result['perm_user_name'])
                     try:
                         # stage 2 reset defaults and set them from form data
                         self._set_new_user_perms(perm_user, form_result, preserve=[
                             'default_repo_group_create',
                             'default_user_group_create',
                             'default_repo_create_on_write',
                             'default_repo_create',
                             'default_fork_create',
                             'default_inherit_default_permissions',
                             'default_branch_perm',
                             'default_register',
                             'default_password_reset',
                             'default_extern_activate'])
                         # overwrite default repo permissions
                         if form_result['overwrite_default_repo']:
                             _def_name = form_result['default_repo_perm'].split('repository.')[-1]
                             _def = Permission.get_by_key('repository.' + _def_name)
                             for r2p in self.sa.query(UserRepoToPerm)\
                                            .filter(UserRepoToPerm.user == perm_user)\
                                            .all():
                                 # don't reset PRIVATE repositories
                                 if not r2p.repository.private:
                                     r2p.permission = _def
                                     self.sa.add(r2p)
                         # overwrite default repo group permissions
                         if form_result['overwrite_default_group']:
                             _def_name = form_result['default_group_perm'].split('group.')[-1]
                             _def = Permission.get_by_key('group.' + _def_name)
                             for g2p in self.sa.query(UserRepoGroupToPerm)\
                                            .filter(UserRepoGroupToPerm.user == perm_user)\
                                            .all():
                                 g2p.permission = _def
                                 self.sa.add(g2p)
                         # overwrite default user group permissions
                         if form_result['overwrite_default_user_group']:
                             _def_name = form_result['default_user_group_perm'].split('usergroup.')[-1]
                             # user groups
                             _def = Permission.get_by_key('usergroup.' + _def_name)
                             for g2p in self.sa.query(UserUserGroupToPerm)\
                                            .filter(UserUserGroupToPerm.user == perm_user)\
                                            .all():
                                 g2p.permission = _def
                                 self.sa.add(g2p)
                         # COMMIT
                         self.sa.commit()
                     except (DatabaseError,):
                         log.exception('Failed to set default object permissions')
                         self.sa.rollback()
                         raise
                 def update_branch_permissions(self, form_result):
                     if 'perm_user_id' in form_result:
                         perm_user = User.get(safe_int(form_result['perm_user_id']))
                     else:
                         # used mostly to do lookup for default user
                         perm_user = User.get_by_username(form_result['perm_user_name'])
                     try:
                         # stage 2 reset defaults and set them from form data
                         self._set_new_user_perms(perm_user, form_result, preserve=[
                             'default_repo_perm',
                             'default_group_perm',
                             'default_user_group_perm',
                             'default_repo_group_create',
                             'default_user_group_create',
                             'default_repo_create_on_write',
                             'default_repo_create',
                             'default_fork_create',
                             'default_inherit_default_permissions',
                             'default_register',
                             'default_password_reset',
                             'default_extern_activate'])
                         # overwrite default branch permissions
                         if form_result['overwrite_default_branch']:
                             _def_name = \
                                 form_result['default_branch_perm'].split('branch.')[-1]
                             _def = Permission.get_by_key('branch.' + _def_name)
                             user_perms = UserToRepoBranchPermission.query()\
                                 .join(UserToRepoBranchPermission.user_repo_to_perm)\
                                 .filter(UserRepoToPerm.user == perm_user).all()
                             for g2p in user_perms:
                                 g2p.permission = _def
                                 self.sa.add(g2p)
                         # COMMIT
                         self.sa.commit()
                     except (DatabaseError,):
                         log.exception('Failed to set default branch permissions')
                         self.sa.rollback()
                         raise
                 def get_users_with_repo_write(self, db_repo):
                     write_plus = ['repository.write', 'repository.admin']
                     default_user_id = User.get_default_user_id()
                     user_write_permissions = collections.OrderedDict()
                     # write or higher and DEFAULT user for inheritance
                     for perm in db_repo.permissions():
                         if perm.permission in write_plus or perm.user_id == default_user_id:
                             user_write_permissions[perm.user_id] = perm
                     return user_write_permissions
                 def get_user_groups_with_repo_write(self, db_repo):
                     write_plus = ['repository.write', 'repository.admin']
                     user_group_write_permissions = collections.OrderedDict()
                     # write or higher and DEFAULT user for inheritance
                     for p in db_repo.permission_user_groups():
                         if p.permission in write_plus:
                             user_group_write_permissions[p.users_group_id] = p
                     return user_group_write_permissions
                 def trigger_permission_flush(self, affected_user_ids=None):
                     affected_user_ids = affected_user_ids or User.get_all_user_ids()
                     events.trigger(events.UserPermissionsChange(affected_user_ids))
                 def flush_user_permission_caches(self, changes, affected_user_ids=None):
                     affected_user_ids = affected_user_ids or []
                     for change in changes['added'] + changes['updated'] + changes['deleted']:
                         if change['type'] == 'user':
                             affected_user_ids.append(change['id'])
                         if change['type'] == 'user_group':
                             user_group = UserGroup.get(safe_int(change['id']))
                             if user_group:
                                 group_members_ids = [x.user_id for x in user_group.members]
                                 affected_user_ids.extend(group_members_ids)
                     self.trigger_permission_flush(affected_user_ids)
                     return affected_user_ids

rhodecode/model/pull_request.py

0 +48 -34

             # Copyright (C) 2012-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             pull request model for RhodeCode
             """
-            import json
             import logging
             import os
             import datetime
-            import urllib.request, urllib.parse, urllib.error
+            import urllib.request
+            import urllib.parse
+            import urllib.error
             import collections
+            import dataclasses as dataclasses
             from pyramid.threadlocal import get_current_request
             from rhodecode.lib.vcs.nodes import FileNode
             from rhodecode.translation import lazy_ugettext
             from rhodecode.lib import helpers as h, hooks_utils, diffs
             from rhodecode.lib import audit_logger
             from collections import OrderedDict
             from rhodecode.lib.hooks_daemon import prepare_callback_daemon
+            from rhodecode.lib.ext_json import sjson as json
             from rhodecode.lib.markup_renderer import (
                 DEFAULT_COMMENTS_RENDERER, RstTemplateRenderer)
-            from rhodecode.lib.utils2 import (
+            from rhodecode.lib.hash_utils import md5_safe
-                safe_unicode, safe_str, md5_safe, AttributeDict, safe_int,
+            from rhodecode.lib.str_utils import safe_str
-                get_current_rhodecode_user)
+            from rhodecode.lib.utils2 import AttributeDict, get_current_rhodecode_user
             from rhodecode.lib.vcs.backends.base import (
                 Reference, MergeResponse, MergeFailureReason, UpdateFailureReason,
                 TargetRefMissing, SourceRefMissing)
             from rhodecode.lib.vcs.conf import settings as vcs_settings
             from rhodecode.lib.vcs.exceptions import (
                 CommitDoesNotExistError, EmptyRepositoryError)
             from rhodecode.model import BaseModel
             from rhodecode.model.changeset_status import ChangesetStatusModel
             from rhodecode.model.comment import CommentsModel
             from rhodecode.model.db import (
-                aliased, null, lazyload, and_, or_, func, String, cast, PullRequest, PullRequestReviewers, ChangesetStatus,
+                aliased, null, lazyload, and_, or_, select, func, String, cast, PullRequest, PullRequestReviewers, ChangesetStatus,
                 PullRequestVersion, ChangesetComment, Repository, RepoReviewRule, User)
             from rhodecode.model.meta import Session
             from rhodecode.model.notification import NotificationModel, \
                 EmailNotificationModel
             from rhodecode.model.scm import ScmModel
             from rhodecode.model.settings import VcsSettingsModel
             log = logging.getLogger(__name__)
             # Data structure to hold the response data when updating commits during a pull
             # request update.
             class UpdateResponse(object):
                 def __init__(self, executed, reason, new, old, common_ancestor_id,
                              commit_changes, source_changed, target_changed):
                     self.executed = executed
                     self.reason = reason
                     self.new = new
                     self.old = old
                     self.common_ancestor_id = common_ancestor_id
                     self.changes = commit_changes
                     self.source_changed = source_changed
                     self.target_changed = target_changed
             def get_diff_info(
                     source_repo, source_ref, target_repo, target_ref, get_authors=False,
                     get_commit_authors=True):
                 """
                 Calculates detailed diff information for usage in preview of creation of a pull-request.
                 This is also used for default reviewers logic
                 """
                 source_scm = source_repo.scm_instance()
                 target_scm = target_repo.scm_instance()
                 ancestor_id = target_scm.get_common_ancestor(target_ref, source_ref, source_scm)
                 if not ancestor_id:
                     raise ValueError(
                         'cannot calculate diff info without a common ancestor. '
                         'Make sure both repositories are related, and have a common forking commit.')
                 # case here is that want a simple diff without incoming commits,
                 # previewing what will be merged based only on commits in the source.
                 log.debug('Using ancestor %s as source_ref instead of %s',
                           ancestor_id, source_ref)
                 # source of changes now is the common ancestor
                 source_commit = source_scm.get_commit(commit_id=ancestor_id)
                 # target commit becomes the source ref as it is the last commit
                 # for diff generation this logic gives proper diff
                 target_commit = source_scm.get_commit(commit_id=source_ref)
                 vcs_diff = \
                     source_scm.get_diff(commit1=source_commit, commit2=target_commit,
                                         ignore_whitespace=False, context=3)
-                diff_processor = diffs.DiffProcessor(
+                diff_processor = diffs.DiffProcessor(vcs_diff, diff_format='newdiff',
-                    vcs_diff, format='newdiff', diff_limit=None,
+                                                     diff_limit=0, file_limit=0, show_full_diff=True)
-                    file_limit=None, show_full_diff=True)
                 _parsed = diff_processor.prepare()
                 all_files = []
                 all_files_changes = []
                 changed_lines = {}
                 stats = [0, 0]
                 for f in _parsed:
                     all_files.append(f['filename'])
                     all_files_changes.append({
                         'filename': f['filename'],
                         'stats': f['stats']
                     })
                     stats[0] += f['stats']['added']
                     stats[1] += f['stats']['deleted']
                     changed_lines[f['filename']] = []
                     if len(f['chunks']) < 2:
                         continue
                     # first line is "context" information
                     for chunks in f['chunks'][1:]:
                         for chunk in chunks['lines']:
                             if chunk['action'] not in ('del', 'mod'):
                                 continue
                             changed_lines[f['filename']].append(chunk['old_lineno'])
                 commit_authors = []
                 user_counts = {}
                 email_counts = {}
                 author_counts = {}
                 _commit_cache = {}
                 commits = []
                 if get_commit_authors:
                     log.debug('Obtaining commit authors from set of commits')
                     _compare_data = target_scm.compare(
                         target_ref, source_ref, source_scm, merge=True,
                         pre_load=["author", "date", "message"]
                     )
                     for commit in _compare_data:
                         # NOTE(marcink): we serialize here, so we don't produce more vcsserver calls on data returned
                         # at this function which is later called via JSON serialization
                         serialized_commit = dict(
                             author=commit.author,
                             date=commit.date,
                             message=commit.message,
                             commit_id=commit.raw_id,
                             raw_id=commit.raw_id
                         )
                         commits.append(serialized_commit)
                         user = User.get_from_cs_author(serialized_commit['author'])
                         if user and user not in commit_authors:
                             commit_authors.append(user)
                 # lines
                 if get_authors:
                     log.debug('Calculating authors of changed files')
                     target_commit = source_repo.get_commit(ancestor_id)
                     for fname, lines in changed_lines.items():
                         try:
                             node = target_commit.get_node(fname, pre_load=["is_binary"])
                         except Exception:
                             log.exception("Failed to load node with path %s", fname)
                             continue
                         if not isinstance(node, FileNode):
                             continue
                         # NOTE(marcink): for binary node we don't do annotation, just use last author
                         if node.is_binary:
                             author = node.last_commit.author
                             email = node.last_commit.author_email
                             user = User.get_from_cs_author(author)
                             if user:
                                 user_counts[user.user_id] = user_counts.get(user.user_id, 0) + 1
                             author_counts[author] = author_counts.get(author, 0) + 1
                             email_counts[email] = email_counts.get(email, 0) + 1
                             continue
                         for annotation in node.annotate:
                             line_no, commit_id, get_commit_func, line_text = annotation
                             if line_no in lines:
                                 if commit_id not in _commit_cache:
                                     _commit_cache[commit_id] = get_commit_func()
                                 commit = _commit_cache[commit_id]
                                 author = commit.author
                                 email = commit.author_email
                                 user = User.get_from_cs_author(author)
                                 if user:
                                     user_counts[user.user_id] = user_counts.get(user.user_id, 0) + 1
                                 author_counts[author] = author_counts.get(author, 0) + 1
                                 email_counts[email] = email_counts.get(email, 0) + 1
                 log.debug('Default reviewers processing finished')
                 return {
                     'commits': commits,
                     'files': all_files_changes,
                     'stats': stats,
                     'ancestor': ancestor_id,
                     # original authors of modified files
                     'original_authors': {
                         'users': user_counts,
                         'authors': author_counts,
                         'emails': email_counts,
                     },
                     'commit_authors': commit_authors
                 }
             class PullRequestModel(BaseModel):
                 cls = PullRequest
                 DIFF_CONTEXT = diffs.DEFAULT_CONTEXT
                 UPDATE_STATUS_MESSAGES = {
                     UpdateFailureReason.NONE: lazy_ugettext(
                         'Pull request update successful.'),
                     UpdateFailureReason.UNKNOWN: lazy_ugettext(
                         'Pull request update failed because of an unknown error.'),
                     UpdateFailureReason.NO_CHANGE: lazy_ugettext(
                         'No update needed because the source and target have not changed.'),
                     UpdateFailureReason.WRONG_REF_TYPE: lazy_ugettext(
                         'Pull request cannot be updated because the reference type is '
                         'not supported for an update. Only Branch, Tag or Bookmark is allowed.'),
                     UpdateFailureReason.MISSING_TARGET_REF: lazy_ugettext(
                         'This pull request cannot be updated because the target '
                         'reference is missing.'),
                     UpdateFailureReason.MISSING_SOURCE_REF: lazy_ugettext(
                         'This pull request cannot be updated because the source '
                         'reference is missing.'),
                 }
                 REF_TYPES = ['bookmark', 'book', 'tag', 'branch']
                 UPDATABLE_REF_TYPES = ['bookmark', 'book', 'branch']
                 def __get_pull_request(self, pull_request):
                     return self._get_instance((
                         PullRequest, PullRequestVersion), pull_request)
                 def _check_perms(self, perms, pull_request, user, api=False):
                     if not api:
                         return h.HasRepoPermissionAny(*perms)(
                             user=user, repo_name=pull_request.target_repo.repo_name)
                     else:
                         return h.HasRepoPermissionAnyApi(*perms)(
                             user=user, repo_name=pull_request.target_repo.repo_name)
                 def check_user_read(self, pull_request, user, api=False):
                     _perms = ('repository.admin', 'repository.write', 'repository.read',)
                     return self._check_perms(_perms, pull_request, user, api)
                 def check_user_merge(self, pull_request, user, api=False):
                     _perms = ('repository.admin', 'repository.write', 'hg.admin',)
                     return self._check_perms(_perms, pull_request, user, api)
                 def check_user_update(self, pull_request, user, api=False):
                     owner = user.user_id == pull_request.user_id
                     return self.check_user_merge(pull_request, user, api) or owner
                 def check_user_delete(self, pull_request, user):
                     owner = user.user_id == pull_request.user_id
                     _perms = ('repository.admin',)
                     return self._check_perms(_perms, pull_request, user) or owner
                 def is_user_reviewer(self, pull_request, user):
                     return user.user_id in [
                         x.user_id for x in
                         pull_request.get_pull_request_reviewers(PullRequestReviewers.ROLE_REVIEWER)
                         if x.user
                     ]
                 def check_user_change_status(self, pull_request, user, api=False):
                     return self.check_user_update(pull_request, user, api) \
                            or self.is_user_reviewer(pull_request, user)
                 def check_user_comment(self, pull_request, user):
                     owner = user.user_id == pull_request.user_id
                     return self.check_user_read(pull_request, user) or owner
                 def get(self, pull_request):
                     return self.__get_pull_request(pull_request)
                 def _prepare_get_all_query(self, repo_name, search_q=None, source=False,
                                            statuses=None, opened_by=None, order_by=None,
                                            order_dir='desc', only_created=False):
                     repo = None
                     if repo_name:
                         repo = self._get_repo(repo_name)
                     q = PullRequest.query()
                     if search_q:
-                        like_expression = u'%{}%'.format(safe_unicode(search_q))
+                        like_expression = u'%{}%'.format(safe_str(search_q))
                         q = q.join(User, User.user_id == PullRequest.user_id)
                         q = q.filter(or_(
                             cast(PullRequest.pull_request_id, String).ilike(like_expression),
                             User.username.ilike(like_expression),
                             PullRequest.title.ilike(like_expression),
                             PullRequest.description.ilike(like_expression),
                         ))
                     # source or target
                     if repo and source:
                         q = q.filter(PullRequest.source_repo == repo)
                     elif repo:
                         q = q.filter(PullRequest.target_repo == repo)
                     # closed,opened
                     if statuses:
                         q = q.filter(PullRequest.status.in_(statuses))
                     # opened by filter
                     if opened_by:
                         q = q.filter(PullRequest.user_id.in_(opened_by))
                     # only get those that are in "created" state
                     if only_created:
                         q = q.filter(PullRequest.pull_request_state == PullRequest.STATE_CREATED)
                     order_map = {
                         'name_raw': PullRequest.pull_request_id,
                         'id': PullRequest.pull_request_id,
                         'title': PullRequest.title,
                         'updated_on_raw': PullRequest.updated_on,
                         'target_repo': PullRequest.target_repo_id
                     }
                     if order_by and order_by in order_map:
                         if order_dir == 'asc':
                             q = q.order_by(order_map[order_by].asc())
                         else:
                             q = q.order_by(order_map[order_by].desc())
                     return q
                 def count_all(self, repo_name, search_q=None, source=False, statuses=None,
                               opened_by=None):
                     """
                     Count the number of pull requests for a specific repository.
                     :param repo_name: target or source repo
                     :param search_q: filter by text
                     :param source: boolean flag to specify if repo_name refers to source
                     :param statuses: list of pull request statuses
                     :param opened_by: author user of the pull request
                     :returns: int number of pull requests
                     """
                     q = self._prepare_get_all_query(
                         repo_name, search_q=search_q, source=source, statuses=statuses,
                         opened_by=opened_by)
                     return q.count()
                 def get_all(self, repo_name, search_q=None, source=False, statuses=None,
                             opened_by=None, offset=0, length=None, order_by=None, order_dir='desc'):
                     """
                     Get all pull requests for a specific repository.
                     :param repo_name: target or source repo
                     :param search_q: filter by text
                     :param source: boolean flag to specify if repo_name refers to source
                     :param statuses: list of pull request statuses
                     :param opened_by: author user of the pull request
                     :param offset: pagination offset
                     :param length: length of returned list
                     :param order_by: order of the returned list
                     :param order_dir: 'asc' or 'desc' ordering direction
                     :returns: list of pull requests
                     """
                     q = self._prepare_get_all_query(
                         repo_name, search_q=search_q, source=source, statuses=statuses,
                         opened_by=opened_by, order_by=order_by, order_dir=order_dir)
                     if length:
                         pull_requests = q.limit(length).offset(offset).all()
                     else:
                         pull_requests = q.all()
                     return pull_requests
                 def count_awaiting_review(self, repo_name, search_q=None, statuses=None):
                     """
                     Count the number of pull requests for a specific repository that are
                     awaiting review.
                     :param repo_name: target or source repo
                     :param search_q: filter by text
                     :param statuses: list of pull request statuses
                     :returns: int number of pull requests
                     """
                     pull_requests = self.get_awaiting_review(
                         repo_name, search_q=search_q, statuses=statuses)
                     return len(pull_requests)
                 def get_awaiting_review(self, repo_name, search_q=None, statuses=None,
                                         offset=0, length=None, order_by=None, order_dir='desc'):
                     """
                     Get all pull requests for a specific repository that are awaiting
                     review.
                     :param repo_name: target or source repo
                     :param search_q: filter by text
                     :param statuses: list of pull request statuses
                     :param offset: pagination offset
                     :param length: length of returned list
                     :param order_by: order of the returned list
                     :param order_dir: 'asc' or 'desc' ordering direction
                     :returns: list of pull requests
                     """
                     pull_requests = self.get_all(
                         repo_name, search_q=search_q, statuses=statuses,
                         order_by=order_by, order_dir=order_dir)
                     _filtered_pull_requests = []
                     for pr in pull_requests:
                         status = pr.calculated_review_status()
                         if status in [ChangesetStatus.STATUS_NOT_REVIEWED,
                                       ChangesetStatus.STATUS_UNDER_REVIEW]:
                             _filtered_pull_requests.append(pr)
                     if length:
                         return _filtered_pull_requests[offset:offset+length]
                     else:
                         return _filtered_pull_requests
                 def _prepare_awaiting_my_review_review_query(
                         self, repo_name, user_id, search_q=None, statuses=None,
                         order_by=None, order_dir='desc'):
                     for_review_statuses = [
                         ChangesetStatus.STATUS_UNDER_REVIEW, ChangesetStatus.STATUS_NOT_REVIEWED
                     ]
                     pull_request_alias = aliased(PullRequest)
                     status_alias = aliased(ChangesetStatus)
                     reviewers_alias = aliased(PullRequestReviewers)
                     repo_alias = aliased(Repository)
                     last_ver_subq = Session()\
                         .query(func.min(ChangesetStatus.version)) \
                         .filter(ChangesetStatus.pull_request_id == reviewers_alias.pull_request_id)\
                         .filter(ChangesetStatus.user_id == reviewers_alias.user_id) \
                         .subquery()
                     q = Session().query(pull_request_alias) \
                         .options(lazyload(pull_request_alias.author)) \
                         .join(reviewers_alias,
                               reviewers_alias.pull_request_id == pull_request_alias.pull_request_id) \
                         .join(repo_alias,
                               repo_alias.repo_id == pull_request_alias.target_repo_id) \
                         .outerjoin(status_alias,
                                    and_(status_alias.user_id == reviewers_alias.user_id,
                                         status_alias.pull_request_id == reviewers_alias.pull_request_id)) \
                         .filter(or_(status_alias.version == null(),
                                     status_alias.version == last_ver_subq)) \
                         .filter(reviewers_alias.user_id == user_id) \
                         .filter(repo_alias.repo_name == repo_name) \
                         .filter(or_(status_alias.status == null(), status_alias.status.in_(for_review_statuses))) \
                         .group_by(pull_request_alias)
                     # closed,opened
                     if statuses:
                         q = q.filter(pull_request_alias.status.in_(statuses))
                     if search_q:
-                        like_expression = u'%{}%'.format(safe_unicode(search_q))
+                        like_expression = u'%{}%'.format(safe_str(search_q))
                         q = q.join(User, User.user_id == pull_request_alias.user_id)
                         q = q.filter(or_(
                             cast(pull_request_alias.pull_request_id, String).ilike(like_expression),
                             User.username.ilike(like_expression),
                             pull_request_alias.title.ilike(like_expression),
                             pull_request_alias.description.ilike(like_expression),
                         ))
                     order_map = {
                         'name_raw': pull_request_alias.pull_request_id,
                         'title': pull_request_alias.title,
                         'updated_on_raw': pull_request_alias.updated_on,
                         'target_repo': pull_request_alias.target_repo_id
                     }
                     if order_by and order_by in order_map:
                         if order_dir == 'asc':
                             q = q.order_by(order_map[order_by].asc())
                         else:
                             q = q.order_by(order_map[order_by].desc())
                     return q
                 def count_awaiting_my_review(self, repo_name, user_id, search_q=None, statuses=None):
                     """
                     Count the number of pull requests for a specific repository that are
                     awaiting review from a specific user.
                     :param repo_name: target or source repo
                     :param user_id: reviewer user of the pull request
                     :param search_q: filter by text
                     :param statuses: list of pull request statuses
                     :returns: int number of pull requests
                     """
                     q = self._prepare_awaiting_my_review_review_query(
                         repo_name, user_id, search_q=search_q, statuses=statuses)
                     return q.count()
                 def get_awaiting_my_review(self, repo_name, user_id, search_q=None, statuses=None,
                                            offset=0, length=None, order_by=None, order_dir='desc'):
                     """
                     Get all pull requests for a specific repository that are awaiting
                     review from a specific user.
                     :param repo_name: target or source repo
                     :param user_id: reviewer user of the pull request
                     :param search_q: filter by text
                     :param statuses: list of pull request statuses
                     :param offset: pagination offset
                     :param length: length of returned list
                     :param order_by: order of the returned list
                     :param order_dir: 'asc' or 'desc' ordering direction
                     :returns: list of pull requests
                     """
                     q = self._prepare_awaiting_my_review_review_query(
                         repo_name, user_id, search_q=search_q, statuses=statuses,
                         order_by=order_by, order_dir=order_dir)
                     if length:
                         pull_requests = q.limit(length).offset(offset).all()
                     else:
                         pull_requests = q.all()
                     return pull_requests
                 def _prepare_im_participating_query(self, user_id=None, statuses=None, query='',
                                                     order_by=None, order_dir='desc'):
                     """
                     return a query of pull-requests user is an creator, or he's added as a reviewer
                     """
                     q = PullRequest.query()
                     if user_id:
-                        reviewers_subquery = Session().query(
-                            PullRequestReviewers.pull_request_id).filter(
+                        base_query = select(PullRequestReviewers)\
-                            PullRequestReviewers.user_id == user_id).subquery()
+                            .where(PullRequestReviewers.user_id == user_id)\
+                            .with_only_columns(PullRequestReviewers.pull_request_id)
                         user_filter = or_(
                             PullRequest.user_id == user_id,
-                            PullRequest.pull_request_id.in_(reviewers_subquery)
+                            PullRequest.pull_request_id.in_(base_query)
                         )
                         q = PullRequest.query().filter(user_filter)
                     # closed,opened
                     if statuses:
                         q = q.filter(PullRequest.status.in_(statuses))
                     if query:
-                        like_expression = u'%{}%'.format(safe_unicode(query))
+                        like_expression = u'%{}%'.format(safe_str(query))
                         q = q.join(User, User.user_id == PullRequest.user_id)
                         q = q.filter(or_(
                             cast(PullRequest.pull_request_id, String).ilike(like_expression),
                             User.username.ilike(like_expression),
                             PullRequest.title.ilike(like_expression),
                             PullRequest.description.ilike(like_expression),
                         ))
                     order_map = {
                         'name_raw': PullRequest.pull_request_id,
                         'title': PullRequest.title,
                         'updated_on_raw': PullRequest.updated_on,
                         'target_repo': PullRequest.target_repo_id
                     }
                     if order_by and order_by in order_map:
                         if order_dir == 'asc':
                             q = q.order_by(order_map[order_by].asc())
                         else:
                             q = q.order_by(order_map[order_by].desc())
                     return q
                 def count_im_participating_in(self, user_id=None, statuses=None, query=''):
                     q = self._prepare_im_participating_query(user_id, statuses=statuses, query=query)
                     return q.count()
                 def get_im_participating_in(
                         self, user_id=None, statuses=None, query='', offset=0,
                         length=None, order_by=None, order_dir='desc'):
                     """
                     Get all Pull requests that i'm participating in as a reviewer, or i have opened
                     """
                     q = self._prepare_im_participating_query(
                         user_id, statuses=statuses, query=query, order_by=order_by,
                         order_dir=order_dir)
                     if length:
                         pull_requests = q.limit(length).offset(offset).all()
                     else:
                         pull_requests = q.all()
                     return pull_requests
                 def _prepare_participating_in_for_review_query(
                         self, user_id, statuses=None, query='', order_by=None, order_dir='desc'):
                     for_review_statuses = [
                         ChangesetStatus.STATUS_UNDER_REVIEW, ChangesetStatus.STATUS_NOT_REVIEWED
                     ]
                     pull_request_alias = aliased(PullRequest)
                     status_alias = aliased(ChangesetStatus)
                     reviewers_alias = aliased(PullRequestReviewers)
                     last_ver_subq = Session()\
                         .query(func.min(ChangesetStatus.version)) \
                         .filter(ChangesetStatus.pull_request_id == reviewers_alias.pull_request_id)\
                         .filter(ChangesetStatus.user_id == reviewers_alias.user_id) \
                         .subquery()
                     q = Session().query(pull_request_alias) \
                         .options(lazyload(pull_request_alias.author)) \
                         .join(reviewers_alias,
                               reviewers_alias.pull_request_id == pull_request_alias.pull_request_id) \
                         .outerjoin(status_alias,
                                    and_(status_alias.user_id == reviewers_alias.user_id,
                                         status_alias.pull_request_id == reviewers_alias.pull_request_id)) \
                         .filter(or_(status_alias.version == null(),
                                     status_alias.version == last_ver_subq)) \
                         .filter(reviewers_alias.user_id == user_id) \
                         .filter(or_(status_alias.status == null(), status_alias.status.in_(for_review_statuses))) \
                         .group_by(pull_request_alias)
                     # closed,opened
                     if statuses:
                         q = q.filter(pull_request_alias.status.in_(statuses))
                     if query:
-                        like_expression = u'%{}%'.format(safe_unicode(query))
+                        like_expression = u'%{}%'.format(safe_str(query))
                         q = q.join(User, User.user_id == pull_request_alias.user_id)
                         q = q.filter(or_(
                             cast(pull_request_alias.pull_request_id, String).ilike(like_expression),
                             User.username.ilike(like_expression),
                             pull_request_alias.title.ilike(like_expression),
                             pull_request_alias.description.ilike(like_expression),
                         ))
                     order_map = {
                         'name_raw': pull_request_alias.pull_request_id,
                         'title': pull_request_alias.title,
                         'updated_on_raw': pull_request_alias.updated_on,
                         'target_repo': pull_request_alias.target_repo_id
                     }
                     if order_by and order_by in order_map:
                         if order_dir == 'asc':
                             q = q.order_by(order_map[order_by].asc())
                         else:
                             q = q.order_by(order_map[order_by].desc())
                     return q
                 def count_im_participating_in_for_review(self, user_id, statuses=None, query=''):
                     q = self._prepare_participating_in_for_review_query(user_id, statuses=statuses, query=query)
                     return q.count()
                 def get_im_participating_in_for_review(
                         self, user_id, statuses=None, query='', offset=0,
                         length=None, order_by=None, order_dir='desc'):
                     """
                     Get all Pull requests that needs user approval or rejection
                     """
                     q = self._prepare_participating_in_for_review_query(
                         user_id, statuses=statuses, query=query, order_by=order_by,
                         order_dir=order_dir)
                     if length:
                         pull_requests = q.limit(length).offset(offset).all()
                     else:
                         pull_requests = q.all()
                     return pull_requests
                 def get_versions(self, pull_request):
                     """
                     returns version of pull request sorted by ID descending
                     """
                     return PullRequestVersion.query()\
                         .filter(PullRequestVersion.pull_request == pull_request)\
                         .order_by(PullRequestVersion.pull_request_version_id.asc())\
                         .all()
                 def get_pr_version(self, pull_request_id, version=None):
                     at_version = None
                     if version and version == 'latest':
                         pull_request_ver = PullRequest.get(pull_request_id)
                         pull_request_obj = pull_request_ver
                         _org_pull_request_obj = pull_request_obj
                         at_version = 'latest'
                     elif version:
                         pull_request_ver = PullRequestVersion.get_or_404(version)
                         pull_request_obj = pull_request_ver
                         _org_pull_request_obj = pull_request_ver.pull_request
                         at_version = pull_request_ver.pull_request_version_id
                     else:
                         _org_pull_request_obj = pull_request_obj = PullRequest.get_or_404(
                             pull_request_id)
                     pull_request_display_obj = PullRequest.get_pr_display_object(
                         pull_request_obj, _org_pull_request_obj)
                     return _org_pull_request_obj, pull_request_obj, \
                            pull_request_display_obj, at_version
                 def pr_commits_versions(self, versions):
                     """
                     Maps the pull-request commits into all known PR versions. This way we can obtain
                     each pr version the commit was introduced in.
                     """
                     commit_versions = collections.defaultdict(list)
                     num_versions = [x.pull_request_version_id for x in versions]
                     for ver in versions:
                         for commit_id in ver.revisions:
                             ver_idx = ChangesetComment.get_index_from_version(
                                 ver.pull_request_version_id, num_versions=num_versions)
                             commit_versions[commit_id].append(ver_idx)
                     return commit_versions
                 def create(self, created_by, source_repo, source_ref, target_repo,
                            target_ref, revisions, reviewers, observers, title, description=None,
                            common_ancestor_id=None,
                            description_renderer=None,
                            reviewer_data=None, translator=None, auth_user=None):
                     translator = translator or get_current_request().translate
                     created_by_user = self._get_user(created_by)
                     auth_user = auth_user or created_by_user.AuthUser()
                     source_repo = self._get_repo(source_repo)
                     target_repo = self._get_repo(target_repo)
                     pull_request = PullRequest()
                     pull_request.source_repo = source_repo
                     pull_request.source_ref = source_ref
                     pull_request.target_repo = target_repo
                     pull_request.target_ref = target_ref
                     pull_request.revisions = revisions
                     pull_request.title = title
                     pull_request.description = description
                     pull_request.description_renderer = description_renderer
                     pull_request.author = created_by_user
                     pull_request.reviewer_data = reviewer_data
                     pull_request.pull_request_state = pull_request.STATE_CREATING
                     pull_request.common_ancestor_id = common_ancestor_id
                     Session().add(pull_request)
                     Session().flush()
                     reviewer_ids = set()
                     # members / reviewers
                     for reviewer_object in reviewers:
                         user_id, reasons, mandatory, role, rules = reviewer_object
                         user = self._get_user(user_id)
                         # skip duplicates
                         if user.user_id in reviewer_ids:
                             continue
                         reviewer_ids.add(user.user_id)
                         reviewer = PullRequestReviewers()
                         reviewer.user = user
                         reviewer.pull_request = pull_request
                         reviewer.reasons = reasons
                         reviewer.mandatory = mandatory
                         reviewer.role = role
                         # NOTE(marcink): pick only first rule for now
                         rule_id = list(rules)[0] if rules else None
                         rule = RepoReviewRule.get(rule_id) if rule_id else None
                         if rule:
                             review_group = rule.user_group_vote_rule(user_id)
                             # we check if this particular reviewer is member of a voting group
                             if review_group:
                                 # NOTE(marcink):
                                 # can be that user is member of more but we pick the first same,
                                 # same as default reviewers algo
                                 review_group = review_group[0]
                                 rule_data = {
                                     'rule_name':
                                         rule.review_rule_name,
                                     'rule_user_group_entry_id':
                                         review_group.repo_review_rule_users_group_id,
                                     'rule_user_group_name':
                                         review_group.users_group.users_group_name,
                                     'rule_user_group_members':
                                         [x.user.username for x in review_group.users_group.members],
                                     'rule_user_group_members_id':
                                         [x.user.user_id for x in review_group.users_group.members],
                                 }
                                 # e.g {'vote_rule': -1, 'mandatory': True}
                                 rule_data.update(review_group.rule_data())
                                 reviewer.rule_data = rule_data
                         Session().add(reviewer)
                         Session().flush()
                     for observer_object in observers:
                         user_id, reasons, mandatory, role, rules = observer_object
                         user = self._get_user(user_id)
                         # skip duplicates from reviewers
                         if user.user_id in reviewer_ids:
                             continue
                         #reviewer_ids.add(user.user_id)
                         observer = PullRequestReviewers()
                         observer.user = user
                         observer.pull_request = pull_request
                         observer.reasons = reasons
                         observer.mandatory = mandatory
                         observer.role = role
                         # NOTE(marcink): pick only first rule for now
                         rule_id = list(rules)[0] if rules else None
                         rule = RepoReviewRule.get(rule_id) if rule_id else None
                         if rule:
                             # TODO(marcink): do we need this for observers ??
                             pass
                         Session().add(observer)
                         Session().flush()
                     # Set approval status to "Under Review" for all commits which are
                     # part of this pull request.
                     ChangesetStatusModel().set_status(
                         repo=target_repo,
                         status=ChangesetStatus.STATUS_UNDER_REVIEW,
                         user=created_by_user,
                         pull_request=pull_request
                     )
                     # we commit early at this point. This has to do with a fact
                     # that before queries do some row-locking. And because of that
                     # we need to commit and finish transaction before below validate call
                     # that for large repos could be long resulting in long row locks
                     Session().commit()
                     # prepare workspace, and run initial merge simulation. Set state during that
                     # operation
                     pull_request = PullRequest.get(pull_request.pull_request_id)
                     # set as merging, for merge simulation, and if finished to created so we mark
                     # simulation is working fine
                     with pull_request.set_state(PullRequest.STATE_MERGING,
                                                 final_state=PullRequest.STATE_CREATED) as state_obj:
                         MergeCheck.validate(
                             pull_request, auth_user=auth_user, translator=translator)
                     self.notify_reviewers(pull_request, reviewer_ids, created_by_user)
                     self.trigger_pull_request_hook(pull_request, created_by_user, 'create')
                     creation_data = pull_request.get_api_data(with_merge_state=False)
                     self._log_audit_action(
                         'repo.pull_request.create', {'data': creation_data},
                         auth_user, pull_request)
                     return pull_request
                 def trigger_pull_request_hook(self, pull_request, user, action, data=None):
                     pull_request = self.__get_pull_request(pull_request)
                     target_scm = pull_request.target_repo.scm_instance()
                     if action == 'create':
                         trigger_hook = hooks_utils.trigger_create_pull_request_hook
                     elif action == 'merge':
                         trigger_hook = hooks_utils.trigger_merge_pull_request_hook
                     elif action == 'close':
                         trigger_hook = hooks_utils.trigger_close_pull_request_hook
                     elif action == 'review_status_change':
                         trigger_hook = hooks_utils.trigger_review_pull_request_hook
                     elif action == 'update':
                         trigger_hook = hooks_utils.trigger_update_pull_request_hook
                     elif action == 'comment':
                         trigger_hook = hooks_utils.trigger_comment_pull_request_hook
                     elif action == 'comment_edit':
                         trigger_hook = hooks_utils.trigger_comment_pull_request_edit_hook
                     else:
                         return
                     log.debug('Handling pull_request %s trigger_pull_request_hook with action %s and hook: %s',
                               pull_request, action, trigger_hook)
                     trigger_hook(
                         username=user.username,
                         repo_name=pull_request.target_repo.repo_name,
                         repo_type=target_scm.alias,
                         pull_request=pull_request,
                         data=data)
                 def _get_commit_ids(self, pull_request):
                     """
                     Return the commit ids of the merged pull request.
                     This method is not dealing correctly yet with the lack of autoupdates
                     nor with the implicit target updates.
                     For example: if a commit in the source repo is already in the target it
                     will be reported anyways.
                     """
                     merge_rev = pull_request.merge_rev
                     if merge_rev is None:
                         raise ValueError('This pull request was not merged yet')
                     commit_ids = list(pull_request.revisions)
                     if merge_rev not in commit_ids:
                         commit_ids.append(merge_rev)
                     return commit_ids
                 def merge_repo(self, pull_request, user, extras):
                     repo_type = pull_request.source_repo.repo_type
-                    log.debug("Merging pull request %s", pull_request.pull_request_id)
+                    log.debug("Merging pull request %s", pull_request)
                     extras['user_agent'] = '{}/internal-merge'.format(repo_type)
                     merge_state = self._merge_pull_request(pull_request, user, extras)
                     if merge_state.executed:
                         log.debug("Merge was successful, updating the pull request comments.")
                         self._comment_and_close_pr(pull_request, user, merge_state)
                         self._log_audit_action(
                             'repo.pull_request.merge',
                             {'merge_state': merge_state.__dict__},
                             user, pull_request)
                     else:
-                        log.warn("Merge failed, not updating the pull request.")
+                        log.warning("Merge failed, not updating the pull request.")
                     return merge_state
                 def _merge_pull_request(self, pull_request, user, extras, merge_msg=None):
                     target_vcs = pull_request.target_repo.scm_instance()
                     source_vcs = pull_request.source_repo.scm_instance()
-                    message = safe_unicode(merge_msg or vcs_settings.MERGE_MESSAGE_TMPL).format(
+                    message = safe_str(merge_msg or vcs_settings.MERGE_MESSAGE_TMPL).format(
                         pr_id=pull_request.pull_request_id,
                         pr_title=pull_request.title,
                         pr_desc=pull_request.description,
                         source_repo=source_vcs.name,
                         source_ref_name=pull_request.source_ref_parts.name,
                         target_repo=target_vcs.name,
                         target_ref_name=pull_request.target_ref_parts.name,
                     )
                     workspace_id = self._workspace_id(pull_request)
                     repo_id = pull_request.target_repo.repo_id
                     use_rebase = self._use_rebase_for_merging(pull_request)
                     close_branch = self._close_branch_before_merging(pull_request)
                     user_name = self._user_name_for_merging(pull_request, user)
                     target_ref = self._refresh_reference(
                         pull_request.target_ref_parts, target_vcs)
                     callback_daemon, extras = prepare_callback_daemon(
                         extras, protocol=vcs_settings.HOOKS_PROTOCOL,
                         host=vcs_settings.HOOKS_HOST,
                         use_direct_calls=vcs_settings.HOOKS_DIRECT_CALLS)
                     with callback_daemon:
                         # TODO: johbo: Implement a clean way to run a config_override
                         # for a single call.
                         target_vcs.config.set(
                             'rhodecode', 'RC_SCM_DATA', json.dumps(extras))
                         merge_state = target_vcs.merge(
                             repo_id, workspace_id, target_ref, source_vcs,
                             pull_request.source_ref_parts,
                             user_name=user_name, user_email=user.email,
                             message=message, use_rebase=use_rebase,
                             close_branch=close_branch)
                     return merge_state
                 def _comment_and_close_pr(self, pull_request, user, merge_state, close_msg=None):
                     pull_request.merge_rev = merge_state.merge_ref.commit_id
                     pull_request.updated_on = datetime.datetime.now()
                     close_msg = close_msg or 'Pull request merged and closed'
                     CommentsModel().create(
-                        text=safe_unicode(close_msg),
+                        text=safe_str(close_msg),
                         repo=pull_request.target_repo.repo_id,
                         user=user.user_id,
                         pull_request=pull_request.pull_request_id,
                         f_path=None,
                         line_no=None,
                         closing_pr=True
                     )
                     Session().add(pull_request)
                     Session().flush()
                     # TODO: paris: replace invalidation with less radical solution
                     ScmModel().mark_for_invalidation(
                         pull_request.target_repo.repo_name)
                     self.trigger_pull_request_hook(pull_request, user, 'merge')
                 def has_valid_update_type(self, pull_request):
                     source_ref_type = pull_request.source_ref_parts.type
                     return source_ref_type in self.REF_TYPES
                 def get_flow_commits(self, pull_request):
                     # source repo
                     source_ref_name = pull_request.source_ref_parts.name
                     source_ref_type = pull_request.source_ref_parts.type
                     source_ref_id = pull_request.source_ref_parts.commit_id
                     source_repo = pull_request.source_repo.scm_instance()
                     try:
                         if source_ref_type in self.REF_TYPES:
                             source_commit = source_repo.get_commit(
                                 source_ref_name, reference_obj=pull_request.source_ref_parts)
                         else:
                             source_commit = source_repo.get_commit(source_ref_id)
                     except CommitDoesNotExistError:
                         raise SourceRefMissing()
                     # target repo
                     target_ref_name = pull_request.target_ref_parts.name
                     target_ref_type = pull_request.target_ref_parts.type
                     target_ref_id = pull_request.target_ref_parts.commit_id
                     target_repo = pull_request.target_repo.scm_instance()
                     try:
                         if target_ref_type in self.REF_TYPES:
                             target_commit = target_repo.get_commit(
                                 target_ref_name, reference_obj=pull_request.target_ref_parts)
                         else:
                             target_commit = target_repo.get_commit(target_ref_id)
                     except CommitDoesNotExistError:
                         raise TargetRefMissing()
                     return source_commit, target_commit
                 def update_commits(self, pull_request, updating_user):
                     """
                     Get the updated list of commits for the pull request
                     and return the new pull request version and the list
                     of commits processed by this update action
                     updating_user is the user_object who triggered the update
                     """
                     pull_request = self.__get_pull_request(pull_request)
                     source_ref_type = pull_request.source_ref_parts.type
                     source_ref_name = pull_request.source_ref_parts.name
                     source_ref_id = pull_request.source_ref_parts.commit_id
                     target_ref_type = pull_request.target_ref_parts.type
                     target_ref_name = pull_request.target_ref_parts.name
                     target_ref_id = pull_request.target_ref_parts.commit_id
                     if not self.has_valid_update_type(pull_request):
                         log.debug("Skipping update of pull request %s due to ref type: %s",
                                   pull_request, source_ref_type)
                         return UpdateResponse(
                             executed=False,
                             reason=UpdateFailureReason.WRONG_REF_TYPE,
                             old=pull_request, new=None, common_ancestor_id=None, commit_changes=None,
                             source_changed=False, target_changed=False)
                     try:
                         source_commit, target_commit = self.get_flow_commits(pull_request)
                     except SourceRefMissing:
                         return UpdateResponse(
                             executed=False,
                             reason=UpdateFailureReason.MISSING_SOURCE_REF,
                             old=pull_request, new=None, common_ancestor_id=None, commit_changes=None,
                             source_changed=False, target_changed=False)
                     except TargetRefMissing:
                         return UpdateResponse(
                             executed=False,
                             reason=UpdateFailureReason.MISSING_TARGET_REF,
                             old=pull_request, new=None, common_ancestor_id=None, commit_changes=None,
                             source_changed=False, target_changed=False)
                     source_changed = source_ref_id != source_commit.raw_id
                     target_changed = target_ref_id != target_commit.raw_id
                     if not (source_changed or target_changed):
                         log.debug("Nothing changed in pull request %s", pull_request)
                         return UpdateResponse(
                             executed=False,
                             reason=UpdateFailureReason.NO_CHANGE,
                             old=pull_request, new=None, common_ancestor_id=None, commit_changes=None,
                             source_changed=target_changed, target_changed=source_changed)
                     change_in_found = 'target repo' if target_changed else 'source repo'
                     log.debug('Updating pull request because of change in %s detected',
                               change_in_found)
                     # Finally there is a need for an update, in case of source change
                     # we create a new version, else just an update
                     if source_changed:
                         pull_request_version = self._create_version_from_snapshot(pull_request)
                         self._link_comments_to_version(pull_request_version)
                     else:
                         try:
                             ver = pull_request.versions[-1]
                         except IndexError:
                             ver = None
                         pull_request.pull_request_version_id = \
                             ver.pull_request_version_id if ver else None
                         pull_request_version = pull_request
                     source_repo = pull_request.source_repo.scm_instance()
                     target_repo = pull_request.target_repo.scm_instance()
                     # re-compute commit ids
                     old_commit_ids = pull_request.revisions
                     pre_load = ["author", "date", "message", "branch"]
                     commit_ranges = target_repo.compare(
                         target_commit.raw_id, source_commit.raw_id, source_repo, merge=True,
                         pre_load=pre_load)
                     target_ref = target_commit.raw_id
                     source_ref = source_commit.raw_id
                     ancestor_commit_id = target_repo.get_common_ancestor(
                         target_ref, source_ref, source_repo)
                     if not ancestor_commit_id:
                         raise ValueError(
                             'cannot calculate diff info without a common ancestor. '
                             'Make sure both repositories are related, and have a common forking commit.')
                     pull_request.common_ancestor_id = ancestor_commit_id
                     pull_request.source_ref = '%s:%s:%s' % (
                         source_ref_type, source_ref_name, source_commit.raw_id)
                     pull_request.target_ref = '%s:%s:%s' % (
                         target_ref_type, target_ref_name, ancestor_commit_id)
                     pull_request.revisions = [
                         commit.raw_id for commit in reversed(commit_ranges)]
                     pull_request.updated_on = datetime.datetime.now()
                     Session().add(pull_request)
                     new_commit_ids = pull_request.revisions
                     old_diff_data, new_diff_data = self._generate_update_diffs(
                         pull_request, pull_request_version)
                     # calculate commit and file changes
                     commit_changes = self._calculate_commit_id_changes(
                         old_commit_ids, new_commit_ids)
                     file_changes = self._calculate_file_changes(
                         old_diff_data, new_diff_data)
                     # set comments as outdated if DIFFS changed
                     CommentsModel().outdate_comments(
                         pull_request, old_diff_data=old_diff_data,
                         new_diff_data=new_diff_data)
                     valid_commit_changes = (commit_changes.added or commit_changes.removed)
                     file_node_changes = (
                         file_changes.added or file_changes.modified or file_changes.removed)
                     pr_has_changes = valid_commit_changes or file_node_changes
                     # Add an automatic comment to the pull request, in case
                     # anything has changed
                     if pr_has_changes:
                         update_comment = CommentsModel().create(
                             text=self._render_update_message(ancestor_commit_id, commit_changes, file_changes),
                             repo=pull_request.target_repo,
                             user=pull_request.author,
                             pull_request=pull_request,
                             send_email=False, renderer=DEFAULT_COMMENTS_RENDERER)
                         # Update status to "Under Review" for added commits
                         for commit_id in commit_changes.added:
                             ChangesetStatusModel().set_status(
                                 repo=pull_request.source_repo,
                                 status=ChangesetStatus.STATUS_UNDER_REVIEW,
                                 comment=update_comment,
                                 user=pull_request.author,
                                 pull_request=pull_request,
                                 revision=commit_id)
                     # initial commit
                     Session().commit()
                     if pr_has_changes:
                         # send update email to users
                         try:
                             self.notify_users(pull_request=pull_request, updating_user=updating_user,
                                               ancestor_commit_id=ancestor_commit_id,
                                               commit_changes=commit_changes,
                                               file_changes=file_changes)
                             Session().commit()
                         except Exception:
                             log.exception('Failed to send email notification to users')
                             Session().rollback()
                     log.debug(
                         'Updated pull request %s, added_ids: %s, common_ids: %s, '
                         'removed_ids: %s', pull_request.pull_request_id,
                         commit_changes.added, commit_changes.common, commit_changes.removed)
                     log.debug(
                         'Updated pull request with the following file changes: %s',
                         file_changes)
                     log.info(
                         "Updated pull request %s from commit %s to commit %s, "
                         "stored new version %s of this pull request.",
                         pull_request.pull_request_id, source_ref_id,
                         pull_request.source_ref_parts.commit_id,
                         pull_request_version.pull_request_version_id)
                     self.trigger_pull_request_hook(pull_request, pull_request.author, 'update')
                     return UpdateResponse(
                         executed=True, reason=UpdateFailureReason.NONE,
                         old=pull_request, new=pull_request_version,
                         common_ancestor_id=ancestor_commit_id, commit_changes=commit_changes,
                         source_changed=source_changed, target_changed=target_changed)
                 def _create_version_from_snapshot(self, pull_request):
                     version = PullRequestVersion()
                     version.title = pull_request.title
                     version.description = pull_request.description
                     version.status = pull_request.status
                     version.pull_request_state = pull_request.pull_request_state
                     version.created_on = datetime.datetime.now()
                     version.updated_on = pull_request.updated_on
                     version.user_id = pull_request.user_id
                     version.source_repo = pull_request.source_repo
                     version.source_ref = pull_request.source_ref
                     version.target_repo = pull_request.target_repo
                     version.target_ref = pull_request.target_ref
                     version._last_merge_source_rev = pull_request._last_merge_source_rev
                     version._last_merge_target_rev = pull_request._last_merge_target_rev
                     version.last_merge_status = pull_request.last_merge_status
                     version.last_merge_metadata = pull_request.last_merge_metadata
                     version.shadow_merge_ref = pull_request.shadow_merge_ref
                     version.merge_rev = pull_request.merge_rev
                     version.reviewer_data = pull_request.reviewer_data
                     version.revisions = pull_request.revisions
                     version.common_ancestor_id = pull_request.common_ancestor_id
                     version.pull_request = pull_request
                     Session().add(version)
                     Session().flush()
                     return version
                 def _generate_update_diffs(self, pull_request, pull_request_version):
                     diff_context = (
                         self.DIFF_CONTEXT +
                         CommentsModel.needed_extra_diff_context())
                     hide_whitespace_changes = False
                     source_repo = pull_request_version.source_repo
                     source_ref_id = pull_request_version.source_ref_parts.commit_id
                     target_ref_id = pull_request_version.target_ref_parts.commit_id
                     old_diff = self._get_diff_from_pr_or_version(
                         source_repo, source_ref_id, target_ref_id,
                         hide_whitespace_changes=hide_whitespace_changes, diff_context=diff_context)
                     source_repo = pull_request.source_repo
                     source_ref_id = pull_request.source_ref_parts.commit_id
                     target_ref_id = pull_request.target_ref_parts.commit_id
                     new_diff = self._get_diff_from_pr_or_version(
                         source_repo, source_ref_id, target_ref_id,
                         hide_whitespace_changes=hide_whitespace_changes, diff_context=diff_context)
-                    old_diff_data = diffs.DiffProcessor(old_diff)
+                    # NOTE: this was using diff_format='gitdiff'
+                    old_diff_data = diffs.DiffProcessor(old_diff, diff_format='newdiff')
                     old_diff_data.prepare()
-                    new_diff_data = diffs.DiffProcessor(new_diff)
+                    new_diff_data = diffs.DiffProcessor(new_diff, diff_format='newdiff')
                     new_diff_data.prepare()
                     return old_diff_data, new_diff_data
                 def _link_comments_to_version(self, pull_request_version):
                     """
                     Link all unlinked comments of this pull request to the given version.
                     :param pull_request_version: The `PullRequestVersion` to which
                         the comments shall be linked.
                     """
                     pull_request = pull_request_version.pull_request
                     comments = ChangesetComment.query()\
                         .filter(
                             # TODO: johbo: Should we query for the repo at all here?
                             # Pending decision on how comments of PRs are to be related
                             # to either the source repo, the target repo or no repo at all.
                             ChangesetComment.repo_id == pull_request.target_repo.repo_id,
                             ChangesetComment.pull_request == pull_request,
                             ChangesetComment.pull_request_version == None)\
                         .order_by(ChangesetComment.comment_id.asc())
                     # TODO: johbo: Find out why this breaks if it is done in a bulk
                     # operation.
                     for comment in comments:
                         comment.pull_request_version_id = (
                             pull_request_version.pull_request_version_id)
                         Session().add(comment)
                 def _calculate_commit_id_changes(self, old_ids, new_ids):
                     added = [x for x in new_ids if x not in old_ids]
                     common = [x for x in new_ids if x in old_ids]
                     removed = [x for x in old_ids if x not in new_ids]
                     total = new_ids
                     return ChangeTuple(added, common, removed, total)
                 def _calculate_file_changes(self, old_diff_data, new_diff_data):
                     old_files = OrderedDict()
                     for diff_data in old_diff_data.parsed_diff:
                         old_files[diff_data['filename']] = md5_safe(diff_data['raw_diff'])
                     added_files = []
                     modified_files = []
                     removed_files = []
                     for diff_data in new_diff_data.parsed_diff:
                         new_filename = diff_data['filename']
                         new_hash = md5_safe(diff_data['raw_diff'])
                         old_hash = old_files.get(new_filename)
                         if not old_hash:
                             # file is not present in old diff, we have to figure out from parsed diff
                             # operation ADD/REMOVE
                             operations_dict = diff_data['stats']['ops']
                             if diffs.DEL_FILENODE in operations_dict:
                                 removed_files.append(new_filename)
                             else:
                                 added_files.append(new_filename)
                         else:
                             if new_hash != old_hash:
                                 modified_files.append(new_filename)
                             # now remove a file from old, since we have seen it already
                             del old_files[new_filename]
                     # removed files is when there are present in old, but not in NEW,
                     # since we remove old files that are present in new diff, left-overs
                     # if any should be the removed files
                     removed_files.extend(old_files.keys())
                     return FileChangeTuple(added_files, modified_files, removed_files)
                 def _render_update_message(self, ancestor_commit_id, changes, file_changes):
                     """
                     render the message using DEFAULT_COMMENTS_RENDERER (RST renderer),
                     so it's always looking the same disregarding on which default
                     renderer system is using.
                     :param ancestor_commit_id: ancestor raw_id
                     :param changes: changes named tuple
                     :param file_changes: file changes named tuple
                     """
                     new_status = ChangesetStatus.get_status_lbl(
                         ChangesetStatus.STATUS_UNDER_REVIEW)
                     changed_files = (
                         file_changes.added + file_changes.modified + file_changes.removed)
                     params = {
                         'under_review_label': new_status,
                         'added_commits': changes.added,
                         'removed_commits': changes.removed,
                         'changed_files': changed_files,
                         'added_files': file_changes.added,
                         'modified_files': file_changes.modified,
                         'removed_files': file_changes.removed,
                         'ancestor_commit_id': ancestor_commit_id
                     }
                     renderer = RstTemplateRenderer()
                     return renderer.render('pull_request_update.mako', **params)
                 def edit(self, pull_request, title, description, description_renderer, user):
                     pull_request = self.__get_pull_request(pull_request)
                     old_data = pull_request.get_api_data(with_merge_state=False)
                     if pull_request.is_closed():
                         raise ValueError('This pull request is closed')
                     if title:
                         pull_request.title = title
                     pull_request.description = description
                     pull_request.updated_on = datetime.datetime.now()
                     pull_request.description_renderer = description_renderer
                     Session().add(pull_request)
                     self._log_audit_action(
                         'repo.pull_request.edit', {'old_data': old_data},
                         user, pull_request)
                 def update_reviewers(self, pull_request, reviewer_data, user):
                     """
                     Update the reviewers in the pull request
                     :param pull_request: the pr to update
                     :param reviewer_data: list of tuples
                         [(user, ['reason1', 'reason2'], mandatory_flag, role, [rules])]
                     :param user: current use who triggers this action
                     """
                     pull_request = self.__get_pull_request(pull_request)
                     if pull_request.is_closed():
                         raise ValueError('This pull request is closed')
                     reviewers = {}
                     for user_id, reasons, mandatory, role, rules in reviewer_data:
                         if isinstance(user_id, (int, str)):
                             user_id = self._get_user(user_id).user_id
                         reviewers[user_id] = {
                             'reasons': reasons, 'mandatory': mandatory, 'role': role}
                     reviewers_ids = set(reviewers.keys())
                     current_reviewers = PullRequestReviewers.get_pull_request_reviewers(
                         pull_request.pull_request_id, role=PullRequestReviewers.ROLE_REVIEWER)
                     current_reviewers_ids = set([x.user.user_id for x in current_reviewers])
                     ids_to_add = reviewers_ids.difference(current_reviewers_ids)
                     ids_to_remove = current_reviewers_ids.difference(reviewers_ids)
                     log.debug("Adding %s reviewers", ids_to_add)
                     log.debug("Removing %s reviewers", ids_to_remove)
                     changed = False
                     added_audit_reviewers = []
                     removed_audit_reviewers = []
                     for uid in ids_to_add:
                         changed = True
                         _usr = self._get_user(uid)
                         reviewer = PullRequestReviewers()
                         reviewer.user = _usr
                         reviewer.pull_request = pull_request
                         reviewer.reasons = reviewers[uid]['reasons']
                         # NOTE(marcink): mandatory shouldn't be changed now
                         # reviewer.mandatory = reviewers[uid]['reasons']
                         # NOTE(marcink): role should be hardcoded, so we won't edit it.
                         reviewer.role = PullRequestReviewers.ROLE_REVIEWER
                         Session().add(reviewer)
                         added_audit_reviewers.append(reviewer.get_dict())
                     for uid in ids_to_remove:
                         changed = True
                         # NOTE(marcink): we fetch "ALL" reviewers objects using .all().
                         # This is an edge case that handles previous state of having the same reviewer twice.
                         # this CAN happen due to the lack of DB checks
                         reviewers = PullRequestReviewers.query()\
                             .filter(PullRequestReviewers.user_id == uid,
                                     PullRequestReviewers.role == PullRequestReviewers.ROLE_REVIEWER,
                                     PullRequestReviewers.pull_request == pull_request)\
                             .all()
                         for obj in reviewers:
                             added_audit_reviewers.append(obj.get_dict())
                             Session().delete(obj)
                     if changed:
                         Session().expire_all()
                         pull_request.updated_on = datetime.datetime.now()
                         Session().add(pull_request)
                     # finally store audit logs
                     for user_data in added_audit_reviewers:
                         self._log_audit_action(
                             'repo.pull_request.reviewer.add', {'data': user_data},
                             user, pull_request)
                     for user_data in removed_audit_reviewers:
                         self._log_audit_action(
                             'repo.pull_request.reviewer.delete', {'old_data': user_data},
                             user, pull_request)
                     self.notify_reviewers(pull_request, ids_to_add, user)
                     return ids_to_add, ids_to_remove
                 def update_observers(self, pull_request, observer_data, user):
                     """
                     Update the observers in the pull request
                     :param pull_request: the pr to update
                     :param observer_data: list of tuples
                         [(user, ['reason1', 'reason2'], mandatory_flag, role, [rules])]
                     :param user: current use who triggers this action
                     """
                     pull_request = self.__get_pull_request(pull_request)
                     if pull_request.is_closed():
                         raise ValueError('This pull request is closed')
                     observers = {}
                     for user_id, reasons, mandatory, role, rules in observer_data:
                         if isinstance(user_id, (int, str)):
                             user_id = self._get_user(user_id).user_id
                         observers[user_id] = {
                             'reasons': reasons, 'observers': mandatory, 'role': role}
                     observers_ids = set(observers.keys())
                     current_observers = PullRequestReviewers.get_pull_request_reviewers(
                         pull_request.pull_request_id, role=PullRequestReviewers.ROLE_OBSERVER)
                     current_observers_ids = set([x.user.user_id for x in current_observers])
                     ids_to_add = observers_ids.difference(current_observers_ids)
                     ids_to_remove = current_observers_ids.difference(observers_ids)
                     log.debug("Adding %s observer", ids_to_add)
                     log.debug("Removing %s observer", ids_to_remove)
                     changed = False
                     added_audit_observers = []
                     removed_audit_observers = []
                     for uid in ids_to_add:
                         changed = True
                         _usr = self._get_user(uid)
                         observer = PullRequestReviewers()
                         observer.user = _usr
                         observer.pull_request = pull_request
                         observer.reasons = observers[uid]['reasons']
                         # NOTE(marcink): mandatory shouldn't be changed now
                         # observer.mandatory = observer[uid]['reasons']
                         # NOTE(marcink): role should be hardcoded, so we won't edit it.
                         observer.role = PullRequestReviewers.ROLE_OBSERVER
                         Session().add(observer)
                         added_audit_observers.append(observer.get_dict())
                     for uid in ids_to_remove:
                         changed = True
                         # NOTE(marcink): we fetch "ALL" reviewers objects using .all().
                         # This is an edge case that handles previous state of having the same reviewer twice.
                         # this CAN happen due to the lack of DB checks
                         observers = PullRequestReviewers.query()\
                             .filter(PullRequestReviewers.user_id == uid,
                                     PullRequestReviewers.role == PullRequestReviewers.ROLE_OBSERVER,
                                     PullRequestReviewers.pull_request == pull_request)\
                             .all()
                         for obj in observers:
                             added_audit_observers.append(obj.get_dict())
                             Session().delete(obj)
                     if changed:
                         Session().expire_all()
                         pull_request.updated_on = datetime.datetime.now()
                         Session().add(pull_request)
                     # finally store audit logs
                     for user_data in added_audit_observers:
                         self._log_audit_action(
                             'repo.pull_request.observer.add', {'data': user_data},
                             user, pull_request)
                     for user_data in removed_audit_observers:
                         self._log_audit_action(
                             'repo.pull_request.observer.delete', {'old_data': user_data},
                             user, pull_request)
                     self.notify_observers(pull_request, ids_to_add, user)
                     return ids_to_add, ids_to_remove
                 def get_url(self, pull_request, request=None, permalink=False):
                     if not request:
                         request = get_current_request()
                     if permalink:
                         return request.route_url(
                             'pull_requests_global',
                             pull_request_id=pull_request.pull_request_id,)
                     else:
                         return request.route_url('pullrequest_show',
                             repo_name=safe_str(pull_request.target_repo.repo_name),
                             pull_request_id=pull_request.pull_request_id,)
                 def get_shadow_clone_url(self, pull_request, request=None):
                     """
                     Returns qualified url pointing to the shadow repository. If this pull
                     request is closed there is no shadow repository and ``None`` will be
                     returned.
                     """
                     if pull_request.is_closed():
                         return None
                     else:
                         pr_url = urllib.parse.unquote(self.get_url(pull_request, request=request))
-                        return safe_unicode('{pr_url}/repository'.format(pr_url=pr_url))
+                        return safe_str('{pr_url}/repository'.format(pr_url=pr_url))
                 def _notify_reviewers(self, pull_request, user_ids, role, user):
                     # notification to reviewers/observers
                     if not user_ids:
                         return
                     log.debug('Notify following %s users about pull-request %s', role, user_ids)
                     pull_request_obj = pull_request
                     # get the current participants of this pull request
                     recipients = user_ids
                     notification_type = EmailNotificationModel.TYPE_PULL_REQUEST
                     pr_source_repo = pull_request_obj.source_repo
                     pr_target_repo = pull_request_obj.target_repo
                     pr_url = h.route_url('pullrequest_show',
                                          repo_name=pr_target_repo.repo_name,
                                          pull_request_id=pull_request_obj.pull_request_id,)
                     # set some variables for email notification
                     pr_target_repo_url = h.route_url(
                         'repo_summary', repo_name=pr_target_repo.repo_name)
                     pr_source_repo_url = h.route_url(
                         'repo_summary', repo_name=pr_source_repo.repo_name)
                     # pull request specifics
                     pull_request_commits = [
                         (x.raw_id, x.message)
                         for x in map(pr_source_repo.get_commit, pull_request.revisions)]
                     current_rhodecode_user = user
                     kwargs = {
                         'user': current_rhodecode_user,
                         'pull_request_author': pull_request.author,
                         'pull_request': pull_request_obj,
                         'pull_request_commits': pull_request_commits,
                         'pull_request_target_repo': pr_target_repo,
                         'pull_request_target_repo_url': pr_target_repo_url,
                         'pull_request_source_repo': pr_source_repo,
                         'pull_request_source_repo_url': pr_source_repo_url,
                         'pull_request_url': pr_url,
                         'thread_ids': [pr_url],
                         'user_role': role
                     }
                     # create notification objects, and emails
                     NotificationModel().create(
                         created_by=current_rhodecode_user,
                         notification_subject='',  # Filled in based on the notification_type
                         notification_body='',  # Filled in based on the notification_type
                         notification_type=notification_type,
                         recipients=recipients,
                         email_kwargs=kwargs,
                     )
                 def notify_reviewers(self, pull_request, reviewers_ids, user):
                     return self._notify_reviewers(pull_request, reviewers_ids,
                                                   PullRequestReviewers.ROLE_REVIEWER, user)
                 def notify_observers(self, pull_request, observers_ids, user):
                     return self._notify_reviewers(pull_request, observers_ids,
                                                   PullRequestReviewers.ROLE_OBSERVER, user)
                 def notify_users(self, pull_request, updating_user, ancestor_commit_id,
                                  commit_changes, file_changes):
                     updating_user_id = updating_user.user_id
                     reviewers = set([x.user.user_id for x in pull_request.get_pull_request_reviewers()])
                     # NOTE(marcink): send notification to all other users except to
                     # person who updated the PR
                     recipients = reviewers.difference(set([updating_user_id]))
                     log.debug('Notify following recipients about pull-request update %s', recipients)
                     pull_request_obj = pull_request
                     # send email about the update
                     changed_files = (
                             file_changes.added + file_changes.modified + file_changes.removed)
                     pr_source_repo = pull_request_obj.source_repo
                     pr_target_repo = pull_request_obj.target_repo
                     pr_url = h.route_url('pullrequest_show',
                                          repo_name=pr_target_repo.repo_name,
                                          pull_request_id=pull_request_obj.pull_request_id,)
                     # set some variables for email notification
                     pr_target_repo_url = h.route_url(
                         'repo_summary', repo_name=pr_target_repo.repo_name)
                     pr_source_repo_url = h.route_url(
                         'repo_summary', repo_name=pr_source_repo.repo_name)
                     email_kwargs = {
                         'date': datetime.datetime.now(),
                         'updating_user': updating_user,
                         'pull_request': pull_request_obj,
                         'pull_request_target_repo': pr_target_repo,
                         'pull_request_target_repo_url': pr_target_repo_url,
                         'pull_request_source_repo': pr_source_repo,
                         'pull_request_source_repo_url': pr_source_repo_url,
                         'pull_request_url': pr_url,
                         'ancestor_commit_id': ancestor_commit_id,
                         'added_commits': commit_changes.added,
                         'removed_commits': commit_changes.removed,
                         'changed_files': changed_files,
                         'added_files': file_changes.added,
                         'modified_files': file_changes.modified,
                         'removed_files': file_changes.removed,
                         'thread_ids': [pr_url],
                     }
                     # create notification objects, and emails
                     NotificationModel().create(
                         created_by=updating_user,
                         notification_subject='',  # Filled in based on the notification_type
                         notification_body='',  # Filled in based on the notification_type
                         notification_type=EmailNotificationModel.TYPE_PULL_REQUEST_UPDATE,
                         recipients=recipients,
                         email_kwargs=email_kwargs,
                     )
                 def delete(self, pull_request, user=None):
                     if not user:
                         user = getattr(get_current_rhodecode_user(), 'username', None)
                     pull_request = self.__get_pull_request(pull_request)
                     old_data = pull_request.get_api_data(with_merge_state=False)
                     self._cleanup_merge_workspace(pull_request)
                     self._log_audit_action(
                         'repo.pull_request.delete', {'old_data': old_data},
                         user, pull_request)
                     Session().delete(pull_request)
                 def close_pull_request(self, pull_request, user):
                     pull_request = self.__get_pull_request(pull_request)
                     self._cleanup_merge_workspace(pull_request)
                     pull_request.status = PullRequest.STATUS_CLOSED
                     pull_request.updated_on = datetime.datetime.now()
                     Session().add(pull_request)
                     self.trigger_pull_request_hook(pull_request, pull_request.author, 'close')
                     pr_data = pull_request.get_api_data(with_merge_state=False)
                     self._log_audit_action(
                         'repo.pull_request.close', {'data': pr_data}, user, pull_request)
                 def close_pull_request_with_comment(
                         self, pull_request, user, repo, message=None, auth_user=None):
                     pull_request_review_status = pull_request.calculated_review_status()
                     if pull_request_review_status == ChangesetStatus.STATUS_APPROVED:
                         # approved only if we have voting consent
                         status = ChangesetStatus.STATUS_APPROVED
                     else:
                         status = ChangesetStatus.STATUS_REJECTED
                     status_lbl = ChangesetStatus.get_status_lbl(status)
                     default_message = (
                         'Closing with status change {transition_icon} {status}.'
                     ).format(transition_icon='>', status=status_lbl)
                     text = message or default_message
                     # create a comment, and link it to new status
                     comment = CommentsModel().create(
                         text=text,
                         repo=repo.repo_id,
                         user=user.user_id,
                         pull_request=pull_request.pull_request_id,
                         status_change=status_lbl,
                         status_change_type=status,
                         closing_pr=True,
                         auth_user=auth_user,
                     )
                     # calculate old status before we change it
                     old_calculated_status = pull_request.calculated_review_status()
                     ChangesetStatusModel().set_status(
                         repo.repo_id,
                         status,
                         user.user_id,
                         comment=comment,
                         pull_request=pull_request.pull_request_id
                     )
                     Session().flush()
                     self.trigger_pull_request_hook(pull_request, user, 'comment',
                                                    data={'comment': comment})
                     # we now calculate the status of pull request again, and based on that
                     # calculation trigger status change. This might happen in cases
                     # that non-reviewer admin closes a pr, which means his vote doesn't
                     # change the status, while if he's a reviewer this might change it.
                     calculated_status = pull_request.calculated_review_status()
                     if old_calculated_status != calculated_status:
                         self.trigger_pull_request_hook(pull_request, user, 'review_status_change',
                                                        data={'status': calculated_status})
                     # finally close the PR
                     PullRequestModel().close_pull_request(pull_request.pull_request_id, user)
                     return comment, status
                 def merge_status(self, pull_request, translator=None, force_shadow_repo_refresh=False):
                     _ = translator or get_current_request().translate
                     if not self._is_merge_enabled(pull_request):
                         return None, False, _('Server-side pull request merging is disabled.')
                     if pull_request.is_closed():
                         return None, False, _('This pull request is closed.')
                     merge_possible, msg = self._check_repo_requirements(
                         target=pull_request.target_repo, source=pull_request.source_repo,
                         translator=_)
                     if not merge_possible:
                         return None, merge_possible, msg
                     try:
                         merge_response = self._try_merge(
                             pull_request, force_shadow_repo_refresh=force_shadow_repo_refresh)
                         log.debug("Merge response: %s", merge_response)
                         return merge_response, merge_response.possible, merge_response.merge_status_message
                     except NotImplementedError:
                         return None, False, _('Pull request merging is not supported.')
                 def _check_repo_requirements(self, target, source, translator):
                     """
                     Check if `target` and `source` have compatible requirements.
                     Currently this is just checking for largefiles.
                     """
                     _ = translator
                     target_has_largefiles = self._has_largefiles(target)
                     source_has_largefiles = self._has_largefiles(source)
                     merge_possible = True
                     message = u''
                     if target_has_largefiles != source_has_largefiles:
                         merge_possible = False
                         if source_has_largefiles:
                             message = _(
                                 'Target repository large files support is disabled.')
                         else:
                             message = _(
                                 'Source repository large files support is disabled.')
                     return merge_possible, message
                 def _has_largefiles(self, repo):
                     largefiles_ui = VcsSettingsModel(repo=repo).get_ui_settings(
                         'extensions', 'largefiles')
                     return largefiles_ui and largefiles_ui[0].active
                 def _try_merge(self, pull_request, force_shadow_repo_refresh=False):
                     """
                     Try to merge the pull request and return the merge status.
                     """
                     log.debug(
                         "Trying out if the pull request %s can be merged. Force_refresh=%s",
                         pull_request.pull_request_id, force_shadow_repo_refresh)
                     target_vcs = pull_request.target_repo.scm_instance()
                     # Refresh the target reference.
                     try:
                         target_ref = self._refresh_reference(
                             pull_request.target_ref_parts, target_vcs)
                     except CommitDoesNotExistError:
                         merge_state = MergeResponse(
                             False, False, None, MergeFailureReason.MISSING_TARGET_REF,
                             metadata={'target_ref': pull_request.target_ref_parts})
                         return merge_state
                     target_locked = pull_request.target_repo.locked
                     if target_locked and target_locked[0]:
                         locked_by = 'user:{}'.format(target_locked[0])
                         log.debug("The target repository is locked by %s.", locked_by)
                         merge_state = MergeResponse(
                             False, False, None, MergeFailureReason.TARGET_IS_LOCKED,
                             metadata={'locked_by': locked_by})
                     elif force_shadow_repo_refresh or self._needs_merge_state_refresh(
                             pull_request, target_ref):
                         log.debug("Refreshing the merge status of the repository.")
                         merge_state = self._refresh_merge_state(
                             pull_request, target_vcs, target_ref)
                     else:
                         possible = pull_request.last_merge_status == MergeFailureReason.NONE
                         metadata = {
                             'unresolved_files': '',
                             'target_ref': pull_request.target_ref_parts,
                             'source_ref': pull_request.source_ref_parts,
                         }
                         if pull_request.last_merge_metadata:
                             metadata.update(pull_request.last_merge_metadata_parsed)
                         if not possible and target_ref.type == 'branch':
                             # NOTE(marcink): case for mercurial multiple heads on branch
                             heads = target_vcs._heads(target_ref.name)
                             if len(heads) != 1:
                                 heads = '\n,'.join(target_vcs._heads(target_ref.name))
                                 metadata.update({
                                     'heads': heads
                                 })
                         merge_state = MergeResponse(
                             possible, False, None, pull_request.last_merge_status, metadata=metadata)
                     return merge_state
                 def _refresh_reference(self, reference, vcs_repository):
                     if reference.type in self.UPDATABLE_REF_TYPES:
                         name_or_id = reference.name
                     else:
                         name_or_id = reference.commit_id
                     refreshed_commit = vcs_repository.get_commit(name_or_id)
                     refreshed_reference = Reference(
                         reference.type, reference.name, refreshed_commit.raw_id)
                     return refreshed_reference
                 def _needs_merge_state_refresh(self, pull_request, target_reference):
                     return not(
                         pull_request.revisions and
                         pull_request.revisions[0] == pull_request._last_merge_source_rev and
                         target_reference.commit_id == pull_request._last_merge_target_rev)
                 def _refresh_merge_state(self, pull_request, target_vcs, target_reference):
                     workspace_id = self._workspace_id(pull_request)
                     source_vcs = pull_request.source_repo.scm_instance()
                     repo_id = pull_request.target_repo.repo_id
                     use_rebase = self._use_rebase_for_merging(pull_request)
                     close_branch = self._close_branch_before_merging(pull_request)
                     merge_state = target_vcs.merge(
                         repo_id, workspace_id,
                         target_reference, source_vcs, pull_request.source_ref_parts,
                         dry_run=True, use_rebase=use_rebase,
                         close_branch=close_branch)
                     # Do not store the response if there was an unknown error.
                     if merge_state.failure_reason != MergeFailureReason.UNKNOWN:
                         pull_request._last_merge_source_rev = \
                             pull_request.source_ref_parts.commit_id
                         pull_request._last_merge_target_rev = target_reference.commit_id
                         pull_request.last_merge_status = merge_state.failure_reason
                         pull_request.last_merge_metadata = merge_state.metadata
                         pull_request.shadow_merge_ref = merge_state.merge_ref
                         Session().add(pull_request)
                         Session().commit()
                     return merge_state
                 def _workspace_id(self, pull_request):
                     workspace_id = 'pr-%s' % pull_request.pull_request_id
                     return workspace_id
                 def generate_repo_data(self, repo, commit_id=None, branch=None,
                                        bookmark=None, translator=None):
                     from rhodecode.model.repo import RepoModel
                     all_refs, selected_ref = \
                         self._get_repo_pullrequest_sources(
                             repo.scm_instance(), commit_id=commit_id,
                             branch=branch, bookmark=bookmark, translator=translator)
                     refs_select2 = []
                     for element in all_refs:
                         children = [{'id': x[0], 'text': x[1]} for x in element[0]]
                         refs_select2.append({'text': element[1], 'children': children})
                     return {
                         'user': {
                             'user_id': repo.user.user_id,
                             'username': repo.user.username,
                             'firstname': repo.user.first_name,
                             'lastname': repo.user.last_name,
                             'gravatar_link': h.gravatar_url(repo.user.email, 14),
                         },
                         'name': repo.repo_name,
                         'link': RepoModel().get_url(repo),
                         'description': h.chop_at_smart(repo.description_safe, '\n'),
                         'refs': {
                             'all_refs': all_refs,
                             'selected_ref': selected_ref,
                             'select2_refs': refs_select2
                         }
                     }
                 def generate_pullrequest_title(self, source, source_ref, target):
                     return u'{source}#{at_ref} to {target}'.format(
                         source=source,
                         at_ref=source_ref,
                         target=target,
                     )
                 def _cleanup_merge_workspace(self, pull_request):
                     # Merging related cleanup
                     repo_id = pull_request.target_repo.repo_id
                     target_scm = pull_request.target_repo.scm_instance()
                     workspace_id = self._workspace_id(pull_request)
                     try:
                         target_scm.cleanup_merge_workspace(repo_id, workspace_id)
                     except NotImplementedError:
                         pass
                 def _get_repo_pullrequest_sources(
                         self, repo, commit_id=None, branch=None, bookmark=None,
                         translator=None):
                     """
                     Return a structure with repo's interesting commits, suitable for
                     the selectors in pullrequest controller
                     :param commit_id: a commit that must be in the list somehow
                         and selected by default
                     :param branch: a branch that must be in the list and selected
                         by default - even if closed
                     :param bookmark: a bookmark that must be in the list and selected
                     """
                     _ = translator or get_current_request().translate
                     commit_id = safe_str(commit_id) if commit_id else None
-                    branch = safe_unicode(branch) if branch else None
+                    branch = safe_str(branch) if branch else None
-                    bookmark = safe_unicode(bookmark) if bookmark else None
+                    bookmark = safe_str(bookmark) if bookmark else None
                     selected = None
                     # order matters: first source that has commit_id in it will be selected
                     sources = []
                     sources.append(('book', repo.bookmarks.items(), _('Bookmarks'), bookmark))
                     sources.append(('branch', repo.branches.items(), _('Branches'), branch))
                     if commit_id:
                         ref_commit = (h.short_id(commit_id), commit_id)
                         sources.append(('rev', [ref_commit], _('Commit IDs'), commit_id))
                     sources.append(
                         ('branch', repo.branches_closed.items(), _('Closed Branches'), branch),
                     )
                     groups = []
                     for group_key, ref_list, group_name, match in sources:
                         group_refs = []
                         for ref_name, ref_id in ref_list:
                             ref_key = u'{}:{}:{}'.format(group_key, ref_name, ref_id)
                             group_refs.append((ref_key, ref_name))
                             if not selected:
                                 if set([commit_id, match]) & set([ref_id, ref_name]):
                                     selected = ref_key
                         if group_refs:
                             groups.append((group_refs, group_name))
                     if not selected:
                         ref = commit_id or branch or bookmark
                         if ref:
                             raise CommitDoesNotExistError(
                                 u'No commit refs could be found matching: {}'.format(ref))
                         elif repo.DEFAULT_BRANCH_NAME in repo.branches:
                             selected = u'branch:{}:{}'.format(
-                                safe_unicode(repo.DEFAULT_BRANCH_NAME),
+                                safe_str(repo.DEFAULT_BRANCH_NAME),
-                                safe_unicode(repo.branches[repo.DEFAULT_BRANCH_NAME])
+                                safe_str(repo.branches[repo.DEFAULT_BRANCH_NAME])
                             )
                         elif repo.commit_ids:
                             # make the user select in this case
                             selected = None
                         else:
                             raise EmptyRepositoryError()
                     return groups, selected
                 def get_diff(self, source_repo, source_ref_id, target_ref_id,
                              hide_whitespace_changes, diff_context):
                     return self._get_diff_from_pr_or_version(
                         source_repo, source_ref_id, target_ref_id,
                         hide_whitespace_changes=hide_whitespace_changes, diff_context=diff_context)
                 def _get_diff_from_pr_or_version(
                         self, source_repo, source_ref_id, target_ref_id,
                         hide_whitespace_changes, diff_context):
                     target_commit = source_repo.get_commit(
                         commit_id=safe_str(target_ref_id))
                     source_commit = source_repo.get_commit(
                         commit_id=safe_str(source_ref_id), maybe_unreachable=True)
                     if isinstance(source_repo, Repository):
                         vcs_repo = source_repo.scm_instance()
                     else:
                         vcs_repo = source_repo
                     # TODO: johbo: In the context of an update, we cannot reach
                     # the old commit anymore with our normal mechanisms. It needs
                     # some sort of special support in the vcs layer to avoid this
                     # workaround.
                     if (source_commit.raw_id == vcs_repo.EMPTY_COMMIT_ID and
                             vcs_repo.alias == 'git'):
                         source_commit.raw_id = safe_str(source_ref_id)
                     log.debug('calculating diff between '
                               'source_ref:%s and target_ref:%s for repo `%s`',
                               target_ref_id, source_ref_id,
-                              safe_unicode(vcs_repo.path))
+                              safe_str(vcs_repo.path))
                     vcs_diff = vcs_repo.get_diff(
                         commit1=target_commit, commit2=source_commit,
                         ignore_whitespace=hide_whitespace_changes, context=diff_context)
                     return vcs_diff
                 def _is_merge_enabled(self, pull_request):
                     return self._get_general_setting(
                         pull_request, 'rhodecode_pr_merge_enabled')
                 def _use_rebase_for_merging(self, pull_request):
                     repo_type = pull_request.target_repo.repo_type
                     if repo_type == 'hg':
                         return self._get_general_setting(
                             pull_request, 'rhodecode_hg_use_rebase_for_merging')
                     elif repo_type == 'git':
                         return self._get_general_setting(
                             pull_request, 'rhodecode_git_use_rebase_for_merging')
                     return False
                 def _user_name_for_merging(self, pull_request, user):
                     env_user_name_attr = os.environ.get('RC_MERGE_USER_NAME_ATTR', '')
                     if env_user_name_attr and hasattr(user, env_user_name_attr):
                         user_name_attr = env_user_name_attr
                     else:
                         user_name_attr = 'short_contact'
                     user_name = getattr(user, user_name_attr)
                     return user_name
                 def _close_branch_before_merging(self, pull_request):
                     repo_type = pull_request.target_repo.repo_type
                     if repo_type == 'hg':
                         return self._get_general_setting(
                             pull_request, 'rhodecode_hg_close_branch_before_merging')
                     elif repo_type == 'git':
                         return self._get_general_setting(
                             pull_request, 'rhodecode_git_close_branch_before_merging')
                     return False
                 def _get_general_setting(self, pull_request, settings_key, default=False):
                     settings_model = VcsSettingsModel(repo=pull_request.target_repo)
                     settings = settings_model.get_general_settings()
                     return settings.get(settings_key, default)
                 def _log_audit_action(self, action, action_data, user, pull_request):
                     audit_logger.store(
                         action=action,
                         action_data=action_data,
                         user=user,
                         repo=pull_request.target_repo)
                 def get_reviewer_functions(self):
                     """
                     Fetches functions for validation and fetching default reviewers.
                     If available we use the EE package, else we fallback to CE
                     package functions
                     """
                     try:
                         from rc_reviewers.utils import get_default_reviewers_data
                         from rc_reviewers.utils import validate_default_reviewers
                         from rc_reviewers.utils import validate_observers
                     except ImportError:
                         from rhodecode.apps.repository.utils import get_default_reviewers_data
                         from rhodecode.apps.repository.utils import validate_default_reviewers
                         from rhodecode.apps.repository.utils import validate_observers
                     return get_default_reviewers_data, validate_default_reviewers, validate_observers
             class MergeCheck(object):
                 """
                 Perform Merge Checks and returns a check object which stores information
                 about merge errors, and merge conditions
                 """
                 TODO_CHECK = 'todo'
                 PERM_CHECK = 'perm'
                 REVIEW_CHECK = 'review'
                 MERGE_CHECK = 'merge'
                 WIP_CHECK = 'wip'
                 def __init__(self):
                     self.review_status = None
                     self.merge_possible = None
                     self.merge_msg = ''
                     self.merge_response = None
                     self.failed = None
                     self.errors = []
                     self.error_details = OrderedDict()
                     self.source_commit = AttributeDict()
                     self.target_commit = AttributeDict()
                     self.reviewers_count = 0
                     self.observers_count = 0
                 def __repr__(self):
                     return '<MergeCheck(possible:{}, failed:{}, errors:{})>'.format(
                         self.merge_possible, self.failed, self.errors)
                 def push_error(self, error_type, message, error_key, details):
                     self.failed = True
                     self.errors.append([error_type, message])
                     self.error_details[error_key] = dict(
                         details=details,
                         error_type=error_type,
                         message=message
                     )
                 @classmethod
                 def validate(cls, pull_request, auth_user, translator, fail_early=False,
                              force_shadow_repo_refresh=False):
                     _ = translator
                     merge_check = cls()
                     # title has WIP:
                     if pull_request.work_in_progress:
                         log.debug("MergeCheck: cannot merge, title has wip: marker.")
                         msg = _('WIP marker in title prevents from accidental merge.')
                         merge_check.push_error('error', msg, cls.WIP_CHECK, pull_request.title)
                         if fail_early:
                             return merge_check
                     # permissions to merge
                     user_allowed_to_merge = PullRequestModel().check_user_merge(pull_request, auth_user)
                     if not user_allowed_to_merge:
                         log.debug("MergeCheck: cannot merge, approval is pending.")
                         msg = _('User `{}` not allowed to perform merge.').format(auth_user.username)
                         merge_check.push_error('error', msg, cls.PERM_CHECK, auth_user.username)
                         if fail_early:
                             return merge_check
                     # permission to merge into the target branch
                     target_commit_id = pull_request.target_ref_parts.commit_id
                     if pull_request.target_ref_parts.type == 'branch':
                         branch_name = pull_request.target_ref_parts.name
                     else:
                         # for mercurial we can always figure out the branch from the commit
                         # in case of bookmark
                         target_commit = pull_request.target_repo.get_commit(target_commit_id)
                         branch_name = target_commit.branch
                     rule, branch_perm = auth_user.get_rule_and_branch_permission(
                         pull_request.target_repo.repo_name, branch_name)
                     if branch_perm and branch_perm == 'branch.none':
                         msg = _('Target branch `{}` changes rejected by rule {}.').format(
                             branch_name, rule)
                         merge_check.push_error('error', msg, cls.PERM_CHECK, auth_user.username)
                         if fail_early:
                             return merge_check
                     # review status, must be always present
                     review_status = pull_request.calculated_review_status()
                     merge_check.review_status = review_status
                     merge_check.reviewers_count = pull_request.reviewers_count
                     merge_check.observers_count = pull_request.observers_count
                     status_approved = review_status == ChangesetStatus.STATUS_APPROVED
                     if not status_approved and merge_check.reviewers_count:
                         log.debug("MergeCheck: cannot merge, approval is pending.")
                         msg = _('Pull request reviewer approval is pending.')
                         merge_check.push_error('warning', msg, cls.REVIEW_CHECK, review_status)
                         if fail_early:
                             return merge_check
                     # left over TODOs
                     todos = CommentsModel().get_pull_request_unresolved_todos(pull_request)
                     if todos:
                         log.debug("MergeCheck: cannot merge, {} "
                                   "unresolved TODOs left.".format(len(todos)))
                         if len(todos) == 1:
                             msg = _('Cannot merge, {} TODO still not resolved.').format(
                                 len(todos))
                         else:
                             msg = _('Cannot merge, {} TODOs still not resolved.').format(
                                 len(todos))
                         merge_check.push_error('warning', msg, cls.TODO_CHECK, todos)
                         if fail_early:
                             return merge_check
                     # merge possible, here is the filesystem simulation + shadow repo
                     merge_response, merge_status, msg = PullRequestModel().merge_status(
                         pull_request, translator=translator,
                         force_shadow_repo_refresh=force_shadow_repo_refresh)
                     merge_check.merge_possible = merge_status
                     merge_check.merge_msg = msg
                     merge_check.merge_response = merge_response
                     source_ref_id = pull_request.source_ref_parts.commit_id
                     target_ref_id = pull_request.target_ref_parts.commit_id
                     try:
                         source_commit, target_commit = PullRequestModel().get_flow_commits(pull_request)
                         merge_check.source_commit.changed = source_ref_id != source_commit.raw_id
                         merge_check.source_commit.ref_spec = pull_request.source_ref_parts
                         merge_check.source_commit.current_raw_id = source_commit.raw_id
                         merge_check.source_commit.previous_raw_id = source_ref_id
                         merge_check.target_commit.changed = target_ref_id != target_commit.raw_id
                         merge_check.target_commit.ref_spec = pull_request.target_ref_parts
                         merge_check.target_commit.current_raw_id = target_commit.raw_id
                         merge_check.target_commit.previous_raw_id = target_ref_id
                     except (SourceRefMissing, TargetRefMissing):
                         pass
                     if not merge_status:
                         log.debug("MergeCheck: cannot merge, pull request merge not possible.")
                         merge_check.push_error('warning', msg, cls.MERGE_CHECK, None)
                         if fail_early:
                             return merge_check
                     log.debug('MergeCheck: is failed: %s', merge_check.failed)
                     return merge_check
                 @classmethod
                 def get_merge_conditions(cls, pull_request, translator):
                     _ = translator
                     merge_details = {}
                     model = PullRequestModel()
                     use_rebase = model._use_rebase_for_merging(pull_request)
                     if use_rebase:
                         merge_details['merge_strategy'] = dict(
                             details={},
                             message=_('Merge strategy: rebase')
                         )
                     else:
                         merge_details['merge_strategy'] = dict(
                             details={},
                             message=_('Merge strategy: explicit merge commit')
                         )
                     close_branch = model._close_branch_before_merging(pull_request)
                     if close_branch:
                         repo_type = pull_request.target_repo.repo_type
                         close_msg = ''
                         if repo_type == 'hg':
                             close_msg = _('Source branch will be closed before the merge.')
                         elif repo_type == 'git':
                             close_msg = _('Source branch will be deleted after the merge.')
                         merge_details['close_branch'] = dict(
                             details={},
                             message=close_msg
                         )
                     return merge_details
-            ChangeTuple = collections.namedtuple(
+            @dataclasses.dataclass
-                'ChangeTuple', ['added', 'common', 'removed', 'total'])
+            class ChangeTuple:
+                added: list
+                common: list
+                removed: list
+                total: list
-            FileChangeTuple = collections.namedtuple(
-                'FileChangeTuple', ['added', 'modified', 'removed'])
+            @dataclasses.dataclass
+            class FileChangeTuple:
+                added: list
+                modified: list
+                removed: list

rhodecode/model/repo.py

0 +34 -31

             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import os
             import re
             import shutil
             import time
             import logging
             import traceback
             import datetime
             from pyramid.threadlocal import get_current_request
+            from sqlalchemy.orm import aliased
             from zope.cachedescriptors.property import Lazy as LazyProperty
             from rhodecode import events
             from rhodecode.lib.auth import HasUserGroupPermissionAny
             from rhodecode.lib.caching_query import FromCache
             from rhodecode.lib.exceptions import AttachedForksError, AttachedPullRequestsError
             from rhodecode.lib import hooks_base
             from rhodecode.lib.user_log_filter import user_log_filter
             from rhodecode.lib.utils import make_db_config
             from rhodecode.lib.utils2 import (
-                safe_str, safe_unicode, remove_prefix, obfuscate_url_pw,
+                safe_str, remove_prefix, obfuscate_url_pw,
                 get_current_rhodecode_user, safe_int, action_logger_generic)
             from rhodecode.lib.vcs.backends import get_backend
             from rhodecode.model import BaseModel
             from rhodecode.model.db import (
                 _hash_key, func, case, joinedload, or_, in_filter_generator,
                 Session, Repository, UserRepoToPerm, UserGroupRepoToPerm,
                 UserRepoGroupToPerm, UserGroupRepoGroupToPerm, User, Permission,
                 Statistics, UserGroup, RepoGroup, RepositoryField, UserLog)
             from rhodecode.model.permission import PermissionModel
             from rhodecode.model.settings import VcsSettingsModel
             log = logging.getLogger(__name__)
             class RepoModel(BaseModel):
                 cls = Repository
                 def _get_user_group(self, users_group):
                     return self._get_instance(UserGroup, users_group,
                                               callback=UserGroup.get_by_group_name)
                 def _get_repo_group(self, repo_group):
                     return self._get_instance(RepoGroup, repo_group,
                                               callback=RepoGroup.get_by_group_name)
                 def _create_default_perms(self, repository, private):
                     # create default permission
                     default = 'repository.read'
                     def_user = User.get_default_user()
                     for p in def_user.user_perms:
                         if p.permission.permission_name.startswith('repository.'):
                             default = p.permission.permission_name
                             break
                     default_perm = 'repository.none' if private else default
                     repo_to_perm = UserRepoToPerm()
                     repo_to_perm.permission = Permission.get_by_key(default_perm)
                     repo_to_perm.repository = repository
-                    repo_to_perm.user_id = def_user.user_id
+                    repo_to_perm.user = def_user
                     return repo_to_perm
                 @LazyProperty
                 def repos_path(self):
                     """
                     Gets the repositories root path from database
                     """
                     settings_model = VcsSettingsModel(sa=self.sa)
                     return settings_model.get_repos_location()
                 def get(self, repo_id):
                     repo = self.sa.query(Repository) \
                         .filter(Repository.repo_id == repo_id)
                     return repo.scalar()
                 def get_repo(self, repository):
                     return self._get_repo(repository)
                 def get_by_repo_name(self, repo_name, cache=False):
                     repo = self.sa.query(Repository) \
                         .filter(Repository.repo_name == repo_name)
                     if cache:
                         name_key = _hash_key(repo_name)
                         repo = repo.options(
                             FromCache("sql_cache_short", f"get_repo_{name_key}"))
                     return repo.scalar()
                 def _extract_id_from_repo_name(self, repo_name):
                     if repo_name.startswith('/'):
                         repo_name = repo_name.lstrip('/')
-                    by_id_match = re.match(r'^_(\d{1,})', repo_name)
+                    by_id_match = re.match(r'^_(\d+)', repo_name)
                     if by_id_match:
                         return by_id_match.groups()[0]
                 def get_repo_by_id(self, repo_name):
                     """
                     Extracts repo_name by id from special urls.
                     Example url is _11/repo_name
                     :param repo_name:
                     :return: repo object if matched else None
                     """
                     _repo_id = None
                     try:
                         _repo_id = self._extract_id_from_repo_name(repo_name)
                         if _repo_id:
                             return self.get(_repo_id)
                     except Exception:
                         log.exception('Failed to extract repo_name from URL')
                         if _repo_id:
                             Session().rollback()
                     return None
                 def get_repos_for_root(self, root, traverse=False):
                     if traverse:
-                        like_expression = u'{}%'.format(safe_unicode(root))
+                        like_expression = u'{}%'.format(safe_str(root))
                         repos = Repository.query().filter(
                             Repository.repo_name.like(like_expression)).all()
                     else:
                         if root and not isinstance(root, RepoGroup):
                             raise ValueError(
                                 'Root must be an instance '
                                 'of RepoGroup, got:{} instead'.format(type(root)))
                         repos = Repository.query().filter(Repository.group == root).all()
                     return repos
                 def get_url(self, repo, request=None, permalink=False):
                     if not request:
                         request = get_current_request()
                     if not request:
                         return
                     if permalink:
                         return request.route_url(
                             'repo_summary', repo_name='_{}'.format(safe_str(repo.repo_id)))
                     else:
                         return request.route_url(
                             'repo_summary', repo_name=safe_str(repo.repo_name))
                 def get_commit_url(self, repo, commit_id, request=None, permalink=False):
                     if not request:
                         request = get_current_request()
                     if not request:
                         return
                     if permalink:
                         return request.route_url(
                             'repo_commit', repo_name=safe_str(repo.repo_id),
                             commit_id=commit_id)
                     else:
                         return request.route_url(
                             'repo_commit', repo_name=safe_str(repo.repo_name),
                             commit_id=commit_id)
                 def get_repo_log(self, repo, filter_term):
                     repo_log = UserLog.query()\
                         .filter(or_(UserLog.repository_id == repo.repo_id,
                                     UserLog.repository_name == repo.repo_name))\
                         .options(joinedload(UserLog.user))\
                         .options(joinedload(UserLog.repository))\
                         .order_by(UserLog.action_date.desc())
                     repo_log = user_log_filter(repo_log, filter_term)
                     return repo_log
                 @classmethod
                 def update_commit_cache(cls, repositories=None):
                     if not repositories:
                         repositories = Repository.getAll()
                     for repo in repositories:
                         repo.update_commit_cache()
                 def get_repos_as_dict(self, repo_list=None, admin=False,
                                       super_user_actions=False, short_name=None):
                     _render = get_current_request().get_partial_renderer(
                         'rhodecode:templates/data_table/_dt_elements.mako')
                     c = _render.get_call_context()
                     h = _render.get_helpers()
                     def quick_menu(repo_name):
                         return _render('quick_menu', repo_name)
-                    def repo_lnk(name, rtype, rstate, private, archived, fork_of):
+                    def repo_lnk(name, rtype, rstate, private, archived, fork_repo_name):
                         if short_name is not None:
                             short_name_var = short_name
                         else:
                             short_name_var = not admin
-                        return _render('repo_name', name, rtype, rstate, private, archived, fork_of,
+                        return _render('repo_name', name, rtype, rstate, private, archived, fork_repo_name,
                                        short_name=short_name_var, admin=False)
                     def last_change(last_change):
                         if admin and isinstance(last_change, datetime.datetime) and not last_change.tzinfo:
                             ts = time.time()
                             utc_offset = (datetime.datetime.fromtimestamp(ts)
                                           - datetime.datetime.utcfromtimestamp(ts)).total_seconds()
                             last_change = last_change + datetime.timedelta(seconds=utc_offset)
                         return _render("last_change", last_change)
                     def rss_lnk(repo_name):
                         return _render("rss", repo_name)
                     def atom_lnk(repo_name):
                         return _render("atom", repo_name)
                     def last_rev(repo_name, cs_cache):
                         return _render('revision', repo_name, cs_cache.get('revision'),
                                        cs_cache.get('raw_id'), cs_cache.get('author'),
                                        cs_cache.get('message'), cs_cache.get('date'))
                     def desc(desc):
                         return _render('repo_desc', desc, c.visual.stylify_metatags)
                     def state(repo_state):
                         return _render("repo_state", repo_state)
                     def repo_actions(repo_name):
                         return _render('repo_actions', repo_name, super_user_actions)
                     def user_profile(username):
                         return _render('user_profile', username)
                     repos_data = []
                     for repo in repo_list:
                         # NOTE(marcink): because we use only raw column we need to load it like that
                         changeset_cache = Repository._load_changeset_cache(
                             repo.repo_id, repo._changeset_cache)
                         row = {
                             "menu": quick_menu(repo.repo_name),
                             "name": repo_lnk(repo.repo_name, repo.repo_type, repo.repo_state,
-                                             repo.private, repo.archived, repo.fork),
+                                             repo.private, repo.archived, repo.fork_repo_name),
                             "desc": desc(h.escape(repo.description)),
                             "last_change": last_change(repo.updated_on),
                             "last_changeset": last_rev(repo.repo_name, changeset_cache),
                             "last_changeset_raw": changeset_cache.get('revision'),
-                            "owner": user_profile(repo.User.username),
+                            "owner": user_profile(repo.owner_username),
                             "state": state(repo.repo_state),
                             "rss": rss_lnk(repo.repo_name),
                             "atom": atom_lnk(repo.repo_name),
                         }
                         if admin:
                             row.update({
                                 "action": repo_actions(repo.repo_name),
                             })
                         repos_data.append(row)
                     return repos_data
                 def get_repos_data_table(
                         self, draw, start, limit,
                         search_q, order_by, order_dir,
                         auth_user, repo_group_id):
                     from rhodecode.model.scm import RepoList
                     _perms = ['repository.read', 'repository.write', 'repository.admin']
                     repos = Repository.query() \
                         .filter(Repository.group_id == repo_group_id) \
                         .all()
                     auth_repo_list = RepoList(
                         repos, perm_set=_perms,
                         extra_kwargs=dict(user=auth_user))
                     allowed_ids = [-1]
                     for repo in auth_repo_list:
                         allowed_ids.append(repo.repo_id)
                     repos_data_total_count = Repository.query() \
                         .filter(Repository.group_id == repo_group_id) \
                         .filter(or_(
                             # generate multiple IN to fix limitation problems
                             *in_filter_generator(Repository.repo_id, allowed_ids))
                         ) \
                         .count()
+                    RepoFork = aliased(Repository)
+                    OwnerUser = aliased(User)
                     base_q = Session.query(
                         Repository.repo_id,
                         Repository.repo_name,
                         Repository.description,
                         Repository.repo_type,
                         Repository.repo_state,
                         Repository.private,
                         Repository.archived,
-                        Repository.fork,
                         Repository.updated_on,
                         Repository._changeset_cache,
-                        User,
+                        RepoFork.repo_name.label('fork_repo_name'),
+                        OwnerUser.username.label('owner_username'),
                         ) \
                         .filter(Repository.group_id == repo_group_id) \
                         .filter(or_(
                             # generate multiple IN to fix limitation problems
                             *in_filter_generator(Repository.repo_id, allowed_ids))
                         ) \
-                        .join(User, User.user_id == Repository.user_id) \
+                        .outerjoin(RepoFork, Repository.fork_id == RepoFork.repo_id) \
-                        .group_by(Repository, User)
+                        .join(OwnerUser, Repository.user_id == OwnerUser.user_id)
                     repos_data_total_filtered_count = base_q.count()
                     sort_defined = False
                     if order_by == 'repo_name':
                         sort_col = func.lower(Repository.repo_name)
                         sort_defined = True
                     elif order_by == 'user_username':
                         sort_col = User.username
                     else:
                         sort_col = getattr(Repository, order_by, None)
                     if sort_defined or sort_col:
                         if order_dir == 'asc':
                             sort_col = sort_col.asc()
                         else:
                             sort_col = sort_col.desc()
                     base_q = base_q.order_by(sort_col)
                     base_q = base_q.offset(start).limit(limit)
                     repos_list = base_q.all()
                     repos_data = RepoModel().get_repos_as_dict(
                         repo_list=repos_list, admin=False)
                     data = ({
                         'draw': draw,
                         'data': repos_data,
                         'recordsTotal': repos_data_total_count,
                         'recordsFiltered': repos_data_total_filtered_count,
                     })
                     return data
                 def _get_defaults(self, repo_name):
                     """
                     Gets information about repository, and returns a dict for
                     usage in forms
                     :param repo_name:
                     """
                     repo_info = Repository.get_by_repo_name(repo_name)
                     if repo_info is None:
                         return None
                     defaults = repo_info.get_dict()
                     defaults['repo_name'] = repo_info.just_name
                     groups = repo_info.groups_with_parents
                     parent_group = groups[-1] if groups else None
                     # we use -1 as this is how in HTML, we mark an empty group
                     defaults['repo_group'] = getattr(parent_group, 'group_id', -1)
                     keys_to_process = (
                         {'k': 'repo_type', 'strip': False},
                         {'k': 'repo_enable_downloads', 'strip': True},
                         {'k': 'repo_description', 'strip': True},
                         {'k': 'repo_enable_locking', 'strip': True},
                         {'k': 'repo_landing_rev', 'strip': True},
                         {'k': 'clone_uri', 'strip': False},
                         {'k': 'push_uri', 'strip': False},
                         {'k': 'repo_private', 'strip': True},
                         {'k': 'repo_enable_statistics', 'strip': True}
                     )
                     for item in keys_to_process:
                         attr = item['k']
                         if item['strip']:
                             attr = remove_prefix(item['k'], 'repo_')
                         val = defaults[attr]
                         if item['k'] == 'repo_landing_rev':
                             val = ':'.join(defaults[attr])
                         defaults[item['k']] = val
                         if item['k'] == 'clone_uri':
                             defaults['clone_uri_hidden'] = repo_info.clone_uri_hidden
                         if item['k'] == 'push_uri':
                             defaults['push_uri_hidden'] = repo_info.push_uri_hidden
                     # fill owner
                     if repo_info.user:
                         defaults.update({'user': repo_info.user.username})
                     else:
                         replacement_user = User.get_first_super_admin().username
                         defaults.update({'user': replacement_user})
                     return defaults
                 def update(self, repo, **kwargs):
                     try:
                         cur_repo = self._get_repo(repo)
                         source_repo_name = cur_repo.repo_name
                         affected_user_ids = []
                         if 'user' in kwargs:
                             old_owner_id = cur_repo.user.user_id
                             new_owner = User.get_by_username(kwargs['user'])
                             cur_repo.user = new_owner
                             if old_owner_id != new_owner.user_id:
                                 affected_user_ids = [new_owner.user_id, old_owner_id]
                         if 'repo_group' in kwargs:
                             cur_repo.group = RepoGroup.get(kwargs['repo_group'])
                         log.debug('Updating repo %s with params:%s', cur_repo, kwargs)
                         update_keys = [
                             (1, 'repo_description'),
                             (1, 'repo_landing_rev'),
                             (1, 'repo_private'),
                             (1, 'repo_enable_downloads'),
                             (1, 'repo_enable_locking'),
                             (1, 'repo_enable_statistics'),
                             (0, 'clone_uri'),
                             (0, 'push_uri'),
                             (0, 'fork_id')
                         ]
                         for strip, k in update_keys:
                             if k in kwargs:
                                 val = kwargs[k]
                                 if strip:
                                     k = remove_prefix(k, 'repo_')
                                 setattr(cur_repo, k, val)
                         new_name = cur_repo.get_new_name(kwargs['repo_name'])
                         cur_repo.repo_name = new_name
                         # if private flag is set, reset default permission to NONE
                         if kwargs.get('repo_private'):
                             EMPTY_PERM = 'repository.none'
                             RepoModel().grant_user_permission(
                                 repo=cur_repo, user=User.DEFAULT_USER, perm=EMPTY_PERM
                             )
                         if kwargs.get('repo_landing_rev'):
                             landing_rev_val = kwargs['repo_landing_rev']
                             RepoModel().set_landing_rev(cur_repo, landing_rev_val)
                         # handle extra fields
                         for field in filter(lambda k: k.startswith(RepositoryField.PREFIX), kwargs):
                             k = RepositoryField.un_prefix_key(field)
                             ex_field = RepositoryField.get_by_key_name(
                                 key=k, repo=cur_repo)
                             if ex_field:
                                 ex_field.field_value = kwargs[field]
                                 self.sa.add(ex_field)
                         self.sa.add(cur_repo)
                         if source_repo_name != new_name:
                             # rename repository
                             self._rename_filesystem_repo(
                                 old=source_repo_name, new=new_name)
                         if affected_user_ids:
                             PermissionModel().trigger_permission_flush(affected_user_ids)
                         return cur_repo
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def _create_repo(self, repo_name, repo_type, description, owner,
                                  private=False, clone_uri=None, repo_group=None,
                                  landing_rev=None, fork_of=None,
                                  copy_fork_permissions=False, enable_statistics=False,
                                  enable_locking=False, enable_downloads=False,
                                  copy_group_permissions=False,
                                  state=Repository.STATE_PENDING):
                     """
                     Create repository inside database with PENDING state, this should be
                     only executed by create() repo. With exception of importing existing
                     repos
                     """
                     from rhodecode.model.scm import ScmModel
                     owner = self._get_user(owner)
                     fork_of = self._get_repo(fork_of)
                     repo_group = self._get_repo_group(safe_int(repo_group))
                     default_landing_ref, _lbl = ScmModel.backend_landing_ref(repo_type)
                     landing_rev = landing_rev or default_landing_ref
                     try:
-                        repo_name = safe_unicode(repo_name)
+                        repo_name = safe_str(repo_name)
-                        description = safe_unicode(description)
+                        description = safe_str(description)
                         # repo name is just a name of repository
                         # while repo_name_full is a full qualified name that is combined
                         # with name and path of group
                         repo_name_full = repo_name
                         repo_name = repo_name.split(Repository.NAME_SEP)[-1]
                         new_repo = Repository()
                         new_repo.repo_state = state
                         new_repo.enable_statistics = False
                         new_repo.repo_name = repo_name_full
                         new_repo.repo_type = repo_type
                         new_repo.user = owner
                         new_repo.group = repo_group
                         new_repo.description = description or repo_name
                         new_repo.private = private
                         new_repo.archived = False
                         new_repo.clone_uri = clone_uri
                         new_repo.landing_rev = landing_rev
                         new_repo.enable_statistics = enable_statistics
                         new_repo.enable_locking = enable_locking
                         new_repo.enable_downloads = enable_downloads
                         if repo_group:
                             new_repo.enable_locking = repo_group.enable_locking
                         if fork_of:
                             parent_repo = fork_of
                             new_repo.fork = parent_repo
                         events.trigger(events.RepoPreCreateEvent(new_repo))
                         self.sa.add(new_repo)
                         EMPTY_PERM = 'repository.none'
                         if fork_of and copy_fork_permissions:
                             repo = fork_of
                             user_perms = UserRepoToPerm.query() \
                                 .filter(UserRepoToPerm.repository == repo).all()
                             group_perms = UserGroupRepoToPerm.query() \
                                 .filter(UserGroupRepoToPerm.repository == repo).all()
                             for perm in user_perms:
                                 UserRepoToPerm.create(
                                     perm.user, new_repo, perm.permission)
                             for perm in group_perms:
                                 UserGroupRepoToPerm.create(
                                     perm.users_group, new_repo, perm.permission)
                             # in case we copy permissions and also set this repo to private
                             # override the default user permission to make it a private repo
                             if private:
                                 RepoModel(self.sa).grant_user_permission(
                                     repo=new_repo, user=User.DEFAULT_USER, perm=EMPTY_PERM)
                         elif repo_group and copy_group_permissions:
                             user_perms = UserRepoGroupToPerm.query() \
                                 .filter(UserRepoGroupToPerm.group == repo_group).all()
                             group_perms = UserGroupRepoGroupToPerm.query() \
                                 .filter(UserGroupRepoGroupToPerm.group == repo_group).all()
                             for perm in user_perms:
                                 perm_name = perm.permission.permission_name.replace(
                                     'group.', 'repository.')
                                 perm_obj = Permission.get_by_key(perm_name)
                                 UserRepoToPerm.create(perm.user, new_repo, perm_obj)
                             for perm in group_perms:
                                 perm_name = perm.permission.permission_name.replace(
                                     'group.', 'repository.')
                                 perm_obj = Permission.get_by_key(perm_name)
                                 UserGroupRepoToPerm.create(perm.users_group, new_repo, perm_obj)
                             if private:
                                 RepoModel(self.sa).grant_user_permission(
                                     repo=new_repo, user=User.DEFAULT_USER, perm=EMPTY_PERM)
                         else:
                             perm_obj = self._create_default_perms(new_repo, private)
                             self.sa.add(perm_obj)
                         # now automatically start following this repository as owner
                         ScmModel(self.sa).toggle_following_repo(new_repo.repo_id, owner.user_id)
                         # we need to flush here, in order to check if database won't
                         # throw any exceptions, create filesystem dirs at the very end
                         self.sa.flush()
                         events.trigger(events.RepoCreateEvent(new_repo))
                         return new_repo
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def create(self, form_data, cur_user):
                     """
                     Create repository using celery tasks
                     :param form_data:
                     :param cur_user:
                     """
                     from rhodecode.lib.celerylib import tasks, run_task
                     return run_task(tasks.create_repo, form_data, cur_user)
                 def update_permissions(self, repo, perm_additions=None, perm_updates=None,
                                        perm_deletions=None, check_perms=True,
                                        cur_user=None):
                     if not perm_additions:
                         perm_additions = []
                     if not perm_updates:
                         perm_updates = []
                     if not perm_deletions:
                         perm_deletions = []
                     req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')
                     changes = {
                         'added': [],
                         'updated': [],
                         'deleted': [],
                         'default_user_changed': None
                     }
                     repo = self._get_repo(repo)
                     # update permissions
                     for member_id, perm, member_type in perm_updates:
                         member_id = int(member_id)
                         if member_type == 'user':
                             member_name = User.get(member_id).username
                             if member_name == User.DEFAULT_USER:
                                 # NOTE(dan): detect if we changed permissions for default user
                                 perm_obj = self.sa.query(UserRepoToPerm) \
                                     .filter(UserRepoToPerm.user_id == member_id) \
                                     .filter(UserRepoToPerm.repository == repo) \
                                     .scalar()
                                 if perm_obj and perm_obj.permission.permission_name != perm:
                                     changes['default_user_changed'] = True
                             # this updates also current one if found
                             self.grant_user_permission(
                                 repo=repo, user=member_id, perm=perm)
                         elif member_type == 'user_group':
                             # check if we have permissions to alter this usergroup
                             member_name = UserGroup.get(member_id).users_group_name
                             if not check_perms or HasUserGroupPermissionAny(
                                     *req_perms)(member_name, user=cur_user):
                                 self.grant_user_group_permission(
                                     repo=repo, group_name=member_id, perm=perm)
                         else:
                             raise ValueError("member_type must be 'user' or 'user_group' "
                                              "got {} instead".format(member_type))
                         changes['updated'].append({'type': member_type, 'id': member_id,
                                                    'name': member_name, 'new_perm': perm})
                     # set new permissions
                     for member_id, perm, member_type in perm_additions:
                         member_id = int(member_id)
                         if member_type == 'user':
                             member_name = User.get(member_id).username
                             self.grant_user_permission(
                                 repo=repo, user=member_id, perm=perm)
                         elif member_type == 'user_group':
                             # check if we have permissions to alter this usergroup
                             member_name = UserGroup.get(member_id).users_group_name
                             if not check_perms or HasUserGroupPermissionAny(
                                     *req_perms)(member_name, user=cur_user):
                                 self.grant_user_group_permission(
                                     repo=repo, group_name=member_id, perm=perm)
                         else:
                             raise ValueError("member_type must be 'user' or 'user_group' "
                                              "got {} instead".format(member_type))
                         changes['added'].append({'type': member_type, 'id': member_id,
                                                  'name': member_name, 'new_perm': perm})
                     # delete permissions
                     for member_id, perm, member_type in perm_deletions:
                         member_id = int(member_id)
                         if member_type == 'user':
                             member_name = User.get(member_id).username
                             self.revoke_user_permission(repo=repo, user=member_id)
                         elif member_type == 'user_group':
                             # check if we have permissions to alter this usergroup
                             member_name = UserGroup.get(member_id).users_group_name
                             if not check_perms or HasUserGroupPermissionAny(
                                     *req_perms)(member_name, user=cur_user):
                                 self.revoke_user_group_permission(
                                     repo=repo, group_name=member_id)
                         else:
                             raise ValueError("member_type must be 'user' or 'user_group' "
                                              "got {} instead".format(member_type))
                         changes['deleted'].append({'type': member_type, 'id': member_id,
                                                    'name': member_name, 'new_perm': perm})
                     return changes
                 def create_fork(self, form_data, cur_user):
                     """
                     Simple wrapper into executing celery task for fork creation
                     :param form_data:
                     :param cur_user:
                     """
                     from rhodecode.lib.celerylib import tasks, run_task
                     return run_task(tasks.create_repo_fork, form_data, cur_user)
                 def archive(self, repo):
                     """
                     Archive given repository. Set archive flag.
                     :param repo:
                     """
                     repo = self._get_repo(repo)
                     if repo:
                         try:
                             repo.archived = True
                             self.sa.add(repo)
                             self.sa.commit()
                         except Exception:
                             log.error(traceback.format_exc())
                             raise
                 def delete(self, repo, forks=None, pull_requests=None, fs_remove=True, cur_user=None):
                     """
                     Delete given repository, forks parameter defines what do do with
                     attached forks. Throws AttachedForksError if deleted repo has attached
                     forks
                     :param repo:
                     :param forks: str 'delete' or 'detach'
                     :param pull_requests: str 'delete' or None
                     :param fs_remove: remove(archive) repo from filesystem
                     """
                     if not cur_user:
                         cur_user = getattr(get_current_rhodecode_user(), 'username', None)
                     repo = self._get_repo(repo)
                     if repo:
                         if forks == 'detach':
                             for r in repo.forks:
                                 r.fork = None
                                 self.sa.add(r)
                         elif forks == 'delete':
                             for r in repo.forks:
                                 self.delete(r, forks='delete')
                         elif [f for f in repo.forks]:
                             raise AttachedForksError()
                         # check for pull requests
                         pr_sources = repo.pull_requests_source
                         pr_targets = repo.pull_requests_target
                         if pull_requests != 'delete' and (pr_sources or pr_targets):
                             raise AttachedPullRequestsError()
                         old_repo_dict = repo.get_dict()
                         events.trigger(events.RepoPreDeleteEvent(repo))
                         try:
                             self.sa.delete(repo)
                             if fs_remove:
                                 self._delete_filesystem_repo(repo)
                             else:
                                 log.debug('skipping removal from filesystem')
                             old_repo_dict.update({
                                 'deleted_by': cur_user,
                                 'deleted_on': time.time(),
                             })
                             hooks_base.delete_repository(**old_repo_dict)
                             events.trigger(events.RepoDeleteEvent(repo))
                         except Exception:
                             log.error(traceback.format_exc())
                             raise
                 def grant_user_permission(self, repo, user, perm):
                     """
                     Grant permission for user on given repository, or update existing one
                     if found
                     :param repo: Instance of Repository, repository_id, or repository name
                     :param user: Instance of User, user_id or username
                     :param perm: Instance of Permission, or permission_name
                     """
                     user = self._get_user(user)
                     repo = self._get_repo(repo)
                     permission = self._get_perm(perm)
                     # check if we have that permission already
                     obj = self.sa.query(UserRepoToPerm) \
                         .filter(UserRepoToPerm.user == user) \
                         .filter(UserRepoToPerm.repository == repo) \
                         .scalar()
                     if obj is None:
                         # create new !
                         obj = UserRepoToPerm()
                     obj.repository = repo
                     obj.user = user
                     obj.permission = permission
                     self.sa.add(obj)
                     log.debug('Granted perm %s to %s on %s', perm, user, repo)
                     action_logger_generic(
                         'granted permission: {} to user: {} on repo: {}'.format(
                             perm, user, repo), namespace='security.repo')
                     return obj
                 def revoke_user_permission(self, repo, user):
                     """
                     Revoke permission for user on given repository
                     :param repo: Instance of Repository, repository_id, or repository name
                     :param user: Instance of User, user_id or username
                     """
                     user = self._get_user(user)
                     repo = self._get_repo(repo)
                     obj = self.sa.query(UserRepoToPerm) \
                         .filter(UserRepoToPerm.repository == repo) \
                         .filter(UserRepoToPerm.user == user) \
                         .scalar()
                     if obj:
                         self.sa.delete(obj)
                         log.debug('Revoked perm on %s on %s', repo, user)
                         action_logger_generic(
                             'revoked permission from user: {} on repo: {}'.format(
                                 user, repo), namespace='security.repo')
                 def grant_user_group_permission(self, repo, group_name, perm):
                     """
                     Grant permission for user group on given repository, or update
                     existing one if found
                     :param repo: Instance of Repository, repository_id, or repository name
                     :param group_name: Instance of UserGroup, users_group_id,
                         or user group name
                     :param perm: Instance of Permission, or permission_name
                     """
                     repo = self._get_repo(repo)
                     group_name = self._get_user_group(group_name)
                     permission = self._get_perm(perm)
                     # check if we have that permission already
                     obj = self.sa.query(UserGroupRepoToPerm) \
                         .filter(UserGroupRepoToPerm.users_group == group_name) \
                         .filter(UserGroupRepoToPerm.repository == repo) \
                         .scalar()
                     if obj is None:
                         # create new
                         obj = UserGroupRepoToPerm()
                     obj.repository = repo
                     obj.users_group = group_name
                     obj.permission = permission
                     self.sa.add(obj)
                     log.debug('Granted perm %s to %s on %s', perm, group_name, repo)
                     action_logger_generic(
                         'granted permission: {} to usergroup: {} on repo: {}'.format(
                             perm, group_name, repo), namespace='security.repo')
                     return obj
                 def revoke_user_group_permission(self, repo, group_name):
                     """
                     Revoke permission for user group on given repository
                     :param repo: Instance of Repository, repository_id, or repository name
                     :param group_name: Instance of UserGroup, users_group_id,
                         or user group name
                     """
                     repo = self._get_repo(repo)
                     group_name = self._get_user_group(group_name)
                     obj = self.sa.query(UserGroupRepoToPerm) \
                         .filter(UserGroupRepoToPerm.repository == repo) \
                         .filter(UserGroupRepoToPerm.users_group == group_name) \
                         .scalar()
                     if obj:
                         self.sa.delete(obj)
                         log.debug('Revoked perm to %s on %s', repo, group_name)
                         action_logger_generic(
                             'revoked permission from usergroup: {} on repo: {}'.format(
                                 group_name, repo), namespace='security.repo')
                 def delete_stats(self, repo_name):
                     """
                     removes stats for given repo
                     :param repo_name:
                     """
                     repo = self._get_repo(repo_name)
                     try:
                         obj = self.sa.query(Statistics) \
                             .filter(Statistics.repository == repo).scalar()
                         if obj:
                             self.sa.delete(obj)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def add_repo_field(self, repo_name, field_key, field_label, field_value='',
                                    field_type='str', field_desc=''):
                     repo = self._get_repo(repo_name)
                     new_field = RepositoryField()
                     new_field.repository = repo
                     new_field.field_key = field_key
                     new_field.field_type = field_type  # python type
                     new_field.field_value = field_value
                     new_field.field_desc = field_desc
                     new_field.field_label = field_label
                     self.sa.add(new_field)
                     return new_field
                 def delete_repo_field(self, repo_name, field_key):
                     repo = self._get_repo(repo_name)
                     field = RepositoryField.get_by_key_name(field_key, repo)
                     if field:
                         self.sa.delete(field)
                 def set_landing_rev(self, repo, landing_rev_name):
                     if landing_rev_name.startswith('branch:'):
                         landing_rev_name = landing_rev_name.split('branch:')[-1]
                     scm_instance = repo.scm_instance()
                     if scm_instance:
                         return scm_instance._remote.set_head_ref(landing_rev_name)
                 def _create_filesystem_repo(self, repo_name, repo_type, repo_group,
                                             clone_uri=None, repo_store_location=None,
                                             use_global_config=False, install_hooks=True):
                     """
                     makes repository on filesystem. It's group aware means it'll create
                     a repository within a group, and alter the paths accordingly of
                     group location
                     :param repo_name:
                     :param alias:
                     :param parent:
                     :param clone_uri:
                     :param repo_store_location:
                     """
                     from rhodecode.lib.utils import is_valid_repo, is_valid_repo_group
                     from rhodecode.model.scm import ScmModel
                     if Repository.NAME_SEP in repo_name:
                         raise ValueError(
                             'repo_name must not contain groups got `%s`' % repo_name)
                     if isinstance(repo_group, RepoGroup):
                         new_parent_path = os.sep.join(repo_group.full_path_splitted)
                     else:
                         new_parent_path = repo_group or ''
                     if repo_store_location:
                         _paths = [repo_store_location]
                     else:
                         _paths = [self.repos_path, new_parent_path, repo_name]
                         # we need to make it str for mercurial
                     repo_path = os.path.join(*map(lambda x: safe_str(x), _paths))
                     # check if this path is not a repository
                     if is_valid_repo(repo_path, self.repos_path):
-                        raise Exception('This path %s is a valid repository' % repo_path)
+                        raise Exception(f'This path {repo_path} is a valid repository')
                     # check if this path is a group
                     if is_valid_repo_group(repo_path, self.repos_path):
-                        raise Exception('This path %s is a valid group' % repo_path)
+                        raise Exception(f'This path {repo_path} is a valid group')
                     log.info('creating repo %s in %s from url: `%s`',
-                             repo_name, safe_unicode(repo_path),
+                             repo_name, safe_str(repo_path),
                              obfuscate_url_pw(clone_uri))
                     backend = get_backend(repo_type)
                     config_repo = None if use_global_config else repo_name
                     if config_repo and new_parent_path:
                         config_repo = Repository.NAME_SEP.join(
                             (new_parent_path, config_repo))
                     config = make_db_config(clear_session=False, repo=config_repo)
                     config.set('extensions', 'largefiles', '')
                     # patch and reset hooks section of UI config to not run any
                     # hooks on creating remote repo
                     config.clear_section('hooks')
                     # TODO: johbo: Unify this, hardcoded "bare=True" does not look nice
                     if repo_type == 'git':
                         repo = backend(
                             repo_path, config=config, create=True, src_url=clone_uri, bare=True,
                             with_wire={"cache": False})
                     else:
                         repo = backend(
                             repo_path, config=config, create=True, src_url=clone_uri,
                             with_wire={"cache": False})
                     if install_hooks:
                         repo.install_hooks()
                     log.debug('Created repo %s with %s backend',
-                              safe_unicode(repo_name), safe_unicode(repo_type))
+                              safe_str(repo_name), safe_str(repo_type))
                     return repo
                 def _rename_filesystem_repo(self, old, new):
                     """
                     renames repository on filesystem
                     :param old: old name
                     :param new: new name
                     """
                     log.info('renaming repo from %s to %s', old, new)
                     old_path = os.path.join(self.repos_path, old)
                     new_path = os.path.join(self.repos_path, new)
                     if os.path.isdir(new_path):
                         raise Exception(
                             'Was trying to rename to already existing dir %s' % new_path
                         )
                     shutil.move(old_path, new_path)
                 def _delete_filesystem_repo(self, repo):
                     """
-                    removes repo from filesystem, the removal is acctually made by
+                    removes repo from filesystem, the removal is actually made by
-                    added rm__ prefix into dir, and rename internat .hg/.git dirs so this
+                    added rm__ prefix into dir, and rename internal .hg/.git dirs so this
                     repository is no longer valid for rhodecode, can be undeleted later on
                     by reverting the renames on this repository
                     :param repo: repo object
                     """
                     rm_path = os.path.join(self.repos_path, repo.repo_name)
                     repo_group = repo.group
-                    log.info("Removing repository %s", rm_path)
+                    log.info("delete_filesystem_repo: removing repository %s", rm_path)
                     # disable hg/git internal that it doesn't get detected as repo
                     alias = repo.repo_type
                     config = make_db_config(clear_session=False)
                     config.set('extensions', 'largefiles', '')
                     bare = getattr(repo.scm_instance(config=config), 'bare', False)
                     # skip this for bare git repos
                     if not bare:
                         # disable VCS repo
                         vcs_path = os.path.join(rm_path, '.%s' % alias)
                         if os.path.exists(vcs_path):
                             shutil.move(vcs_path, os.path.join(rm_path, 'rm__.%s' % alias))
                     _now = datetime.datetime.now()
                     _ms = str(_now.microsecond).rjust(6, '0')
                     _d = 'rm__%s__%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms),
                                          repo.just_name)
                     if repo_group:
                         # if repository is in group, prefix the removal path with the group
                         args = repo_group.full_path_splitted + [_d]
                         _d = os.path.join(*args)
                     if os.path.isdir(rm_path):
                         shutil.move(rm_path, os.path.join(self.repos_path, _d))
                     # finally cleanup diff-cache if it exists
                     cached_diffs_dir = repo.cached_diffs_dir
                     if os.path.isdir(cached_diffs_dir):
                         shutil.rmtree(cached_diffs_dir)
             class ReadmeFinder:
                 """
                 Utility which knows how to find a readme for a specific commit.
                 The main idea is that this is a configurable algorithm. When creating an
                 instance you can define parameters, currently only the `default_renderer`.
                 Based on this configuration the method :meth:`search` behaves slightly
                 different.
                 """
                 readme_re = re.compile(r'^readme(\.[^\.]+)?$', re.IGNORECASE)
                 path_re = re.compile(r'^docs?', re.IGNORECASE)
                 default_priorities = {
-                    None: 0,
+                    None:        0,
-                    '.text': 2,
+                    '.rst':      1,
-                    '.txt': 3,
+                    '.md':       1,
-                    '.rst': 1,
+                    '.rest':     2,
-                    '.rest': 2,
+                    '.mkdn':     2,
-                    '.md': 1,
+                    '.text':     2,
-                    '.mkdn': 2,
+                    '.txt':      3,
-                    '.mdown': 3,
+                    '.mdown':    3,
                     '.markdown': 4,
                 }
                 path_priority = {
-                    'doc': 0,
+                    'doc':  0,
                     'docs': 1,
                 }
                 FALLBACK_PRIORITY = 99
                 RENDERER_TO_EXTENSION = {
                     'rst': ['.rst', '.rest'],
                     'markdown': ['.md', 'mkdn', '.mdown', '.markdown'],
                 }
                 def __init__(self, default_renderer=None):
                     self._default_renderer = default_renderer
                     self._renderer_extensions = self.RENDERER_TO_EXTENSION.get(
                         default_renderer, [])
-                def search(self, commit, path=u'/'):
+                def search(self, commit, path='/'):
                     """
                     Find a readme in the given `commit`.
                     """
                     nodes = commit.get_nodes(path)
                     matches = self._match_readmes(nodes)
                     matches = self._sort_according_to_priority(matches)
                     if matches:
                         return matches[0].node
                     paths = self._match_paths(nodes)
                     paths = self._sort_paths_according_to_priority(paths)
                     for path in paths:
                         match = self.search(commit, path=path)
                         if match:
                             return match
                     return None
                 def _match_readmes(self, nodes):
                     for node in nodes:
                         if not node.is_file():
                             continue
                         path = node.path.rsplit('/', 1)[-1]
                         match = self.readme_re.match(path)
                         if match:
                             extension = match.group(1)
                             yield ReadmeMatch(node, match, self._priority(extension))
                 def _match_paths(self, nodes):
                     for node in nodes:
                         if not node.is_dir():
                             continue
                         match = self.path_re.match(node.path)
                         if match:
                             yield node.path
                 def _priority(self, extension):
                     renderer_priority = (
 if extension in self._renderer_extensions else 1)
                     extension_priority = self.default_priorities.get(
                         extension, self.FALLBACK_PRIORITY)
                     return (renderer_priority, extension_priority)
                 def _sort_according_to_priority(self, matches):
                     def priority_and_path(match):
                         return (match.priority, match.path)
                     return sorted(matches, key=priority_and_path)
                 def _sort_paths_according_to_priority(self, paths):
                     def priority_and_path(path):
                         return (self.path_priority.get(path, self.FALLBACK_PRIORITY), path)
                     return sorted(paths, key=priority_and_path)
             class ReadmeMatch:
                 def __init__(self, node, match, priority):
                     self.node = node
                     self._match = match
                     self.priority = priority
                 @property
                 def path(self):
                     return self.node.path
                 def __repr__(self):
                     return '<ReadmeMatch {} priority={}'.format(self.path, self.priority)

rhodecode/model/repo_group.py

0 +4 -4

             # Copyright (C) 2011-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             repo group model for RhodeCode
             """
             import os
             import datetime
             import itertools
             import logging
             import shutil
             import time
             import traceback
             import string
             from zope.cachedescriptors.property import Lazy as LazyProperty
             from rhodecode import events
             from rhodecode.model import BaseModel
             from rhodecode.model.db import (_hash_key, func, or_, in_filter_generator,
                 Session, RepoGroup, UserRepoGroupToPerm, User, Permission, UserGroupRepoGroupToPerm,
                 UserGroup, Repository)
             from rhodecode.model.permission import PermissionModel
             from rhodecode.model.settings import VcsSettingsModel, SettingsModel
             from rhodecode.lib.caching_query import FromCache
             from rhodecode.lib.utils2 import action_logger_generic
             log = logging.getLogger(__name__)
             class RepoGroupModel(BaseModel):
                 cls = RepoGroup
                 PERSONAL_GROUP_DESC = 'personal repo group of user `%(username)s`'
                 PERSONAL_GROUP_PATTERN = '${username}'  # default
                 def _get_user_group(self, users_group):
                     return self._get_instance(UserGroup, users_group,
                                               callback=UserGroup.get_by_group_name)
                 def _get_repo_group(self, repo_group):
                     return self._get_instance(RepoGroup, repo_group,
                                               callback=RepoGroup.get_by_group_name)
                 def get_repo_group(self, repo_group):
                     return self._get_repo_group(repo_group)
                 @LazyProperty
                 def repos_path(self):
                     """
                     Gets the repositories root path from database
                     """
                     settings_model = VcsSettingsModel(sa=self.sa)
                     return settings_model.get_repos_location()
                 def get_by_group_name(self, repo_group_name, cache=None):
                     repo = self.sa.query(RepoGroup) \
                         .filter(RepoGroup.group_name == repo_group_name)
                     if cache:
                         name_key = _hash_key(repo_group_name)
                         repo = repo.options(
                             FromCache("sql_cache_short", f"get_repo_group_{name_key}"))
                     return repo.scalar()
                 def get_default_create_personal_repo_group(self):
                     value = SettingsModel().get_setting_by_name(
                         'create_personal_repo_group')
                     return value.app_settings_value if value else None or False
                 def get_personal_group_name_pattern(self):
                     value = SettingsModel().get_setting_by_name(
                         'personal_repo_group_pattern')
                     val = value.app_settings_value if value else None
                     group_template = val or self.PERSONAL_GROUP_PATTERN
                     group_template = group_template.lstrip('/')
                     return group_template
                 def get_personal_group_name(self, user):
                     template = self.get_personal_group_name_pattern()
                     return string.Template(template).safe_substitute(
                         username=user.username,
                         user_id=user.user_id,
                         first_name=user.first_name,
                         last_name=user.last_name,
                     )
                 def create_personal_repo_group(self, user, commit_early=True):
                     desc = self.PERSONAL_GROUP_DESC % {'username': user.username}
                     personal_repo_group_name = self.get_personal_group_name(user)
                     # create a new one
                     RepoGroupModel().create(
                         group_name=personal_repo_group_name,
                         group_description=desc,
                         owner=user.username,
                         personal=True,
                         commit_early=commit_early)
                 def _create_default_perms(self, new_group):
                     # create default permission
                     default_perm = 'group.read'
                     def_user = User.get_default_user()
                     for p in def_user.user_perms:
                         if p.permission.permission_name.startswith('group.'):
                             default_perm = p.permission.permission_name
                             break
                     repo_group_to_perm = UserRepoGroupToPerm()
                     repo_group_to_perm.permission = Permission.get_by_key(default_perm)
                     repo_group_to_perm.group = new_group
-                    repo_group_to_perm.user_id = def_user.user_id
+                    repo_group_to_perm.user = def_user
                     return repo_group_to_perm
                 def _get_group_name_and_parent(self, group_name_full, repo_in_path=False,
                                                get_object=False):
                     """
                     Get's the group name and a parent group name from given group name.
                     If repo_in_path is set to truth, we asume the full path also includes
                     repo name, in such case we clean the last element.
                     :param group_name_full:
                     """
                     split_paths = 1
                     if repo_in_path:
                         split_paths = 2
                     _parts = group_name_full.rsplit(RepoGroup.url_sep(), split_paths)
                     if repo_in_path and len(_parts) > 1:
                         # such case last element is the repo_name
                         _parts.pop(-1)
                     group_name_cleaned = _parts[-1]  # just the group name
                     parent_repo_group_name = None
                     if len(_parts) > 1:
                         parent_repo_group_name = _parts[0]
                     parent_group = None
                     if parent_repo_group_name:
                         parent_group = RepoGroup.get_by_group_name(parent_repo_group_name)
                     if get_object:
                         return group_name_cleaned, parent_repo_group_name, parent_group
                     return group_name_cleaned, parent_repo_group_name
                 def check_exist_filesystem(self, group_name, exc_on_failure=True):
                     create_path = os.path.join(self.repos_path, group_name)
                     log.debug('creating new group in %s', create_path)
                     if os.path.isdir(create_path):
                         if exc_on_failure:
                             abs_create_path = os.path.abspath(create_path)
                             raise Exception('Directory `{}` already exists !'.format(abs_create_path))
                         return False
                     return True
                 def _create_group(self, group_name):
                     """
                     makes repository group on filesystem
                     :param repo_name:
                     :param parent_id:
                     """
                     self.check_exist_filesystem(group_name)
                     create_path = os.path.join(self.repos_path, group_name)
                     log.debug('creating new group in %s', create_path)
                     os.makedirs(create_path, mode=0o755)
                     log.debug('created group in %s', create_path)
                 def _rename_group(self, old, new):
                     """
                     Renames a group on filesystem
                     :param group_name:
                     """
                     if old == new:
                         log.debug('skipping group rename')
                         return
                     log.debug('renaming repository group from %s to %s', old, new)
                     old_path = os.path.join(self.repos_path, old)
                     new_path = os.path.join(self.repos_path, new)
                     log.debug('renaming repos paths from %s to %s', old_path, new_path)
                     if os.path.isdir(new_path):
                         raise Exception('Was trying to rename to already '
                                         'existing dir %s' % new_path)
                     shutil.move(old_path, new_path)
                 def _delete_filesystem_group(self, group, force_delete=False):
                     """
                     Deletes a group from a filesystem
                     :param group: instance of group from database
                     :param force_delete: use shutil rmtree to remove all objects
                     """
                     paths = group.full_path.split(RepoGroup.url_sep())
                     paths = os.sep.join(paths)
                     rm_path = os.path.join(self.repos_path, paths)
                     log.info("Removing group %s", rm_path)
                     # delete only if that path really exists
                     if os.path.isdir(rm_path):
                         if force_delete:
                             shutil.rmtree(rm_path)
                         else:
                             # archive that group`
                             _now = datetime.datetime.now()
                             _ms = str(_now.microsecond).rjust(6, '0')
                             _d = 'rm__%s_GROUP_%s' % (
                                 _now.strftime('%Y%m%d_%H%M%S_' + _ms), group.name)
                             shutil.move(rm_path, os.path.join(self.repos_path, _d))
                 def create(self, group_name, group_description, owner, just_db=False,
                            copy_permissions=False, personal=None, commit_early=True):
                     (group_name_cleaned,
                      parent_group_name) = RepoGroupModel()._get_group_name_and_parent(group_name)
                     parent_group = None
                     if parent_group_name:
                         parent_group = self._get_repo_group(parent_group_name)
                         if not parent_group:
                             # we tried to create a nested group, but the parent is not
                             # existing
                             raise ValueError(
                                 'Parent group `%s` given in `%s` group name '
                                 'is not yet existing.' % (parent_group_name, group_name))
                     # because we are doing a cleanup, we need to check if such directory
                     # already exists. If we don't do that we can accidentally delete
                     # existing directory via cleanup that can cause data issues, since
                     # delete does a folder rename to special syntax later cleanup
                     # functions can delete this
                     cleanup_group = self.check_exist_filesystem(group_name,
                                                                 exc_on_failure=False)
                     user = self._get_user(owner)
                     if not user:
                         raise ValueError('Owner %s not found as rhodecode user', owner)
                     try:
                         new_repo_group = RepoGroup()
                         new_repo_group.user = user
                         new_repo_group.group_description = group_description or group_name
                         new_repo_group.parent_group = parent_group
                         new_repo_group.group_name = group_name
                         new_repo_group.personal = personal
                         self.sa.add(new_repo_group)
                         # create an ADMIN permission for owner except if we're super admin,
                         # later owner should go into the owner field of groups
                         if not user.is_admin:
                             self.grant_user_permission(repo_group=new_repo_group,
                                                        user=owner, perm='group.admin')
                         if parent_group and copy_permissions:
                             # copy permissions from parent
                             user_perms = UserRepoGroupToPerm.query() \
                                 .filter(UserRepoGroupToPerm.group == parent_group).all()
                             group_perms = UserGroupRepoGroupToPerm.query() \
                                 .filter(UserGroupRepoGroupToPerm.group == parent_group).all()
                             for perm in user_perms:
                                 # don't copy over the permission for user who is creating
                                 # this group, if he is not super admin he get's admin
                                 # permission set above
                                 if perm.user != user or user.is_admin:
                                     UserRepoGroupToPerm.create(
                                         perm.user, new_repo_group, perm.permission)
                             for perm in group_perms:
                                 UserGroupRepoGroupToPerm.create(
                                     perm.users_group, new_repo_group, perm.permission)
                         else:
                             perm_obj = self._create_default_perms(new_repo_group)
                             self.sa.add(perm_obj)
                         # now commit the changes, earlier so we are sure everything is in
                         # the database.
                         if commit_early:
                             self.sa.commit()
                         if not just_db:
                             self._create_group(new_repo_group.group_name)
                         # trigger the post hook
                         from rhodecode.lib import hooks_base
                         repo_group = RepoGroup.get_by_group_name(group_name)
                         # update repo group commit caches initially
                         repo_group.update_commit_cache()
                         hooks_base.create_repository_group(
                             created_by=user.username, **repo_group.get_dict())
                         # Trigger create event.
                         events.trigger(events.RepoGroupCreateEvent(repo_group))
                         return new_repo_group
                     except Exception:
                         self.sa.rollback()
                         log.exception('Exception occurred when creating repository group, '
                                       'doing cleanup...')
                         # rollback things manually !
                         repo_group = RepoGroup.get_by_group_name(group_name)
                         if repo_group:
                             RepoGroup.delete(repo_group.group_id)
                             self.sa.commit()
                             if cleanup_group:
                                 RepoGroupModel()._delete_filesystem_group(repo_group)
                         raise
                 def update_permissions(
                         self, repo_group, perm_additions=None, perm_updates=None,
                         perm_deletions=None, recursive=None, check_perms=True,
                         cur_user=None):
                     from rhodecode.model.repo import RepoModel
                     from rhodecode.lib.auth import HasUserGroupPermissionAny
                     if not perm_additions:
                         perm_additions = []
                     if not perm_updates:
                         perm_updates = []
                     if not perm_deletions:
                         perm_deletions = []
                     req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')
                     changes = {
                         'added': [],
                         'updated': [],
                         'deleted': [],
                         'default_user_changed': None
                     }
                     def _set_perm_user(obj, user, perm):
                         if isinstance(obj, RepoGroup):
                             self.grant_user_permission(
                                 repo_group=obj, user=user, perm=perm)
                         elif isinstance(obj, Repository):
                             # private repos will not allow to change the default
                             # permissions using recursive mode
                             if obj.private and user == User.DEFAULT_USER:
                                 return
                             # we set group permission but we have to switch to repo
                             # permission
                             perm = perm.replace('group.', 'repository.')
                             RepoModel().grant_user_permission(
                                 repo=obj, user=user, perm=perm)
                     def _set_perm_group(obj, users_group, perm):
                         if isinstance(obj, RepoGroup):
                             self.grant_user_group_permission(
                                 repo_group=obj, group_name=users_group, perm=perm)
                         elif isinstance(obj, Repository):
                             # we set group permission but we have to switch to repo
                             # permission
                             perm = perm.replace('group.', 'repository.')
                             RepoModel().grant_user_group_permission(
                                 repo=obj, group_name=users_group, perm=perm)
                     def _revoke_perm_user(obj, user):
                         if isinstance(obj, RepoGroup):
                             self.revoke_user_permission(repo_group=obj, user=user)
                         elif isinstance(obj, Repository):
                             RepoModel().revoke_user_permission(repo=obj, user=user)
                     def _revoke_perm_group(obj, user_group):
                         if isinstance(obj, RepoGroup):
                             self.revoke_user_group_permission(
                                 repo_group=obj, group_name=user_group)
                         elif isinstance(obj, Repository):
                             RepoModel().revoke_user_group_permission(
                                 repo=obj, group_name=user_group)
                     # start updates
                     log.debug('Now updating permissions for %s in recursive mode:%s',
                               repo_group, recursive)
                     # initialize check function, we'll call that multiple times
                     has_group_perm = HasUserGroupPermissionAny(*req_perms)
                     for obj in repo_group.recursive_groups_and_repos():
                         # iterated obj is an instance of a repos group or repository in
                         # that group, recursive option can be: none, repos, groups, all
                         if recursive == 'all':
                             obj = obj
                         elif recursive == 'repos':
                             # skip groups, other than this one
                             if isinstance(obj, RepoGroup) and not obj == repo_group:
                                 continue
                         elif recursive == 'groups':
                             # skip repos
                             if isinstance(obj, Repository):
                                 continue
                         else:  # recursive == 'none':
                             #  DEFAULT option - don't apply to iterated objects
                             # also we do a break at the end of this loop. if we are not
                             # in recursive mode
                             obj = repo_group
                         change_obj = obj.get_api_data()
                         # update permissions
                         for member_id, perm, member_type in perm_updates:
                             member_id = int(member_id)
                             if member_type == 'user':
                                 member_name = User.get(member_id).username
                                 if isinstance(obj, RepoGroup) and obj == repo_group and member_name == User.DEFAULT_USER:
                                     # NOTE(dan): detect if we changed permissions for default user
                                     perm_obj = self.sa.query(UserRepoGroupToPerm) \
                                         .filter(UserRepoGroupToPerm.user_id == member_id) \
                                         .filter(UserRepoGroupToPerm.group == repo_group) \
                                         .scalar()
                                     if perm_obj and perm_obj.permission.permission_name != perm:
                                         changes['default_user_changed'] = True
                                 # this updates also current one if found
                                 _set_perm_user(obj, user=member_id, perm=perm)
                             elif member_type == 'user_group':
                                 member_name = UserGroup.get(member_id).users_group_name
                                 if not check_perms or has_group_perm(member_name,
                                                                      user=cur_user):
                                     _set_perm_group(obj, users_group=member_id, perm=perm)
                             else:
                                 raise ValueError("member_type must be 'user' or 'user_group' "
                                                  "got {} instead".format(member_type))
                             changes['updated'].append(
                                 {'change_obj': change_obj, 'type': member_type,
                                  'id': member_id, 'name': member_name, 'new_perm': perm})
                         # set new permissions
                         for member_id, perm, member_type in perm_additions:
                             member_id = int(member_id)
                             if member_type == 'user':
                                 member_name = User.get(member_id).username
                                 _set_perm_user(obj, user=member_id, perm=perm)
                             elif member_type == 'user_group':
                                 # check if we have permissions to alter this usergroup
                                 member_name = UserGroup.get(member_id).users_group_name
                                 if not check_perms or has_group_perm(member_name,
                                                                      user=cur_user):
                                     _set_perm_group(obj, users_group=member_id, perm=perm)
                             else:
                                 raise ValueError("member_type must be 'user' or 'user_group' "
                                                  "got {} instead".format(member_type))
                             changes['added'].append(
                                 {'change_obj': change_obj, 'type': member_type,
                                  'id': member_id, 'name': member_name, 'new_perm': perm})
                         # delete permissions
                         for member_id, perm, member_type in perm_deletions:
                             member_id = int(member_id)
                             if member_type == 'user':
                                 member_name = User.get(member_id).username
                                 _revoke_perm_user(obj, user=member_id)
                             elif member_type == 'user_group':
                                 # check if we have permissions to alter this usergroup
                                 member_name = UserGroup.get(member_id).users_group_name
                                 if not check_perms or has_group_perm(member_name,
                                                                      user=cur_user):
                                     _revoke_perm_group(obj, user_group=member_id)
                             else:
                                 raise ValueError("member_type must be 'user' or 'user_group' "
                                                  "got {} instead".format(member_type))
                             changes['deleted'].append(
                                 {'change_obj': change_obj, 'type': member_type,
                                  'id': member_id, 'name': member_name, 'new_perm': perm})
                         # if it's not recursive call for all,repos,groups
                         # break the loop and don't proceed with other changes
                         if recursive not in ['all', 'repos', 'groups']:
                             break
                     return changes
                 def update(self, repo_group, form_data):
                     try:
                         repo_group = self._get_repo_group(repo_group)
                         old_path = repo_group.full_path
                         # change properties
                         if 'group_description' in form_data:
                             repo_group.group_description = form_data['group_description']
                         if 'enable_locking' in form_data:
                             repo_group.enable_locking = form_data['enable_locking']
                         if 'group_parent_id' in form_data:
                             parent_group = (
                                 self._get_repo_group(form_data['group_parent_id']))
                             repo_group.group_parent_id = (
                                 parent_group.group_id if parent_group else None)
                             repo_group.parent_group = parent_group
                         # mikhail: to update the full_path, we have to explicitly
                         # update group_name
                         group_name = form_data.get('group_name', repo_group.name)
                         repo_group.group_name = repo_group.get_new_name(group_name)
                         new_path = repo_group.full_path
                         affected_user_ids = []
                         if 'user' in form_data:
                             old_owner_id = repo_group.user.user_id
                             new_owner = User.get_by_username(form_data['user'])
                             repo_group.user = new_owner
                             if old_owner_id != new_owner.user_id:
                                 affected_user_ids = [new_owner.user_id, old_owner_id]
                         self.sa.add(repo_group)
                         # iterate over all members of this groups and do fixes
                         # set locking if given
                         # if obj is a repoGroup also fix the name of the group according
                         # to the parent
                         # if obj is a Repo fix it's name
                         # this can be potentially heavy operation
                         for obj in repo_group.recursive_groups_and_repos():
                             # set the value from it's parent
                             obj.enable_locking = repo_group.enable_locking
                             if isinstance(obj, RepoGroup):
                                 new_name = obj.get_new_name(obj.name)
                                 log.debug('Fixing group %s to new name %s',
                                           obj.group_name, new_name)
                                 obj.group_name = new_name
                             elif isinstance(obj, Repository):
                                 # we need to get all repositories from this new group and
                                 # rename them accordingly to new group path
                                 new_name = obj.get_new_name(obj.just_name)
                                 log.debug('Fixing repo %s to new name %s',
                                           obj.repo_name, new_name)
                                 obj.repo_name = new_name
                             self.sa.add(obj)
                         self._rename_group(old_path, new_path)
                         # Trigger update event.
                         events.trigger(events.RepoGroupUpdateEvent(repo_group))
                         if affected_user_ids:
                             PermissionModel().trigger_permission_flush(affected_user_ids)
                         return repo_group
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def delete(self, repo_group, force_delete=False, fs_remove=True):
                     repo_group = self._get_repo_group(repo_group)
                     if not repo_group:
                         return False
                     try:
                         self.sa.delete(repo_group)
                         if fs_remove:
                             self._delete_filesystem_group(repo_group, force_delete)
                         else:
                             log.debug('skipping removal from filesystem')
                         # Trigger delete event.
                         events.trigger(events.RepoGroupDeleteEvent(repo_group))
                         return True
                     except Exception:
                         log.error('Error removing repo_group %s', repo_group)
                         raise
                 def grant_user_permission(self, repo_group, user, perm):
                     """
                     Grant permission for user on given repository group, or update
                     existing one if found
                     :param repo_group: Instance of RepoGroup, repositories_group_id,
                         or repositories_group name
                     :param user: Instance of User, user_id or username
                     :param perm: Instance of Permission, or permission_name
                     """
                     repo_group = self._get_repo_group(repo_group)
                     user = self._get_user(user)
                     permission = self._get_perm(perm)
                     # check if we have that permission already
                     obj = self.sa.query(UserRepoGroupToPerm)\
                         .filter(UserRepoGroupToPerm.user == user)\
                         .filter(UserRepoGroupToPerm.group == repo_group)\
                         .scalar()
                     if obj is None:
                         # create new !
                         obj = UserRepoGroupToPerm()
                     obj.group = repo_group
                     obj.user = user
                     obj.permission = permission
                     self.sa.add(obj)
                     log.debug('Granted perm %s to %s on %s', perm, user, repo_group)
                     action_logger_generic(
                         'granted permission: {} to user: {} on repogroup: {}'.format(
                             perm, user, repo_group), namespace='security.repogroup')
                     return obj
                 def revoke_user_permission(self, repo_group, user):
                     """
                     Revoke permission for user on given repository group
                     :param repo_group: Instance of RepoGroup, repositories_group_id,
                         or repositories_group name
                     :param user: Instance of User, user_id or username
                     """
                     repo_group = self._get_repo_group(repo_group)
                     user = self._get_user(user)
                     obj = self.sa.query(UserRepoGroupToPerm)\
                         .filter(UserRepoGroupToPerm.user == user)\
                         .filter(UserRepoGroupToPerm.group == repo_group)\
                         .scalar()
                     if obj:
                         self.sa.delete(obj)
                         log.debug('Revoked perm on %s on %s', repo_group, user)
                         action_logger_generic(
                             'revoked permission from user: {} on repogroup: {}'.format(
                                 user, repo_group), namespace='security.repogroup')
                 def grant_user_group_permission(self, repo_group, group_name, perm):
                     """
                     Grant permission for user group on given repository group, or update
                     existing one if found
                     :param repo_group: Instance of RepoGroup, repositories_group_id,
                         or repositories_group name
                     :param group_name: Instance of UserGroup, users_group_id,
                         or user group name
                     :param perm: Instance of Permission, or permission_name
                     """
                     repo_group = self._get_repo_group(repo_group)
                     group_name = self._get_user_group(group_name)
                     permission = self._get_perm(perm)
                     # check if we have that permission already
                     obj = self.sa.query(UserGroupRepoGroupToPerm)\
                         .filter(UserGroupRepoGroupToPerm.group == repo_group)\
                         .filter(UserGroupRepoGroupToPerm.users_group == group_name)\
                         .scalar()
                     if obj is None:
                         # create new
                         obj = UserGroupRepoGroupToPerm()
                     obj.group = repo_group
                     obj.users_group = group_name
                     obj.permission = permission
                     self.sa.add(obj)
                     log.debug('Granted perm %s to %s on %s', perm, group_name, repo_group)
                     action_logger_generic(
                         'granted permission: {} to usergroup: {} on repogroup: {}'.format(
                             perm, group_name, repo_group), namespace='security.repogroup')
                     return obj
                 def revoke_user_group_permission(self, repo_group, group_name):
                     """
                     Revoke permission for user group on given repository group
                     :param repo_group: Instance of RepoGroup, repositories_group_id,
                         or repositories_group name
                     :param group_name: Instance of UserGroup, users_group_id,
                         or user group name
                     """
                     repo_group = self._get_repo_group(repo_group)
                     group_name = self._get_user_group(group_name)
                     obj = self.sa.query(UserGroupRepoGroupToPerm)\
                         .filter(UserGroupRepoGroupToPerm.group == repo_group)\
                         .filter(UserGroupRepoGroupToPerm.users_group == group_name)\
                         .scalar()
                     if obj:
                         self.sa.delete(obj)
                         log.debug('Revoked perm to %s on %s', repo_group, group_name)
                         action_logger_generic(
                             'revoked permission from usergroup: {} on repogroup: {}'.format(
                                 group_name, repo_group), namespace='security.repogroup')
                 @classmethod
                 def update_commit_cache(cls, repo_groups=None):
                     if not repo_groups:
                         repo_groups = RepoGroup.getAll()
                     for repo_group in repo_groups:
                         repo_group.update_commit_cache()
                 def get_repo_groups_as_dict(self, repo_group_list=None, admin=False,
                                             super_user_actions=False):
                     from pyramid.threadlocal import get_current_request
                     _render = get_current_request().get_partial_renderer(
                         'rhodecode:templates/data_table/_dt_elements.mako')
                     c = _render.get_call_context()
                     h = _render.get_helpers()
                     def quick_menu(repo_group_name):
                         return _render('quick_repo_group_menu', repo_group_name)
                     def repo_group_lnk(repo_group_name):
                         return _render('repo_group_name', repo_group_name)
                     def last_change(last_change):
                         if admin and isinstance(last_change, datetime.datetime) and not last_change.tzinfo:
                             ts = time.time()
                             utc_offset = (datetime.datetime.fromtimestamp(ts)
                                           - datetime.datetime.utcfromtimestamp(ts)).total_seconds()
                             last_change = last_change + datetime.timedelta(seconds=utc_offset)
                         return _render("last_change", last_change)
                     def desc(desc, personal):
                         return _render(
                             'repo_group_desc', desc, personal, c.visual.stylify_metatags)
                     def repo_group_actions(repo_group_id, repo_group_name, gr_count):
                         return _render(
                             'repo_group_actions', repo_group_id, repo_group_name, gr_count)
                     def repo_group_name(repo_group_name, children_groups):
                         return _render("repo_group_name", repo_group_name, children_groups)
                     def user_profile(username):
                         return _render('user_profile', username)
                     repo_group_data = []
                     for group in repo_group_list:
                         # NOTE(marcink): because we use only raw column we need to load it like that
                         changeset_cache = RepoGroup._load_changeset_cache(
                             '', group._changeset_cache)
                         last_commit_change = RepoGroup._load_commit_change(changeset_cache)
                         row = {
                             "menu": quick_menu(group.group_name),
                             "name": repo_group_lnk(group.group_name),
                             "name_raw": group.group_name,
                             "last_change": last_change(last_commit_change),
                             "last_changeset": "",
                             "last_changeset_raw": "",
                             "desc": desc(h.escape(group.group_description), group.personal),
                             "top_level_repos": 0,
                             "owner": user_profile(group.User.username)
                         }
                         if admin:
                             repo_count = group.repositories.count()
-                            children_groups = map(
+                            children_groups = list(map(
-                                h.safe_unicode,
+                                h.safe_str,
                                 itertools.chain((g.name for g in group.parents),
-                                                (x.name for x in [group])))
+                                                (x.name for x in [group]))))
                             row.update({
                                 "action": repo_group_actions(
                                     group.group_id, group.group_name, repo_count),
                                 "top_level_repos": repo_count,
                                 "name": repo_group_name(group.group_name, children_groups),
                             })
                         repo_group_data.append(row)
                     return repo_group_data
                 def get_repo_groups_data_table(
                         self, draw, start, limit,
                         search_q, order_by, order_dir,
                         auth_user, repo_group_id):
                     from rhodecode.model.scm import RepoGroupList
                     _perms = ['group.read', 'group.write', 'group.admin']
                     repo_groups = RepoGroup.query() \
                         .filter(RepoGroup.group_parent_id == repo_group_id) \
                         .all()
                     auth_repo_group_list = RepoGroupList(
                         repo_groups, perm_set=_perms,
                         extra_kwargs=dict(user=auth_user))
                     allowed_ids = [-1]
                     for repo_group in auth_repo_group_list:
                         allowed_ids.append(repo_group.group_id)
                     repo_groups_data_total_count = RepoGroup.query() \
                         .filter(RepoGroup.group_parent_id == repo_group_id) \
                         .filter(or_(
                             # generate multiple IN to fix limitation problems
                             *in_filter_generator(RepoGroup.group_id, allowed_ids))
                         ) \
                         .count()
                     base_q = Session.query(
                         RepoGroup.group_name,
                         RepoGroup.group_name_hash,
                         RepoGroup.group_description,
                         RepoGroup.group_id,
                         RepoGroup.personal,
                         RepoGroup.updated_on,
                         RepoGroup._changeset_cache,
                         User,
                         ) \
                         .filter(RepoGroup.group_parent_id == repo_group_id) \
                         .filter(or_(
                             # generate multiple IN to fix limitation problems
                             *in_filter_generator(RepoGroup.group_id, allowed_ids))
                         ) \
                         .join(User, User.user_id == RepoGroup.user_id) \
                         .group_by(RepoGroup, User)
                     repo_groups_data_total_filtered_count = base_q.count()
                     sort_defined = False
                     if order_by == 'group_name':
                         sort_col = func.lower(RepoGroup.group_name)
                         sort_defined = True
                     elif order_by == 'user_username':
                         sort_col = User.username
                     else:
                         sort_col = getattr(RepoGroup, order_by, None)
                     if sort_defined or sort_col:
                         if order_dir == 'asc':
                             sort_col = sort_col.asc()
                         else:
                             sort_col = sort_col.desc()
                     base_q = base_q.order_by(sort_col)
                     base_q = base_q.offset(start).limit(limit)
                     repo_group_list = base_q.all()
                     repo_groups_data = RepoGroupModel().get_repo_groups_as_dict(
                         repo_group_list=repo_group_list, admin=False)
                     data = ({
                         'draw': draw,
                         'data': repo_groups_data,
                         'recordsTotal': repo_groups_data_total_count,
                         'recordsFiltered': repo_groups_data_total_filtered_count,
                     })
                     return data
                 def _get_defaults(self, repo_group_name):
                     repo_group = RepoGroup.get_by_group_name(repo_group_name)
                     if repo_group is None:
                         return None
                     defaults = repo_group.get_dict()
                     defaults['repo_group_name'] = repo_group.name
                     defaults['repo_group_description'] = repo_group.group_description
                     defaults['repo_group_enable_locking'] = repo_group.enable_locking
                     # we use -1 as this is how in HTML, we mark an empty group
                     defaults['repo_group'] = defaults['group_parent_id'] or -1
                     # fill owner
                     if repo_group.user:
                         defaults.update({'user': repo_group.user.username})
                     else:
                         replacement_user = User.get_first_super_admin().username
                         defaults.update({'user': replacement_user})
                     return defaults

rhodecode/model/scm.py

0 +76 -61

             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Scm model for RhodeCode
             """
             import os.path
             import traceback
             import logging
             import io
             from sqlalchemy import func
             from zope.cachedescriptors.property import Lazy as LazyProperty
             import rhodecode
+            from rhodecode.lib.str_utils import safe_bytes
             from rhodecode.lib.vcs import get_backend
             from rhodecode.lib.vcs.exceptions import RepositoryError, NodeNotChangedError
             from rhodecode.lib.vcs.nodes import FileNode
             from rhodecode.lib.vcs.backends.base import EmptyCommit
             from rhodecode.lib import helpers as h, rc_cache
             from rhodecode.lib.auth import (
                 HasRepoPermissionAny, HasRepoGroupPermissionAny,
                 HasUserGroupPermissionAny)
             from rhodecode.lib.exceptions import NonRelativePathError, IMCCommitError
             from rhodecode.lib import hooks_utils
             from rhodecode.lib.utils import (
                 get_filesystem_repos, make_db_config)
-            from rhodecode.lib.utils2 import (safe_str, safe_unicode)
+            from rhodecode.lib.str_utils import safe_str
             from rhodecode.lib.system_info import get_system_info
             from rhodecode.model import BaseModel
             from rhodecode.model.db import (
                 or_, false,
                 Repository, CacheKey, UserFollowing, UserLog, User, RepoGroup,
                 PullRequest, FileStore)
             from rhodecode.model.settings import VcsSettingsModel
             from rhodecode.model.validation_schema.validators import url_validator, InvalidCloneUrl
             log = logging.getLogger(__name__)
             class UserTemp(object):
                 def __init__(self, user_id):
                     self.user_id = user_id
                 def __repr__(self):
                     return "<%s('id:%s')>" % (self.__class__.__name__, self.user_id)
             class RepoTemp(object):
                 def __init__(self, repo_id):
                     self.repo_id = repo_id
                 def __repr__(self):
                     return "<%s('id:%s')>" % (self.__class__.__name__, self.repo_id)
             class SimpleCachedRepoList(object):
                 """
                 Lighter version of of iteration of repos without the scm initialisation,
                 and with cache usage
                 """
                 def __init__(self, db_repo_list, repos_path, order_by=None, perm_set=None):
                     self.db_repo_list = db_repo_list
                     self.repos_path = repos_path
                     self.order_by = order_by
                     self.reversed = (order_by or '').startswith('-')
                     if not perm_set:
                         perm_set = ['repository.read', 'repository.write',
                                     'repository.admin']
                     self.perm_set = perm_set
                 def __len__(self):
                     return len(self.db_repo_list)
                 def __repr__(self):
                     return '<%s (%s)>' % (self.__class__.__name__, self.__len__())
                 def __iter__(self):
                     for dbr in self.db_repo_list:
                         # check permission at this level
                         has_perm = HasRepoPermissionAny(*self.perm_set)(
                             dbr.repo_name, 'SimpleCachedRepoList check')
                         if not has_perm:
                             continue
                         tmp_d = {
                             'name': dbr.repo_name,
                             'dbrepo': dbr.get_dict(),
                             'dbrepo_fork': dbr.fork.get_dict() if dbr.fork else {}
                         }
                         yield tmp_d
             class _PermCheckIterator(object):
                 def __init__(
                         self, obj_list, obj_attr, perm_set, perm_checker,
                         extra_kwargs=None):
                     """
                     Creates iterator from given list of objects, additionally
                     checking permission for them from perm_set var
                     :param obj_list: list of db objects
                     :param obj_attr: attribute of object to pass into perm_checker
                     :param perm_set: list of permissions to check
                     :param perm_checker: callable to check permissions against
                     """
                     self.obj_list = obj_list
                     self.obj_attr = obj_attr
                     self.perm_set = perm_set
                     self.perm_checker = perm_checker(*self.perm_set)
                     self.extra_kwargs = extra_kwargs or {}
                 def __len__(self):
                     return len(self.obj_list)
                 def __repr__(self):
                     return '<%s (%s)>' % (self.__class__.__name__, self.__len__())
                 def __iter__(self):
                     for db_obj in self.obj_list:
                         # check permission at this level
                         # NOTE(marcink): the __dict__.get() is ~4x faster then getattr()
                         name = db_obj.__dict__.get(self.obj_attr, None)
                         if not self.perm_checker(name, self.__class__.__name__, **self.extra_kwargs):
                             continue
                         yield db_obj
             class RepoList(_PermCheckIterator):
                 def __init__(self, db_repo_list, perm_set=None, extra_kwargs=None):
                     if not perm_set:
                         perm_set = ['repository.read', 'repository.write', 'repository.admin']
                     super(RepoList, self).__init__(
                         obj_list=db_repo_list,
                         obj_attr='_repo_name', perm_set=perm_set,
                         perm_checker=HasRepoPermissionAny,
                         extra_kwargs=extra_kwargs)
             class RepoGroupList(_PermCheckIterator):
                 def __init__(self, db_repo_group_list, perm_set=None, extra_kwargs=None):
                     if not perm_set:
                         perm_set = ['group.read', 'group.write', 'group.admin']
                     super(RepoGroupList, self).__init__(
                         obj_list=db_repo_group_list,
                         obj_attr='_group_name', perm_set=perm_set,
                         perm_checker=HasRepoGroupPermissionAny,
                         extra_kwargs=extra_kwargs)
             class UserGroupList(_PermCheckIterator):
                 def __init__(self, db_user_group_list, perm_set=None, extra_kwargs=None):
                     if not perm_set:
                         perm_set = ['usergroup.read', 'usergroup.write', 'usergroup.admin']
                     super(UserGroupList, self).__init__(
                         obj_list=db_user_group_list,
                         obj_attr='users_group_name', perm_set=perm_set,
                         perm_checker=HasUserGroupPermissionAny,
                         extra_kwargs=extra_kwargs)
             class ScmModel(BaseModel):
                 """
                 Generic Scm Model
                 """
                 @LazyProperty
                 def repos_path(self):
                     """
                     Gets the repositories root path from database
                     """
                     settings_model = VcsSettingsModel(sa=self.sa)
                     return settings_model.get_repos_location()
                 def repo_scan(self, repos_path=None):
                     """
                     Listing of repositories in given path. This path should not be a
                     repository itself. Return a dictionary of repository objects
                     :param repos_path: path to directory containing repositories
                     """
                     if repos_path is None:
                         repos_path = self.repos_path
                     log.info('scanning for repositories in %s', repos_path)
                     config = make_db_config()
                     config.set('extensions', 'largefiles', '')
                     repos = {}
                     for name, path in get_filesystem_repos(repos_path, recursive=True):
                         # name need to be decomposed and put back together using the /
                         # since this is internal storage separator for rhodecode
                         name = Repository.normalize_repo_name(name)
                         try:
                             if name in repos:
                                 raise RepositoryError('Duplicate repository name %s '
                                                       'found in %s' % (name, path))
                             elif path[0] in rhodecode.BACKENDS:
                                 backend = get_backend(path[0])
                                 repos[name] = backend(path[1], config=config,
                                                       with_wire={"cache": False})
                         except OSError:
                             continue
                         except RepositoryError:
                             log.exception('Failed to create a repo')
                             continue
                     log.debug('found %s paths with repositories', len(repos))
                     return repos
                 def get_repos(self, all_repos=None, sort_key=None):
                     """
                     Get all repositories from db and for each repo create it's
                     backend instance and fill that backed with information from database
                     :param all_repos: list of repository names as strings
                         give specific repositories list, good for filtering
                     :param sort_key: initial sorting of repositories
                     """
                     if all_repos is None:
                         all_repos = self.sa.query(Repository)\
                             .filter(Repository.group_id == None)\
                             .order_by(func.lower(Repository.repo_name)).all()
                     repo_iter = SimpleCachedRepoList(
                         all_repos, repos_path=self.repos_path, order_by=sort_key)
                     return repo_iter
                 def get_repo_groups(self, all_groups=None):
                     if all_groups is None:
                         all_groups = RepoGroup.query()\
                             .filter(RepoGroup.group_parent_id == None).all()
                     return [x for x in RepoGroupList(all_groups)]
                 def mark_for_invalidation(self, repo_name, delete=False):
                     """
                     Mark caches of this repo invalid in the database. `delete` flag
                     removes the cache entries
                     :param repo_name: the repo_name for which caches should be marked
                         invalid, or deleted
                     :param delete: delete the entry keys instead of setting bool
                         flag on them, and also purge caches used by the dogpile
                     """
                     repo = Repository.get_by_repo_name(repo_name)
                     if repo:
                         invalidation_namespace = CacheKey.REPO_INVALIDATION_NAMESPACE.format(
                             repo_id=repo.repo_id)
                         CacheKey.set_invalidate(invalidation_namespace, delete=delete)
                         repo_id = repo.repo_id
                         config = repo._config
                         config.set('extensions', 'largefiles', '')
                         repo.update_commit_cache(config=config, cs_cache=None)
                         if delete:
                             cache_namespace_uid = 'cache_repo.{}'.format(repo_id)
-                            rc_cache.clear_cache_namespace(
+                            rc_cache.clear_cache_namespace('cache_repo', cache_namespace_uid, method=rc_cache.CLEAR_INVALIDATE)
-                                'cache_repo', cache_namespace_uid, invalidate=True)
                 def toggle_following_repo(self, follow_repo_id, user_id):
                     f = self.sa.query(UserFollowing)\
                         .filter(UserFollowing.follows_repo_id == follow_repo_id)\
                         .filter(UserFollowing.user_id == user_id).scalar()
                     if f is not None:
                         try:
                             self.sa.delete(f)
                             return
                         except Exception:
                             log.error(traceback.format_exc())
                             raise
                     try:
                         f = UserFollowing()
                         f.user_id = user_id
                         f.follows_repo_id = follow_repo_id
                         self.sa.add(f)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def toggle_following_user(self, follow_user_id, user_id):
                     f = self.sa.query(UserFollowing)\
                         .filter(UserFollowing.follows_user_id == follow_user_id)\
                         .filter(UserFollowing.user_id == user_id).scalar()
                     if f is not None:
                         try:
                             self.sa.delete(f)
                             return
                         except Exception:
                             log.error(traceback.format_exc())
                             raise
                     try:
                         f = UserFollowing()
                         f.user_id = user_id
                         f.follows_user_id = follow_user_id
                         self.sa.add(f)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def is_following_repo(self, repo_name, user_id, cache=False):
                     r = self.sa.query(Repository)\
                         .filter(Repository.repo_name == repo_name).scalar()
                     f = self.sa.query(UserFollowing)\
                         .filter(UserFollowing.follows_repository == r)\
                         .filter(UserFollowing.user_id == user_id).scalar()
                     return f is not None
                 def is_following_user(self, username, user_id, cache=False):
                     u = User.get_by_username(username)
                     f = self.sa.query(UserFollowing)\
                         .filter(UserFollowing.follows_user == u)\
                         .filter(UserFollowing.user_id == user_id).scalar()
                     return f is not None
                 def get_followers(self, repo):
                     repo = self._get_repo(repo)
                     return self.sa.query(UserFollowing)\
                         .filter(UserFollowing.follows_repository == repo).count()
                 def get_forks(self, repo):
                     repo = self._get_repo(repo)
                     return self.sa.query(Repository)\
                         .filter(Repository.fork == repo).count()
                 def get_pull_requests(self, repo):
                     repo = self._get_repo(repo)
                     return self.sa.query(PullRequest)\
                         .filter(PullRequest.target_repo == repo)\
                         .filter(PullRequest.status != PullRequest.STATUS_CLOSED).count()
                 def get_artifacts(self, repo):
                     repo = self._get_repo(repo)
                     return self.sa.query(FileStore)\
                         .filter(FileStore.repo == repo)\
                         .filter(or_(FileStore.hidden == None, FileStore.hidden == false())).count()
                 def mark_as_fork(self, repo, fork, user):
                     repo = self._get_repo(repo)
                     fork = self._get_repo(fork)
                     if fork and repo.repo_id == fork.repo_id:
                         raise Exception("Cannot set repository as fork of itself")
                     if fork and repo.repo_type != fork.repo_type:
                         raise RepositoryError(
                             "Cannot set repository as fork of repository with other type")
                     repo.fork = fork
                     self.sa.add(repo)
                     return repo
                 def pull_changes(self, repo, username, remote_uri=None, validate_uri=True):
                     dbrepo = self._get_repo(repo)
                     remote_uri = remote_uri or dbrepo.clone_uri
                     if not remote_uri:
                         raise Exception("This repository doesn't have a clone uri")
                     repo = dbrepo.scm_instance(cache=False)
                     repo.config.clear_section('hooks')
                     try:
                         # NOTE(marcink): add extra validation so we skip invalid urls
                         # this is due this tasks can be executed via scheduler without
                         # proper validation of remote_uri
                         if validate_uri:
                             config = make_db_config(clear_session=False)
                             url_validator(remote_uri, dbrepo.repo_type, config)
                     except InvalidCloneUrl:
                         raise
                     repo_name = dbrepo.repo_name
                     try:
                         # TODO: we need to make sure those operations call proper hooks !
                         repo.fetch(remote_uri)
                         self.mark_for_invalidation(repo_name)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def push_changes(self, repo, username, remote_uri=None, validate_uri=True):
                     dbrepo = self._get_repo(repo)
                     remote_uri = remote_uri or dbrepo.push_uri
                     if not remote_uri:
                         raise Exception("This repository doesn't have a clone uri")
                     repo = dbrepo.scm_instance(cache=False)
                     repo.config.clear_section('hooks')
                     try:
                         # NOTE(marcink): add extra validation so we skip invalid urls
                         # this is due this tasks can be executed via scheduler without
                         # proper validation of remote_uri
                         if validate_uri:
                             config = make_db_config(clear_session=False)
                             url_validator(remote_uri, dbrepo.repo_type, config)
                     except InvalidCloneUrl:
                         raise
                     try:
                         repo.push(remote_uri)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def commit_change(self, repo, repo_name, commit, user, author, message,
-                                  content, f_path):
+                                  content: bytes, f_path: bytes):
                     """
                     Commits changes
-                    :param repo: SCM instance
                     """
                     user = self._get_user(user)
-                    # decoding here will force that we have proper encoded values
-                    # in any other case this will throw exceptions and deny commit
-                    content = safe_str(content)
-                    path = safe_str(f_path)
                     # message and author needs to be unicode
                     # proper backend should then translate that into required type
-                    message = safe_unicode(message)
+                    message = safe_str(message)
-                    author = safe_unicode(author)
+                    author = safe_str(author)
                     imc = repo.in_memory_commit
-                    imc.change(FileNode(path, content, mode=commit.get_file_mode(f_path)))
+                    imc.change(FileNode(f_path, content, mode=commit.get_file_mode(f_path)))
                     try:
                         # TODO: handle pre-push action !
                         tip = imc.commit(
                             message=message, author=author, parents=[commit],
                             branch=commit.branch)
                     except Exception as e:
                         log.error(traceback.format_exc())
                         raise IMCCommitError(str(e))
                     finally:
                         # always clear caches, if commit fails we want fresh object also
                         self.mark_for_invalidation(repo_name)
                     # We trigger the post-push action
                     hooks_utils.trigger_post_push_hook(
                         username=user.username, action='push_local', hook_type='post_push',
                         repo_name=repo_name, repo_type=repo.alias, commit_ids=[tip.raw_id])
                     return tip
-                def _sanitize_path(self, f_path):
+                def _sanitize_path(self, f_path: bytes):
-                    if f_path.startswith('/') or f_path.startswith('./') or '../' in f_path:
+                    if f_path.startswith(b'/') or f_path.startswith(b'./') or b'../' in f_path:
-                        raise NonRelativePathError('%s is not an relative path' % f_path)
+                        raise NonRelativePathError(b'%b is not an relative path' % f_path)
                     if f_path:
                         f_path = os.path.normpath(f_path)
                     return f_path
                 def get_dirnode_metadata(self, request, commit, dir_node):
                     if not dir_node.is_dir():
                         return []
                     data = []
                     for node in dir_node:
                         if not node.is_file():
                             # we skip file-nodes
                             continue
                         last_commit = node.last_commit
                         last_commit_date = last_commit.date
                         data.append({
                             'name': node.name,
                             'size': h.format_byte_size_binary(node.size),
                             'modified_at': h.format_date(last_commit_date),
                             'modified_ts': last_commit_date.isoformat(),
                             'revision': last_commit.revision,
                             'short_id': last_commit.short_id,
                             'message': h.escape(last_commit.message),
                             'author': h.escape(last_commit.author),
                             'user_profile': h.gravatar_with_user(
                                 request, last_commit.author),
                         })
                     return data
                 def get_nodes(self, repo_name, commit_id, root_path='/', flat=True,
                               extended_info=False, content=False, max_file_bytes=None):
                     """
                     recursive walk in root dir and return a set of all path in that dir
                     based on repository walk function
                     :param repo_name: name of repository
                     :param commit_id: commit id for which to list nodes
                     :param root_path: root path to list
                     :param flat: return as a list, if False returns a dict with description
                     :param extended_info: show additional info such as md5, binary, size etc
                     :param content: add nodes content to the return data
                     :param max_file_bytes: will not return file contents over this limit
                     """
                     _files = list()
                     _dirs = list()
                     try:
                         _repo = self._get_repo(repo_name)
                         commit = _repo.scm_instance().get_commit(commit_id=commit_id)
                         root_path = root_path.lstrip('/')
-                        for __, dirs, files in commit.walk(root_path):
+                        # get RootNode, inject pre-load options before walking
+                        top_node = commit.get_node(root_path)
+                        extended_info_pre_load = []
+                        if extended_info:
+                            extended_info_pre_load += ['md5']
+                        top_node.default_pre_load = ['is_binary', 'size'] + extended_info_pre_load
+                        for __, dirs, files in commit.walk(top_node):
                             for f in files:
                                 _content = None
-                                _data = f_name = f.unicode_path
+                                _data = f_name = f.str_path
                                 if not flat:
                                     _data = {
                                         "name": h.escape(f_name),
                                         "type": "file",
                                         }
                                     if extended_info:
                                         _data.update({
                                             "md5": f.md5,
                                             "binary": f.is_binary,
                                             "size": f.size,
                                             "extension": f.extension,
                                             "mimetype": f.mimetype,
                                             "lines": f.lines()[0]
                                         })
                                     if content:
                                         over_size_limit = (max_file_bytes is not None
                                                            and f.size > max_file_bytes)
                                         full_content = None
                                         if not f.is_binary and not over_size_limit:
-                                            full_content = safe_str(f.content)
+                                            full_content = f.str_content
                                         _data.update({
                                             "content": full_content,
                                         })
                                 _files.append(_data)
                             for d in dirs:
-                                _data = d_name = d.unicode_path
+                                _data = d_name = d.str_path
                                 if not flat:
                                     _data = {
                                         "name": h.escape(d_name),
                                         "type": "dir",
                                         }
                                 if extended_info:
                                     _data.update({
-                                        "md5": None,
+                                        "md5": "",
-                                        "binary": None,
+                                        "binary": False,
-                                        "size": None,
+                                        "size": 0,
-                                        "extension": None,
+                                        "extension": "",
                                     })
                                 if content:
                                     _data.update({
                                         "content": None
                                     })
                                 _dirs.append(_data)
                     except RepositoryError:
                         log.exception("Exception in get_nodes")
                         raise
                     return _dirs, _files
                 def get_quick_filter_nodes(self, repo_name, commit_id, root_path='/'):
                     """
                     Generate files for quick filter in files view
                     """
                     _files = list()
                     _dirs = list()
                     try:
                         _repo = self._get_repo(repo_name)
                         commit = _repo.scm_instance().get_commit(commit_id=commit_id)
                         root_path = root_path.lstrip('/')
                         for __, dirs, files in commit.walk(root_path):
                             for f in files:
                                 _data = {
-                                    "name": h.escape(f.unicode_path),
+                                    "name": h.escape(f.str_path),
                                     "type": "file",
                                     }
                                 _files.append(_data)
                             for d in dirs:
                                 _data = {
-                                    "name": h.escape(d.unicode_path),
+                                    "name": h.escape(d.str_path),
                                     "type": "dir",
                                     }
                                 _dirs.append(_data)
                     except RepositoryError:
                         log.exception("Exception in get_quick_filter_nodes")
                         raise
                     return _dirs, _files
                 def get_node(self, repo_name, commit_id, file_path,
                              extended_info=False, content=False, max_file_bytes=None, cache=True):
                     """
                     retrieve single node from commit
                     """
                     try:
                         _repo = self._get_repo(repo_name)
                         commit = _repo.scm_instance().get_commit(commit_id=commit_id)
                         file_node = commit.get_node(file_path)
                         if file_node.is_dir():
                             raise RepositoryError('The given path is a directory')
                         _content = None
-                        f_name = file_node.unicode_path
+                        f_name = file_node.str_path
                         file_data = {
                             "name": h.escape(f_name),
                             "type": "file",
                         }
                         if extended_info:
                             file_data.update({
                                 "extension": file_node.extension,
                                 "mimetype": file_node.mimetype,
                             })
                             if cache:
                                 md5 = file_node.md5
                                 is_binary = file_node.is_binary
                                 size = file_node.size
                             else:
                                 is_binary, md5, size, _content = file_node.metadata_uncached()
                             file_data.update({
                                 "md5": md5,
                                 "binary": is_binary,
                                 "size": size,
                             })
                         if content and cache:
                             # get content + cache
                             size = file_node.size
                             over_size_limit = (max_file_bytes is not None and size > max_file_bytes)
                             full_content = None
                             all_lines = 0
                             if not file_node.is_binary and not over_size_limit:
-                                full_content = safe_unicode(file_node.content)
+                                full_content = safe_str(file_node.content)
                                 all_lines, empty_lines = file_node.count_lines(full_content)
                             file_data.update({
                                 "content": full_content,
                                 "lines": all_lines
                             })
                         elif content:
                             # get content *without* cache
                             if _content is None:
                                 is_binary, md5, size, _content = file_node.metadata_uncached()
                             over_size_limit = (max_file_bytes is not None and size > max_file_bytes)
                             full_content = None
                             all_lines = 0
                             if not is_binary and not over_size_limit:
-                                full_content = safe_unicode(_content)
+                                full_content = safe_str(_content)
                                 all_lines, empty_lines = file_node.count_lines(full_content)
                             file_data.update({
                                 "content": full_content,
                                 "lines": all_lines
                             })
                     except RepositoryError:
                         log.exception("Exception in get_node")
                         raise
                     return file_data
                 def get_fts_data(self, repo_name, commit_id, root_path='/'):
                     """
                     Fetch node tree for usage in full text search
                     """
                     tree_info = list()
                     try:
                         _repo = self._get_repo(repo_name)
                         commit = _repo.scm_instance().get_commit(commit_id=commit_id)
                         root_path = root_path.lstrip('/')
-                        for __, dirs, files in commit.walk(root_path):
+                        top_node = commit.get_node(root_path)
+                        top_node.default_pre_load = []
+                        for __, dirs, files in commit.walk(top_node):
                             for f in files:
                                 is_binary, md5, size, _content = f.metadata_uncached()
                                 _data = {
-                                    "name": f.unicode_path,
+                                    "name": f.str_path,
                                     "md5": md5,
                                     "extension": f.extension,
                                     "binary": is_binary,
                                     "size": size
                                 }
                                 tree_info.append(_data)
                     except RepositoryError:
                         log.exception("Exception in get_nodes")
                         raise
                     return tree_info
                 def create_nodes(self, user, repo, message, nodes, parent_commit=None,
                                  author=None, trigger_push_hook=True):
                     """
                     Commits given multiple nodes into repo
                     :param user: RhodeCode User object or user_id, the commiter
                     :param repo: RhodeCode Repository object
                     :param message: commit message
                     :param nodes: mapping {filename:{'content':content},...}
                     :param parent_commit: parent commit, can be empty than it's
                        initial commit
                     :param author: author of commit, cna be different that commiter
                        only for git
                     :param trigger_push_hook: trigger push hooks
                     :returns: new committed commit
                     """
                     user = self._get_user(user)
                     scm_instance = repo.scm_instance(cache=False)
-                    processed_nodes = []
+                    message = safe_str(message)
-                    for f_path in nodes:
-                        f_path = self._sanitize_path(f_path)
-                        content = nodes[f_path]['content']
-                        f_path = safe_str(f_path)
-                        # decoding here will force that we have proper encoded values
-                        # in any other case this will throw exceptions and deny commit
-                        if isinstance(content, (str,)):
-                            content = safe_str(content)
-                        elif isinstance(content, (file, cStringIO.OutputType,)):
-                            content = content.read()
-                        else:
-                            raise Exception('Content is of unrecognized type %s' % (
-                                type(content)
-                            ))
-                        processed_nodes.append((f_path, content))
-                    message = safe_unicode(message)
                     commiter = user.full_contact
-                    author = safe_unicode(author) if author else commiter
+                    author = safe_str(author) if author else commiter
                     imc = scm_instance.in_memory_commit
                     if not parent_commit:
                         parent_commit = EmptyCommit(alias=scm_instance.alias)
                     if isinstance(parent_commit, EmptyCommit):
-                        # EmptyCommit means we we're editing empty repository
+                        # EmptyCommit means we're editing empty repository
                         parents = None
                     else:
                         parents = [parent_commit]
+                    upload_file_types = (io.BytesIO, io.BufferedRandom)
+                    processed_nodes = []
+                    for filename, content_dict in nodes.items():
+                        if not isinstance(filename, bytes):
+                            raise ValueError(f'filename key in nodes needs to be bytes , or {upload_file_types}')
+                        content = content_dict['content']
+                        if not isinstance(content, upload_file_types + (bytes,)):
+                            raise ValueError('content key value in nodes needs to be bytes')
+                    for f_path in nodes:
+                        f_path = self._sanitize_path(f_path)
+                        content = nodes[f_path]['content']
+                        # decoding here will force that we have proper encoded values
+                        # in any other case this will throw exceptions and deny commit
+                        if isinstance(content, bytes):
+                            pass
+                        elif isinstance(content, upload_file_types):
+                            content = content.read()
+                        else:
+                            raise Exception(f'Content is of unrecognized type {type(content)}, expected {upload_file_types}')
+                        processed_nodes.append((f_path, content))
                     # add multiple nodes
                     for path, content in processed_nodes:
                         imc.add(FileNode(path, content=content))
                     # TODO: handle pre push scenario
                     tip = imc.commit(message=message,
                                      author=author,
                                      parents=parents,
                                      branch=parent_commit.branch)
                     self.mark_for_invalidation(repo.repo_name)
                     if trigger_push_hook:
                         hooks_utils.trigger_post_push_hook(
                             username=user.username, action='push_local',
                             repo_name=repo.repo_name, repo_type=scm_instance.alias,
                             hook_type='post_push',
                             commit_ids=[tip.raw_id])
                     return tip
                 def update_nodes(self, user, repo, message, nodes, parent_commit=None,
                                  author=None, trigger_push_hook=True):
                     user = self._get_user(user)
                     scm_instance = repo.scm_instance(cache=False)
-                    message = safe_unicode(message)
+                    message = safe_str(message)
                     commiter = user.full_contact
-                    author = safe_unicode(author) if author else commiter
+                    author = safe_str(author) if author else commiter
                     imc = scm_instance.in_memory_commit
                     if not parent_commit:
                         parent_commit = EmptyCommit(alias=scm_instance.alias)
                     if isinstance(parent_commit, EmptyCommit):
                         # EmptyCommit means we we're editing empty repository
                         parents = None
                     else:
                         parents = [parent_commit]
                     # add multiple nodes
                     for _filename, data in nodes.items():
                         # new filename, can be renamed from the old one, also sanitaze
                         # the path for any hack around relative paths like ../../ etc.
                         filename = self._sanitize_path(data['filename'])
                         old_filename = self._sanitize_path(_filename)
                         content = data['content']
                         file_mode = data.get('mode')
                         filenode = FileNode(old_filename, content=content, mode=file_mode)
                         op = data['op']
                         if op == 'add':
                             imc.add(filenode)
                         elif op == 'del':
                             imc.remove(filenode)
                         elif op == 'mod':
                             if filename != old_filename:
                                 # TODO: handle renames more efficient, needs vcs lib changes
                                 imc.remove(filenode)
                                 imc.add(FileNode(filename, content=content, mode=file_mode))
                             else:
                                 imc.change(filenode)
                     try:
                         # TODO: handle pre push scenario commit changes
                         tip = imc.commit(message=message,
                                          author=author,
                                          parents=parents,
                                          branch=parent_commit.branch)
                     except NodeNotChangedError:
                         raise
                     except Exception as e:
                         log.exception("Unexpected exception during call to imc.commit")
                         raise IMCCommitError(str(e))
                     finally:
                         # always clear caches, if commit fails we want fresh object also
                         self.mark_for_invalidation(repo.repo_name)
                     if trigger_push_hook:
                         hooks_utils.trigger_post_push_hook(
                             username=user.username, action='push_local', hook_type='post_push',
                             repo_name=repo.repo_name, repo_type=scm_instance.alias,
                             commit_ids=[tip.raw_id])
                     return tip
                 def delete_nodes(self, user, repo, message, nodes, parent_commit=None,
                                  author=None, trigger_push_hook=True):
                     """
                     Deletes given multiple nodes into `repo`
                     :param user: RhodeCode User object or user_id, the committer
                     :param repo: RhodeCode Repository object
                     :param message: commit message
                     :param nodes: mapping {filename:{'content':content},...}
                     :param parent_commit: parent commit, can be empty than it's initial
                        commit
                     :param author: author of commit, cna be different that commiter only
                        for git
                     :param trigger_push_hook: trigger push hooks
                     :returns: new commit after deletion
                     """
                     user = self._get_user(user)
                     scm_instance = repo.scm_instance(cache=False)
                     processed_nodes = []
                     for f_path in nodes:
                         f_path = self._sanitize_path(f_path)
-                        # content can be empty but for compatabilty it allows same dicts
+                        # content can be empty but for compatibility it allows same dicts
                         # structure as add_nodes
                         content = nodes[f_path].get('content')
-                        processed_nodes.append((f_path, content))
+                        processed_nodes.append((safe_bytes(f_path), content))
-                    message = safe_unicode(message)
+                    message = safe_str(message)
                     commiter = user.full_contact
-                    author = safe_unicode(author) if author else commiter
+                    author = safe_str(author) if author else commiter
                     imc = scm_instance.in_memory_commit
                     if not parent_commit:
                         parent_commit = EmptyCommit(alias=scm_instance.alias)
                     if isinstance(parent_commit, EmptyCommit):
                         # EmptyCommit means we we're editing empty repository
                         parents = None
                     else:
                         parents = [parent_commit]
                     # add multiple nodes
                     for path, content in processed_nodes:
                         imc.remove(FileNode(path, content=content))
                     # TODO: handle pre push scenario
                     tip = imc.commit(message=message,
                                      author=author,
                                      parents=parents,
                                      branch=parent_commit.branch)
                     self.mark_for_invalidation(repo.repo_name)
                     if trigger_push_hook:
                         hooks_utils.trigger_post_push_hook(
                             username=user.username, action='push_local', hook_type='post_push',
                             repo_name=repo.repo_name, repo_type=scm_instance.alias,
                             commit_ids=[tip.raw_id])
                     return tip
                 def strip(self, repo, commit_id, branch):
                     scm_instance = repo.scm_instance(cache=False)
                     scm_instance.config.clear_section('hooks')
                     scm_instance.strip(commit_id, branch)
                     self.mark_for_invalidation(repo.repo_name)
                 def get_unread_journal(self):
                     return self.sa.query(UserLog).count()
                 @classmethod
                 def backend_landing_ref(cls, repo_type):
                     """
                     Return a default landing ref based on a repository type.
                     """
                     landing_ref = {
                         'hg': ('branch:default', 'default'),
                         'git': ('branch:master', 'master'),
                         'svn': ('rev:tip', 'latest tip'),
                         'default': ('rev:tip', 'latest tip'),
                     }
                     return landing_ref.get(repo_type) or landing_ref['default']
                 def get_repo_landing_revs(self, translator, repo=None):
                     """
                     Generates select option with tags branches and bookmarks (for hg only)
                     grouped by type
                     :param repo:
                     """
                     from rhodecode.lib.vcs.backends.git import GitRepository
                     _ = translator
                     repo = self._get_repo(repo)
                     if repo:
                         repo_type = repo.repo_type
                     else:
                         repo_type = 'default'
                     default_landing_ref, landing_ref_lbl = self.backend_landing_ref(repo_type)
                     default_ref_options = [
                         [default_landing_ref, landing_ref_lbl]
                     ]
                     default_choices = [
                         default_landing_ref
                     ]
                     if not repo:
                         # presented at NEW repo creation
                         return default_choices, default_ref_options
                     repo = repo.scm_instance()
                     ref_options = [(default_landing_ref, landing_ref_lbl)]
                     choices = [default_landing_ref]
                     # branches
-                    branch_group = [(u'branch:%s' % safe_unicode(b), safe_unicode(b)) for b in repo.branches]
+                    branch_group = [(f'branch:{safe_str(b)}', safe_str(b)) for b in repo.branches]
                     if not branch_group:
                         # new repo, or without maybe a branch?
                         branch_group = default_ref_options
                     branches_group = (branch_group, _("Branches"))
                     ref_options.append(branches_group)
                     choices.extend([x[0] for x in branches_group[0]])
                     # bookmarks for HG
                     if repo.alias == 'hg':
                         bookmarks_group = (
-                            [(u'book:%s' % safe_unicode(b), safe_unicode(b))
+                            [(f'book:{safe_str(b)}', safe_str(b))
                                 for b in repo.bookmarks],
                             _("Bookmarks"))
                         ref_options.append(bookmarks_group)
                         choices.extend([x[0] for x in bookmarks_group[0]])
                     # tags
                     tags_group = (
-                        [(u'tag:%s' % safe_unicode(t), safe_unicode(t))
+                        [(f'tag:{safe_str(t)}', safe_str(t))
                             for t in repo.tags],
                         _("Tags"))
                     ref_options.append(tags_group)
                     choices.extend([x[0] for x in tags_group[0]])
                     return choices, ref_options
                 def get_server_info(self, environ=None):
                     server_info = get_system_info(environ)
                     return server_info

rhodecode/model/settings.py

0 +34 -28

             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import os
             import re
-            import hashlib
             import logging
             import time
             import functools
             import bleach
             from collections import namedtuple
-            from pyramid.threadlocal import get_current_request, get_current_registry
+            from pyramid.threadlocal import get_current_request
             from rhodecode.lib import rc_cache
+            from rhodecode.lib.hash_utils import sha1_safe
             from rhodecode.lib.utils2 import (
                 Optional, AttributeDict, safe_str, remove_prefix, str2bool)
             from rhodecode.lib.vcs.backends import base
             from rhodecode.lib.statsd_client import StatsdClient
             from rhodecode.model import BaseModel
             from rhodecode.model.db import (
                 RepoRhodeCodeUi, RepoRhodeCodeSetting, RhodeCodeUi, RhodeCodeSetting)
             from rhodecode.model.meta import Session
             log = logging.getLogger(__name__)
             UiSetting = namedtuple(
                 'UiSetting', ['section', 'key', 'value', 'active'])
             SOCIAL_PLUGINS_LIST = ['github', 'bitbucket', 'twitter', 'google']
             class SettingNotFound(Exception):
                 def __init__(self, setting_id):
                     msg = 'Setting `{}` is not found'.format(setting_id)
                     super(SettingNotFound, self).__init__(msg)
             class SettingsModel(BaseModel):
                 BUILTIN_HOOKS = (
                     RhodeCodeUi.HOOK_REPO_SIZE, RhodeCodeUi.HOOK_PUSH,
                     RhodeCodeUi.HOOK_PRE_PUSH, RhodeCodeUi.HOOK_PRETX_PUSH,
                     RhodeCodeUi.HOOK_PULL, RhodeCodeUi.HOOK_PRE_PULL,
                     RhodeCodeUi.HOOK_PUSH_KEY,)
                 HOOKS_SECTION = 'hooks'
                 def __init__(self, sa=None, repo=None):
                     self.repo = repo
                     self.UiDbModel = RepoRhodeCodeUi if repo else RhodeCodeUi
                     self.SettingsDbModel = (
                         RepoRhodeCodeSetting if repo else RhodeCodeSetting)
                     super(SettingsModel, self).__init__(sa)
                 def get_ui_by_key(self, key):
                     q = self.UiDbModel.query()
                     q = q.filter(self.UiDbModel.ui_key == key)
                     q = self._filter_by_repo(RepoRhodeCodeUi, q)
                     return q.scalar()
                 def get_ui_by_section(self, section):
                     q = self.UiDbModel.query()
                     q = q.filter(self.UiDbModel.ui_section == section)
                     q = self._filter_by_repo(RepoRhodeCodeUi, q)
                     return q.all()
                 def get_ui_by_section_and_key(self, section, key):
                     q = self.UiDbModel.query()
                     q = q.filter(self.UiDbModel.ui_section == section)
                     q = q.filter(self.UiDbModel.ui_key == key)
                     q = self._filter_by_repo(RepoRhodeCodeUi, q)
                     return q.scalar()
                 def get_ui(self, section=None, key=None):
                     q = self.UiDbModel.query()
                     q = self._filter_by_repo(RepoRhodeCodeUi, q)
                     if section:
                         q = q.filter(self.UiDbModel.ui_section == section)
                     if key:
                         q = q.filter(self.UiDbModel.ui_key == key)
                     # TODO: mikhail: add caching
                     result = [
                         UiSetting(
                             section=safe_str(r.ui_section), key=safe_str(r.ui_key),
                             value=safe_str(r.ui_value), active=r.ui_active
                         )
                         for r in q.all()
                     ]
                     return result
                 def get_builtin_hooks(self):
                     q = self.UiDbModel.query()
                     q = q.filter(self.UiDbModel.ui_key.in_(self.BUILTIN_HOOKS))
                     return self._get_hooks(q)
                 def get_custom_hooks(self):
                     q = self.UiDbModel.query()
                     q = q.filter(~self.UiDbModel.ui_key.in_(self.BUILTIN_HOOKS))
                     return self._get_hooks(q)
                 def create_ui_section_value(self, section, val, key=None, active=True):
                     new_ui = self.UiDbModel()
                     new_ui.ui_section = section
                     new_ui.ui_value = val
                     new_ui.ui_active = active
                     repository_id = ''
                     if self.repo:
                         repo = self._get_repo(self.repo)
                         repository_id = repo.repo_id
                         new_ui.repository_id = repository_id
                     if not key:
                         # keys are unique so they need appended info
                         if self.repo:
-                            key = hashlib.sha1(
+                            key = sha1_safe(f'{section}{val}{repository_id}')
-                                '{}{}{}'.format(section, val, repository_id)).hexdigest()
                         else:
-                            key = hashlib.sha1('{}{}'.format(section, val)).hexdigest()
+                            key = sha1_safe(f'{section}{val}')
                     new_ui.ui_key = key
                     Session().add(new_ui)
                     return new_ui
                 def create_or_update_hook(self, key, value):
                     ui = (
                         self.get_ui_by_section_and_key(self.HOOKS_SECTION, key) or
                         self.UiDbModel())
                     ui.ui_section = self.HOOKS_SECTION
                     ui.ui_active = True
                     ui.ui_key = key
                     ui.ui_value = value
                     if self.repo:
                         repo = self._get_repo(self.repo)
                         repository_id = repo.repo_id
                         ui.repository_id = repository_id
                     Session().add(ui)
                     return ui
                 def delete_ui(self, id_):
                     ui = self.UiDbModel.get(id_)
                     if not ui:
                         raise SettingNotFound(id_)
                     Session().delete(ui)
                 def get_setting_by_name(self, name):
                     q = self._get_settings_query()
                     q = q.filter(self.SettingsDbModel.app_settings_name == name)
                     return q.scalar()
                 def create_or_update_setting(
                         self, name, val=Optional(''), type_=Optional('unicode')):
                     """
                     Creates or updates RhodeCode setting. If updates is triggered it will
                     only update parameters that are explicitly set Optional instance will
                     be skipped
                     :param name:
                     :param val:
                     :param type_:
                     :return:
                     """
                     res = self.get_setting_by_name(name)
                     repo = self._get_repo(self.repo) if self.repo else None
                     if not res:
                         val = Optional.extract(val)
                         type_ = Optional.extract(type_)
                         args = (
                             (repo.repo_id, name, val, type_)
                             if repo else (name, val, type_))
                         res = self.SettingsDbModel(*args)
                     else:
                         if self.repo:
                             res.repository_id = repo.repo_id
                         res.app_settings_name = name
                         if not isinstance(type_, Optional):
                             # update if set
                             res.app_settings_type = type_
                         if not isinstance(val, Optional):
                             # update if set
                             res.app_settings_value = val
                     Session().add(res)
                     return res
                 def get_cache_region(self):
                     repo = self._get_repo(self.repo) if self.repo else None
-                    cache_key = "repo.{}".format(repo.repo_id) if repo else "general_settings"
+                    cache_key = f"repo.{repo.repo_id}" if repo else "repo.ALL"
-                    cache_namespace_uid = 'cache_settings.{}'.format(cache_key)
+                    cache_namespace_uid = f'cache_settings.{cache_key}'
                     region = rc_cache.get_or_create_region('cache_general', cache_namespace_uid)
-                    return region, cache_key
+                    return region, cache_namespace_uid
-                def invalidate_settings_cache(self):
-                    region, cache_key = self.get_cache_region()
-                    log.debug('Invalidation cache region %s for cache_key: %s', region, cache_key)
-                    region.invalidate()
-                def get_all_settings(self, cache=False, from_request=True):
+                def invalidate_settings_cache(self, hard=False):
-                    # defines if we use GLOBAL, or PER_REPO
+                    region, namespace_key = self.get_cache_region()
-                    repo = self._get_repo(self.repo) if self.repo else None
+                    log.debug('Invalidation cache [%s] region %s for cache_key: %s',
+                              'invalidate_settings_cache', region, namespace_key)
-                    # initially try the requests context, this is the fastest
+                    # we use hard cleanup if invalidation is sent
-                    # we only fetch global config
+                    rc_cache.clear_cache_namespace(region, namespace_key, method=rc_cache.CLEAR_DELETE)
-                    if from_request:
-                        request = get_current_request()
-                        if request and not repo and hasattr(request, 'call_context') and hasattr(request.call_context, 'rc_config'):
+                def get_cache_call_method(self, cache=True):
-                            rc_config = request.call_context.rc_config
-                            if rc_config:
-                                return rc_config
                     region, cache_key = self.get_cache_region()
                     @region.conditional_cache_on_arguments(condition=cache)
                     def _get_all_settings(name, key):
                         q = self._get_settings_query()
                         if not q:
                             raise Exception('Could not get application settings !')
                         settings = {
-                            'rhodecode_' + res.app_settings_name: res.app_settings_value
+                            f'rhodecode_{res.app_settings_name}': res.app_settings_value
                             for res in q
                         }
                         return settings
+                    return _get_all_settings
+                def get_all_settings(self, cache=False, from_request=True):
+                    # defines if we use GLOBAL, or PER_REPO
+                    repo = self._get_repo(self.repo) if self.repo else None
+                    # initially try the requests context, this is the fastest
+                    # we only fetch global config, NOT for repo-specific
+                    if from_request and not repo:
+                        request = get_current_request()
+                        if request and hasattr(request, 'call_context') and hasattr(request.call_context, 'rc_config'):
+                            rc_config = request.call_context.rc_config
+                            if rc_config:
+                                return rc_config
+                    _region, cache_key = self.get_cache_region()
+                    _get_all_settings = self.get_cache_call_method(cache=cache)
                     start = time.time()
                     result = _get_all_settings('rhodecode_settings', cache_key)
                     compute_time = time.time() - start
                     log.debug('cached method:%s took %.4fs', _get_all_settings.__name__, compute_time)
                     statsd = StatsdClient.statsd
                     if statsd:
                         elapsed_time_ms = round(1000.0 * compute_time)  # use ms only
                         statsd.timing("rhodecode_settings_timing.histogram", elapsed_time_ms,
                                       use_decimals=False)
                     log.debug('Fetching app settings for key: %s took: %.4fs: cache: %s', cache_key, compute_time, cache)
                     return result
                 def get_auth_settings(self):
                     q = self._get_settings_query()
                     q = q.filter(
                         self.SettingsDbModel.app_settings_name.startswith('auth_'))
                     rows = q.all()
                     auth_settings = {
                         row.app_settings_name: row.app_settings_value for row in rows}
                     return auth_settings
                 def get_auth_plugins(self):
                     auth_plugins = self.get_setting_by_name("auth_plugins")
                     return auth_plugins.app_settings_value
                 def get_default_repo_settings(self, strip_prefix=False):
                     q = self._get_settings_query()
                     q = q.filter(
                         self.SettingsDbModel.app_settings_name.startswith('default_'))
                     rows = q.all()
                     result = {}
                     for row in rows:
                         key = row.app_settings_name
                         if strip_prefix:
                             key = remove_prefix(key, prefix='default_')
                         result.update({key: row.app_settings_value})
                     return result
                 def get_repo(self):
                     repo = self._get_repo(self.repo)
                     if not repo:
                         raise Exception(
                             'Repository `{}` cannot be found inside the database'.format(
                                 self.repo))
                     return repo
                 def _filter_by_repo(self, model, query):
                     if self.repo:
                         repo = self.get_repo()
                         query = query.filter(model.repository_id == repo.repo_id)
                     return query
                 def _get_hooks(self, query):
                     query = query.filter(self.UiDbModel.ui_section == self.HOOKS_SECTION)
                     query = self._filter_by_repo(RepoRhodeCodeUi, query)
                     return query.all()
                 def _get_settings_query(self):
                     q = self.SettingsDbModel.query()
                     return self._filter_by_repo(RepoRhodeCodeSetting, q)
                 def list_enabled_social_plugins(self, settings):
                     enabled = []
                     for plug in SOCIAL_PLUGINS_LIST:
-                        if str2bool(settings.get('rhodecode_auth_{}_enabled'.format(plug)
+                        if str2bool(settings.get(f'rhodecode_auth_{plug}_enabled')):
-                                                 )):
                             enabled.append(plug)
                     return enabled
             def assert_repo_settings(func):
                 @functools.wraps(func)
                 def _wrapper(self, *args, **kwargs):
                     if not self.repo_settings:
                         raise Exception('Repository is not specified')
                     return func(self, *args, **kwargs)
                 return _wrapper
             class IssueTrackerSettingsModel(object):
                 INHERIT_SETTINGS = 'inherit_issue_tracker_settings'
                 SETTINGS_PREFIX = 'issuetracker_'
                 def __init__(self, sa=None, repo=None):
                     self.global_settings = SettingsModel(sa=sa)
                     self.repo_settings = SettingsModel(sa=sa, repo=repo) if repo else None
                 @property
                 def inherit_global_settings(self):
                     if not self.repo_settings:
                         return True
                     setting = self.repo_settings.get_setting_by_name(self.INHERIT_SETTINGS)
                     return setting.app_settings_value if setting else True
                 @inherit_global_settings.setter
                 def inherit_global_settings(self, value):
                     if self.repo_settings:
                         settings = self.repo_settings.create_or_update_setting(
                             self.INHERIT_SETTINGS, value, type_='bool')
                         Session().add(settings)
                 def _get_keyname(self, key, uid, prefix=''):
                     return '{0}{1}{2}_{3}'.format(
                         prefix, self.SETTINGS_PREFIX, key, uid)
                 def _make_dict_for_settings(self, qs):
                     prefix_match = self._get_keyname('pat', '', 'rhodecode_')
                     issuetracker_entries = {}
                     # create keys
                     for k, v in qs.items():
                         if k.startswith(prefix_match):
                             uid = k[len(prefix_match):]
                             issuetracker_entries[uid] = None
                     def url_cleaner(input_str):
                         input_str = input_str.replace('"', '').replace("'", '')
                         input_str = bleach.clean(input_str, strip=True)
                         return input_str
                     # populate
                     for uid in issuetracker_entries:
                         url_data = qs.get(self._get_keyname('url', uid, 'rhodecode_'))
                         pat = qs.get(self._get_keyname('pat', uid, 'rhodecode_'))
                         try:
                             pat_compiled = re.compile(r'%s' % pat)
                         except re.error:
                             pat_compiled = None
                         issuetracker_entries[uid] = AttributeDict({
                             'pat': pat,
                             'pat_compiled': pat_compiled,
                             'url': url_cleaner(
                                 qs.get(self._get_keyname('url', uid, 'rhodecode_')) or ''),
                             'pref': bleach.clean(
                                 qs.get(self._get_keyname('pref', uid, 'rhodecode_')) or ''),
                             'desc': qs.get(
                                 self._get_keyname('desc', uid, 'rhodecode_')),
                         })
                     return issuetracker_entries
                 def get_global_settings(self, cache=False):
                     """
                     Returns list of global issue tracker settings
                     """
                     defaults = self.global_settings.get_all_settings(cache=cache)
                     settings = self._make_dict_for_settings(defaults)
                     return settings
                 def get_repo_settings(self, cache=False):
                     """
                     Returns list of issue tracker settings per repository
                     """
                     if not self.repo_settings:
                         raise Exception('Repository is not specified')
                     all_settings = self.repo_settings.get_all_settings(cache=cache)
                     settings = self._make_dict_for_settings(all_settings)
                     return settings
                 def get_settings(self, cache=False):
                     if self.inherit_global_settings:
                         return self.get_global_settings(cache=cache)
                     else:
                         return self.get_repo_settings(cache=cache)
                 def delete_entries(self, uid):
                     if self.repo_settings:
                         all_patterns = self.get_repo_settings()
                         settings_model = self.repo_settings
                     else:
                         all_patterns = self.get_global_settings()
                         settings_model = self.global_settings
                     entries = all_patterns.get(uid, [])
                     for del_key in entries:
                         setting_name = self._get_keyname(del_key, uid)
                         entry = settings_model.get_setting_by_name(setting_name)
                         if entry:
                             Session().delete(entry)
                     Session().commit()
                 def create_or_update_setting(
                         self, name, val=Optional(''), type_=Optional('unicode')):
                     if self.repo_settings:
                         setting = self.repo_settings.create_or_update_setting(
                             name, val, type_)
                     else:
                         setting = self.global_settings.create_or_update_setting(
                             name, val, type_)
                     return setting
             class VcsSettingsModel(object):
                 INHERIT_SETTINGS = 'inherit_vcs_settings'
                 GENERAL_SETTINGS = (
                     'use_outdated_comments',
                     'pr_merge_enabled',
                     'hg_use_rebase_for_merging',
                     'hg_close_branch_before_merging',
                     'git_use_rebase_for_merging',
                     'git_close_branch_before_merging',
                     'diff_cache',
                 )
                 HOOKS_SETTINGS = (
                     ('hooks', 'changegroup.repo_size'),
                     ('hooks', 'changegroup.push_logger'),
                     ('hooks', 'outgoing.pull_logger'),
                 )
                 HG_SETTINGS = (
                     ('extensions', 'largefiles'),
                     ('phases', 'publish'),
                     ('extensions', 'evolve'),
                     ('extensions', 'topic'),
                     ('experimental', 'evolution'),
                     ('experimental', 'evolution.exchange'),
                 )
                 GIT_SETTINGS = (
                     ('vcs_git_lfs', 'enabled'),
                 )
                 GLOBAL_HG_SETTINGS = (
                     ('extensions', 'largefiles'),
                     ('largefiles', 'usercache'),
                     ('phases', 'publish'),
                     ('extensions', 'hgsubversion'),
                     ('extensions', 'evolve'),
                     ('extensions', 'topic'),
                     ('experimental', 'evolution'),
                     ('experimental', 'evolution.exchange'),
                 )
                 GLOBAL_GIT_SETTINGS = (
                     ('vcs_git_lfs', 'enabled'),
                     ('vcs_git_lfs', 'store_location')
                 )
                 GLOBAL_SVN_SETTINGS = (
                     ('vcs_svn_proxy', 'http_requests_enabled'),
                     ('vcs_svn_proxy', 'http_server_url')
                 )
                 SVN_BRANCH_SECTION = 'vcs_svn_branch'
                 SVN_TAG_SECTION = 'vcs_svn_tag'
                 SSL_SETTING = ('web', 'push_ssl')
                 PATH_SETTING = ('paths', '/')
                 def __init__(self, sa=None, repo=None):
                     self.global_settings = SettingsModel(sa=sa)
                     self.repo_settings = SettingsModel(sa=sa, repo=repo) if repo else None
                     self._ui_settings = (
                         self.HG_SETTINGS + self.GIT_SETTINGS + self.HOOKS_SETTINGS)
                     self._svn_sections = (self.SVN_BRANCH_SECTION, self.SVN_TAG_SECTION)
                 @property
                 @assert_repo_settings
                 def inherit_global_settings(self):
                     setting = self.repo_settings.get_setting_by_name(self.INHERIT_SETTINGS)
                     return setting.app_settings_value if setting else True
                 @inherit_global_settings.setter
                 @assert_repo_settings
                 def inherit_global_settings(self, value):
                     self.repo_settings.create_or_update_setting(
                         self.INHERIT_SETTINGS, value, type_='bool')
                 def get_global_svn_branch_patterns(self):
                     return self.global_settings.get_ui_by_section(self.SVN_BRANCH_SECTION)
                 @assert_repo_settings
                 def get_repo_svn_branch_patterns(self):
                     return self.repo_settings.get_ui_by_section(self.SVN_BRANCH_SECTION)
                 def get_global_svn_tag_patterns(self):
                     return self.global_settings.get_ui_by_section(self.SVN_TAG_SECTION)
                 @assert_repo_settings
                 def get_repo_svn_tag_patterns(self):
                     return self.repo_settings.get_ui_by_section(self.SVN_TAG_SECTION)
                 def get_global_settings(self):
                     return self._collect_all_settings(global_=True)
                 @assert_repo_settings
                 def get_repo_settings(self):
                     return self._collect_all_settings(global_=False)
                 @assert_repo_settings
                 def get_repo_settings_inherited(self):
                     global_settings = self.get_global_settings()
                     global_settings.update(self.get_repo_settings())
                     return global_settings
                 @assert_repo_settings
                 def create_or_update_repo_settings(
                         self, data, inherit_global_settings=False):
                     from rhodecode.model.scm import ScmModel
                     self.inherit_global_settings = inherit_global_settings
                     repo = self.repo_settings.get_repo()
                     if not inherit_global_settings:
                         if repo.repo_type == 'svn':
                             self.create_repo_svn_settings(data)
                         else:
                             self.create_or_update_repo_hook_settings(data)
                             self.create_or_update_repo_pr_settings(data)
                         if repo.repo_type == 'hg':
                             self.create_or_update_repo_hg_settings(data)
                         if repo.repo_type == 'git':
                             self.create_or_update_repo_git_settings(data)
                     ScmModel().mark_for_invalidation(repo.repo_name, delete=True)
                 @assert_repo_settings
                 def create_or_update_repo_hook_settings(self, data):
                     for section, key in self.HOOKS_SETTINGS:
                         data_key = self._get_form_ui_key(section, key)
                         if data_key not in data:
                             raise ValueError(
                                 'The given data does not contain {} key'.format(data_key))
                         active = data.get(data_key)
                         repo_setting = self.repo_settings.get_ui_by_section_and_key(
                             section, key)
                         if not repo_setting:
                             global_setting = self.global_settings.\
                                 get_ui_by_section_and_key(section, key)
                             self.repo_settings.create_ui_section_value(
                                 section, global_setting.ui_value, key=key, active=active)
                         else:
                             repo_setting.ui_active = active
                             Session().add(repo_setting)
                 def update_global_hook_settings(self, data):
                     for section, key in self.HOOKS_SETTINGS:
                         data_key = self._get_form_ui_key(section, key)
                         if data_key not in data:
                             raise ValueError(
                                 'The given data does not contain {} key'.format(data_key))
                         active = data.get(data_key)
                         repo_setting = self.global_settings.get_ui_by_section_and_key(
                             section, key)
                         repo_setting.ui_active = active
                         Session().add(repo_setting)
                 @assert_repo_settings
                 def create_or_update_repo_pr_settings(self, data):
                     return self._create_or_update_general_settings(
                         self.repo_settings, data)
                 def create_or_update_global_pr_settings(self, data):
                     return self._create_or_update_general_settings(
                         self.global_settings, data)
                 @assert_repo_settings
                 def create_repo_svn_settings(self, data):
                     return self._create_svn_settings(self.repo_settings, data)
                 def _set_evolution(self, settings, is_enabled):
                     if is_enabled:
                         # if evolve is active set evolution=all
                         self._create_or_update_ui(
                             settings, *('experimental', 'evolution'), value='all',
                             active=True)
                         self._create_or_update_ui(
                             settings, *('experimental', 'evolution.exchange'), value='yes',
                             active=True)
                         # if evolve is active set topics server support
                         self._create_or_update_ui(
                             settings, *('extensions', 'topic'), value='',
                             active=True)
                     else:
                         self._create_or_update_ui(
                             settings, *('experimental', 'evolution'), value='',
                             active=False)
                         self._create_or_update_ui(
                             settings, *('experimental', 'evolution.exchange'), value='no',
                             active=False)
                         self._create_or_update_ui(
                             settings, *('extensions', 'topic'), value='',
                             active=False)
                 @assert_repo_settings
                 def create_or_update_repo_hg_settings(self, data):
                     largefiles, phases, evolve = \
                         self.HG_SETTINGS[:3]
                     largefiles_key, phases_key, evolve_key = \
                         self._get_settings_keys(self.HG_SETTINGS[:3], data)
                     self._create_or_update_ui(
                         self.repo_settings, *largefiles, value='',
                         active=data[largefiles_key])
                     self._create_or_update_ui(
                         self.repo_settings, *evolve, value='',
                         active=data[evolve_key])
                     self._set_evolution(self.repo_settings, is_enabled=data[evolve_key])
                     self._create_or_update_ui(
                         self.repo_settings, *phases, value=safe_str(data[phases_key]))
                 def create_or_update_global_hg_settings(self, data):
                     largefiles, largefiles_store, phases, hgsubversion, evolve \
                         = self.GLOBAL_HG_SETTINGS[:5]
                     largefiles_key, largefiles_store_key, phases_key, subversion_key, evolve_key \
                         = self._get_settings_keys(self.GLOBAL_HG_SETTINGS[:5], data)
                     self._create_or_update_ui(
                         self.global_settings, *largefiles, value='',
                         active=data[largefiles_key])
                     self._create_or_update_ui(
                         self.global_settings, *largefiles_store, value=data[largefiles_store_key])
                     self._create_or_update_ui(
                         self.global_settings, *phases, value=safe_str(data[phases_key]))
                     self._create_or_update_ui(
                         self.global_settings, *hgsubversion, active=data[subversion_key])
                     self._create_or_update_ui(
                         self.global_settings, *evolve, value='',
                         active=data[evolve_key])
                     self._set_evolution(self.global_settings, is_enabled=data[evolve_key])
                 def create_or_update_repo_git_settings(self, data):
                     # NOTE(marcink): # comma makes unpack work properly
                     lfs_enabled, \
                         = self.GIT_SETTINGS
                     lfs_enabled_key, \
                         = self._get_settings_keys(self.GIT_SETTINGS, data)
                     self._create_or_update_ui(
                         self.repo_settings, *lfs_enabled, value=data[lfs_enabled_key],
                         active=data[lfs_enabled_key])
                 def create_or_update_global_git_settings(self, data):
                     lfs_enabled, lfs_store_location \
                         = self.GLOBAL_GIT_SETTINGS
                     lfs_enabled_key, lfs_store_location_key \
                         = self._get_settings_keys(self.GLOBAL_GIT_SETTINGS, data)
                     self._create_or_update_ui(
                         self.global_settings, *lfs_enabled, value=data[lfs_enabled_key],
                         active=data[lfs_enabled_key])
                     self._create_or_update_ui(
                         self.global_settings, *lfs_store_location,
                         value=data[lfs_store_location_key])
                 def create_or_update_global_svn_settings(self, data):
                     # branch/tags patterns
                     self._create_svn_settings(self.global_settings, data)
                     http_requests_enabled, http_server_url = self.GLOBAL_SVN_SETTINGS
                     http_requests_enabled_key, http_server_url_key = self._get_settings_keys(
                         self.GLOBAL_SVN_SETTINGS, data)
                     self._create_or_update_ui(
                         self.global_settings, *http_requests_enabled,
                         value=safe_str(data[http_requests_enabled_key]))
                     self._create_or_update_ui(
                         self.global_settings, *http_server_url,
                         value=data[http_server_url_key])
                 def update_global_ssl_setting(self, value):
                     self._create_or_update_ui(
                         self.global_settings, *self.SSL_SETTING, value=value)
                 def update_global_path_setting(self, value):
                     self._create_or_update_ui(
                         self.global_settings, *self.PATH_SETTING, value=value)
                 @assert_repo_settings
                 def delete_repo_svn_pattern(self, id_):
                     ui = self.repo_settings.UiDbModel.get(id_)
                     if ui and ui.repository.repo_name == self.repo_settings.repo:
                         # only delete if it's the same repo as initialized settings
                         self.repo_settings.delete_ui(id_)
                     else:
                         # raise error as if we wouldn't find this option
                         self.repo_settings.delete_ui(-1)
                 def delete_global_svn_pattern(self, id_):
                     self.global_settings.delete_ui(id_)
                 @assert_repo_settings
                 def get_repo_ui_settings(self, section=None, key=None):
                     global_uis = self.global_settings.get_ui(section, key)
                     repo_uis = self.repo_settings.get_ui(section, key)
                     filtered_repo_uis = self._filter_ui_settings(repo_uis)
                     filtered_repo_uis_keys = [
                         (s.section, s.key) for s in filtered_repo_uis]
                     def _is_global_ui_filtered(ui):
                         return (
                             (ui.section, ui.key) in filtered_repo_uis_keys
                             or ui.section in self._svn_sections)
                     filtered_global_uis = [
                         ui for ui in global_uis if not _is_global_ui_filtered(ui)]
                     return filtered_global_uis + filtered_repo_uis
                 def get_global_ui_settings(self, section=None, key=None):
                     return self.global_settings.get_ui(section, key)
                 def get_ui_settings_as_config_obj(self, section=None, key=None):
                     config = base.Config()
                     ui_settings = self.get_ui_settings(section=section, key=key)
                     for entry in ui_settings:
                         config.set(entry.section, entry.key, entry.value)
                     return config
                 def get_ui_settings(self, section=None, key=None):
                     if not self.repo_settings or self.inherit_global_settings:
                         return self.get_global_ui_settings(section, key)
                     else:
                         return self.get_repo_ui_settings(section, key)
                 def get_svn_patterns(self, section=None):
                     if not self.repo_settings:
                         return self.get_global_ui_settings(section)
                     else:
                         return self.get_repo_ui_settings(section)
                 @assert_repo_settings
                 def get_repo_general_settings(self):
                     global_settings = self.global_settings.get_all_settings()
                     repo_settings = self.repo_settings.get_all_settings()
                     filtered_repo_settings = self._filter_general_settings(repo_settings)
                     global_settings.update(filtered_repo_settings)
                     return global_settings
                 def get_global_general_settings(self):
                     return self.global_settings.get_all_settings()
                 def get_general_settings(self):
                     if not self.repo_settings or self.inherit_global_settings:
                         return self.get_global_general_settings()
                     else:
                         return self.get_repo_general_settings()
                 def get_repos_location(self):
                     return self.global_settings.get_ui_by_key('/').ui_value
                 def _filter_ui_settings(self, settings):
                     filtered_settings = [
                         s for s in settings if self._should_keep_setting(s)]
                     return filtered_settings
                 def _should_keep_setting(self, setting):
                     keep = (
                         (setting.section, setting.key) in self._ui_settings or
                         setting.section in self._svn_sections)
                     return keep
                 def _filter_general_settings(self, settings):
                     keys = ['rhodecode_{}'.format(key) for key in self.GENERAL_SETTINGS]
                     return {
                         k: settings[k]
                         for k in settings if k in keys}
                 def _collect_all_settings(self, global_=False):
                     settings = self.global_settings if global_ else self.repo_settings
                     result = {}
                     for section, key in self._ui_settings:
                         ui = settings.get_ui_by_section_and_key(section, key)
                         result_key = self._get_form_ui_key(section, key)
                         if ui:
                             if section in ('hooks', 'extensions'):
                                 result[result_key] = ui.ui_active
                             elif result_key in ['vcs_git_lfs_enabled']:
                                 result[result_key] = ui.ui_active
                             else:
                                 result[result_key] = ui.ui_value
                     for name in self.GENERAL_SETTINGS:
                         setting = settings.get_setting_by_name(name)
                         if setting:
                             result_key = 'rhodecode_{}'.format(name)
                             result[result_key] = setting.app_settings_value
                     return result
                 def _get_form_ui_key(self, section, key):
                     return '{section}_{key}'.format(
                         section=section, key=key.replace('.', '_'))
                 def _create_or_update_ui(
                         self, settings, section, key, value=None, active=None):
                     ui = settings.get_ui_by_section_and_key(section, key)
                     if not ui:
                         active = True if active is None else active
                         settings.create_ui_section_value(
                             section, value, key=key, active=active)
                     else:
                         if active is not None:
                             ui.ui_active = active
                         if value is not None:
                             ui.ui_value = value
                         Session().add(ui)
                 def _create_svn_settings(self, settings, data):
                     svn_settings = {
                         'new_svn_branch': self.SVN_BRANCH_SECTION,
                         'new_svn_tag': self.SVN_TAG_SECTION
                     }
                     for key in svn_settings:
                         if data.get(key):
                             settings.create_ui_section_value(svn_settings[key], data[key])
                 def _create_or_update_general_settings(self, settings, data):
                     for name in self.GENERAL_SETTINGS:
                         data_key = 'rhodecode_{}'.format(name)
                         if data_key not in data:
                             raise ValueError(
                                 'The given data does not contain {} key'.format(data_key))
                         setting = settings.create_or_update_setting(
                             name, data[data_key], 'bool')
                         Session().add(setting)
                 def _get_settings_keys(self, settings, data):
                     data_keys = [self._get_form_ui_key(*s) for s in settings]
                     for data_key in data_keys:
                         if data_key not in data:
                             raise ValueError(
                                 'The given data does not contain {} key'.format(data_key))
                     return data_keys
                 def create_largeobjects_dirs_if_needed(self, repo_store_path):
                     """
                     This is subscribed to the `pyramid.events.ApplicationCreated` event. It
                     does a repository scan if enabled in the settings.
                     """
                     from rhodecode.lib.vcs.backends.hg import largefiles_store
                     from rhodecode.lib.vcs.backends.git import lfs_store
                     paths = [
                         largefiles_store(repo_store_path),
                         lfs_store(repo_store_path)]
                     for path in paths:
                         if os.path.isdir(path):
                             continue
                         if os.path.isfile(path):
                             continue
                         # not a file nor dir, we try to create it
                         try:
                             os.makedirs(path)
                         except Exception:
                             log.warning('Failed to create largefiles dir:%s', path)

rhodecode/model/ssh_key.py

0 +4 0

             # Copyright (C) 2013-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import traceback
             import sshpubkeys
             import sshpubkeys.exceptions
             from cryptography.hazmat.primitives.asymmetric import rsa
             from cryptography.hazmat.primitives import serialization as crypto_serialization
             from cryptography.hazmat.backends import default_backend as crypto_default_backend
+            from rhodecode.lib.str_utils import safe_bytes, safe_str
             from rhodecode.model import BaseModel
             from rhodecode.model.db import UserSshKeys
             from rhodecode.model.meta import Session
             log = logging.getLogger(__name__)
             class SshKeyModel(BaseModel):
                 cls = UserSshKeys
                 DEFAULT_PRIVATE_KEY_FORMAT = 'pkcs8'
                 def parse_key(self, key_data):
                     """
                     print(ssh.bits)  # 768
                     print(ssh.hash_md5())  # 56:84:1e:90:08:3b:60:c7:29:70:5f:5e:25:a6:3b:86
                     print(ssh.hash_sha256())  # SHA256:xk3IEJIdIoR9MmSRXTP98rjDdZocmXJje/28ohMQEwM
                     print(ssh.hash_sha512())  # SHA512:1C3lNBhjpDVQe39hnyy+xvlZYU3IPwzqK1rVneGavy6O3/ebjEQSFvmeWoyMTplIanmUK1hmr9nA8Skmj516HA
                     print(ssh.comment)  # ojar@ojar-laptop
                     print(ssh.options_raw)  # None (string of optional options at the beginning of public key)
                     print(ssh.options)  # None (options as a dictionary, parsed and validated)
                     :param key_data:
                     :return:
                     """
                     ssh = sshpubkeys.SSHKey(strict_mode=True)
                     try:
                         ssh.parse(key_data)
                         return ssh
                     except sshpubkeys.exceptions.InvalidKeyException as err:
                         log.error("Invalid key: %s", err)
                         raise
                     except NotImplementedError as err:
                         log.error("Invalid key type: %s", err)
                         raise
                     except Exception as err:
                         log.error("Key Parse error: %s", err)
                         raise
                 def generate_keypair(self, comment=None, private_format=DEFAULT_PRIVATE_KEY_FORMAT):
                     key = rsa.generate_private_key(
                         backend=crypto_default_backend(),
                         public_exponent=65537,
                         key_size=2048
                     )
                     if private_format == self.DEFAULT_PRIVATE_KEY_FORMAT:
                         private_format = crypto_serialization.PrivateFormat.PKCS8
                     else:
                         # legacy format that can be used by older systems, use if pkcs8 have
                         # problems
                         private_format = crypto_serialization.PrivateFormat.TraditionalOpenSSL
                     private_key = key.private_bytes(
                         crypto_serialization.Encoding.PEM,
                         private_format,
                         crypto_serialization.NoEncryption())
+                    private_key = safe_str(private_key)
                     public_key = key.public_key().public_bytes(
                         crypto_serialization.Encoding.OpenSSH,
                         crypto_serialization.PublicFormat.OpenSSH
                     )
+                    public_key = safe_str(public_key)
                     if comment:
                         public_key = public_key + " " + comment
                     return private_key, public_key
                 def create(self, user, fingerprint, key_data, description):
                     """
                     """
                     user = self._get_user(user)
                     new_ssh_key = UserSshKeys()
                     new_ssh_key.ssh_key_fingerprint = fingerprint
                     new_ssh_key.ssh_key_data = key_data
                     new_ssh_key.user_id = user.user_id
                     new_ssh_key.description = description
                     Session().add(new_ssh_key)
                     return new_ssh_key
                 def delete(self, ssh_key_id, user=None):
                     """
                     Deletes given api_key, if user is set it also filters the object for
                     deletion by given user.
                     """
                     ssh_key = UserSshKeys.query().filter(
                         UserSshKeys.ssh_key_id == ssh_key_id)
                     if user:
                         user = self._get_user(user)
                         ssh_key = ssh_key.filter(UserSshKeys.user_id == user.user_id)
                         ssh_key = ssh_key.scalar()
                     if ssh_key:
                         try:
                             Session().delete(ssh_key)
                         except Exception:
                             log.error(traceback.format_exc())
                             raise
                 def get_ssh_keys(self, user):
                     user = self._get_user(user)
                     user_ssh_keys = UserSshKeys.query()\
                         .filter(UserSshKeys.user_id == user.user_id)
                     user_ssh_keys = user_ssh_keys.order_by(UserSshKeys.ssh_key_id)
                     return user_ssh_keys
                 def get_ssh_key_by_fingerprint(self, ssh_key_fingerprint):
                     user_ssh_key = UserSshKeys.query()\
                         .filter(UserSshKeys.ssh_key_fingerprint == ssh_key_fingerprint)\
                         .first()
                     return user_ssh_key

rhodecode/model/update.py

0 +3 -1

             # Copyright (C) 2013-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
-            import urllib.request, urllib.error, urllib.parse
+            import urllib.request
+            import urllib.error
+            import urllib.parse
             from packaging.version import Version
             import rhodecode
             from rhodecode.lib.ext_json import json
             from rhodecode.model import BaseModel
             from rhodecode.model.meta import Session
             from rhodecode.model.settings import SettingsModel
             log = logging.getLogger(__name__)
             class UpdateModel(BaseModel):
                 UPDATE_SETTINGS_KEY = 'update_version'
                 UPDATE_URL_SETTINGS_KEY = 'rhodecode_update_url'
                 @staticmethod
                 def get_update_data(update_url):
                     """Return the JSON update data."""
                     ver = rhodecode.__version__
                     log.debug('Checking for upgrade on `%s` server', update_url)
                     opener = urllib.request.build_opener()
                     opener.addheaders = [('User-agent', 'RhodeCode-SCM/%s' % ver)]
                     response = opener.open(update_url)
                     response_data = response.read()
                     data = json.loads(response_data)
                     log.debug('update server returned data')
                     return data
                 def get_update_url(self):
                     settings = SettingsModel().get_all_settings()
                     return settings.get(self.UPDATE_URL_SETTINGS_KEY)
                 def store_version(self, version):
                     log.debug('Storing version %s into settings', version)
                     setting = SettingsModel().create_or_update_setting(
                         self.UPDATE_SETTINGS_KEY, version)
                     Session().add(setting)
                     Session().commit()
                 def get_stored_version(self, fallback=None):
                     obj = SettingsModel().get_setting_by_name(self.UPDATE_SETTINGS_KEY)
                     if obj:
                         return obj.app_settings_value
                     return fallback or '0.0.0'
                 def _sanitize_version(self, version):
                     """
                     Cleanup our custom ver.
                     e.g 4.11.0_20171204_204825_CE_default_EE_default to 4.11.0
                     """
                     return version.split('_')[0]
                 def is_outdated(self, cur_version, latest_version=None):
                     latest_version = latest_version or self.get_stored_version()
                     try:
                         cur_version = self._sanitize_version(cur_version)
                         return Version(latest_version) > Version(cur_version)
                     except Exception:
                         # could be invalid version, etc
                         return False

rhodecode/model/user.py

0 +8 -7

             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             users model for RhodeCode
             """
             import logging
             import traceback
             import datetime
             import ipaddress
             from pyramid.threadlocal import get_current_request
             from sqlalchemy.exc import DatabaseError
             from rhodecode import events
             from rhodecode.lib.user_log_filter import user_log_filter
             from rhodecode.lib.utils2 import (
-                safe_unicode, get_current_rhodecode_user, action_logger_generic,
+                get_current_rhodecode_user, action_logger_generic,
                 AttributeDict, str2bool)
+            from rhodecode.lib.str_utils import safe_str
             from rhodecode.lib.exceptions import (
                 DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,
                 UserOwnsUserGroupsException, NotAllowedToCreateUserError,
                 UserOwnsPullRequestsException, UserOwnsArtifactsException)
             from rhodecode.lib.caching_query import FromCache
             from rhodecode.model import BaseModel
             from rhodecode.model.db import (
                 _hash_key, func, true, false, or_, joinedload, User, UserToPerm,
                 UserEmailMap, UserIpMap, UserLog)
             from rhodecode.model.meta import Session
             from rhodecode.model.auth_token import AuthTokenModel
             from rhodecode.model.repo_group import RepoGroupModel
             log = logging.getLogger(__name__)
             class UserModel(BaseModel):
                 cls = User
                 def get(self, user_id, cache=False):
                     user = self.sa.query(User)
                     if cache:
                         user = user.options(
                             FromCache("sql_cache_short", f"get_user_{user_id}"))
                     return user.get(user_id)
                 def get_user(self, user):
                     return self._get_user(user)
                 def _serialize_user(self, user):
                     import rhodecode.lib.helpers as h
                     return {
                         'id': user.user_id,
                         'first_name': user.first_name,
                         'last_name': user.last_name,
                         'username': user.username,
                         'email': user.email,
                         'icon_link': h.gravatar_url(user.email, 30),
                         'profile_link':  h.link_to_user(user),
                         'value_display': h.escape(h.person(user)),
                         'value': user.username,
                         'value_type': 'user',
                         'active': user.active,
                     }
                 def get_users(self, name_contains=None, limit=20, only_active=True):
                     query = self.sa.query(User)
                     if only_active:
                         query = query.filter(User.active == true())
                     if name_contains:
-                        ilike_expression = u'%{}%'.format(safe_unicode(name_contains))
+                        ilike_expression = u'%{}%'.format(safe_str(name_contains))
                         query = query.filter(
                             or_(
                                 User.name.ilike(ilike_expression),
                                 User.lastname.ilike(ilike_expression),
                                 User.username.ilike(ilike_expression)
                             )
                         )
                         # sort by len to have top most matches first
                         query = query.order_by(func.length(User.username))\
                             .order_by(User.username)
                         query = query.limit(limit)
                     users = query.all()
                     _users = [
                         self._serialize_user(user) for user in users
                     ]
                     return _users
                 def get_by_username(self, username, cache=False, case_insensitive=False):
                     if case_insensitive:
                         user = self.sa.query(User).filter(User.username.ilike(username))
                     else:
                         user = self.sa.query(User)\
                             .filter(User.username == username)
                     if cache:
                         name_key = _hash_key(username)
                         user = user.options(
                             FromCache("sql_cache_short", f"get_user_{name_key}"))
                     return user.scalar()
                 def get_by_email(self, email, cache=False, case_insensitive=False):
                     return User.get_by_email(email, case_insensitive, cache)
                 def get_by_auth_token(self, auth_token, cache=False):
                     return User.get_by_auth_token(auth_token, cache)
                 def get_active_user_count(self, cache=False):
                     qry = User.query().filter(
                         User.active == true()).filter(
                             User.username != User.DEFAULT_USER)
                     if cache:
                         qry = qry.options(
                             FromCache("sql_cache_short", "get_active_users"))
                     return qry.count()
                 def create(self, form_data, cur_user=None):
                     if not cur_user:
                         cur_user = getattr(get_current_rhodecode_user(), 'username', None)
                     user_data = {
                         'username': form_data['username'],
                         'password': form_data['password'],
                         'email': form_data['email'],
                         'firstname': form_data['firstname'],
                         'lastname': form_data['lastname'],
                         'active': form_data['active'],
                         'extern_type': form_data['extern_type'],
                         'extern_name': form_data['extern_name'],
                         'admin': False,
                         'cur_user': cur_user
                     }
                     if 'create_repo_group' in form_data:
                         user_data['create_repo_group'] = str2bool(
                             form_data.get('create_repo_group'))
                     try:
                         if form_data.get('password_change'):
                             user_data['force_password_change'] = True
                         return UserModel().create_or_update(**user_data)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def update_user(self, user, skip_attrs=None, **kwargs):
                     from rhodecode.lib.auth import get_crypt_password
                     user = self._get_user(user)
                     if user.username == User.DEFAULT_USER:
                         raise DefaultUserException(
                             "You can't edit this user (`%(username)s`) since it's "
                             "crucial for entire application" % {
                             'username': user.username})
                     # first store only defaults
                     user_attrs = {
                         'updating_user_id': user.user_id,
                         'username': user.username,
                         'password': user.password,
                         'email': user.email,
                         'firstname': user.name,
                         'lastname': user.lastname,
                         'description': user.description,
                         'active': user.active,
                         'admin': user.admin,
                         'extern_name': user.extern_name,
                         'extern_type': user.extern_type,
                         'language': user.user_data.get('language')
                     }
                     # in case there's new_password, that comes from form, use it to
                     # store password
                     if kwargs.get('new_password'):
                         kwargs['password'] = kwargs['new_password']
                     # cleanups, my_account password change form
                     kwargs.pop('current_password', None)
                     kwargs.pop('new_password', None)
                     # cleanups, user edit password change form
                     kwargs.pop('password_confirmation', None)
                     kwargs.pop('password_change', None)
                     # create repo group on user creation
                     kwargs.pop('create_repo_group', None)
                     # legacy forms send name, which is the firstname
                     firstname = kwargs.pop('name', None)
                     if firstname:
                         kwargs['firstname'] = firstname
                     for k, v in kwargs.items():
                         # skip if we don't want to update this
                         if skip_attrs and k in skip_attrs:
                             continue
                         user_attrs[k] = v
                     try:
                         return self.create_or_update(**user_attrs)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def create_or_update(
                         self, username, password, email, firstname='', lastname='',
                         active=True, admin=False, extern_type=None, extern_name=None,
                         cur_user=None, plugin=None, force_password_change=False,
                         allow_to_create_user=True, create_repo_group=None,
                         updating_user_id=None, language=None, description='',
                         strict_creation_check=True):
                     """
                     Creates a new instance if not found, or updates current one
                     :param username:
                     :param password:
                     :param email:
                     :param firstname:
                     :param lastname:
                     :param active:
                     :param admin:
                     :param extern_type:
                     :param extern_name:
                     :param cur_user:
                     :param plugin: optional plugin this method was called from
                     :param force_password_change: toggles new or existing user flag
                         for password change
                     :param allow_to_create_user: Defines if the method can actually create
                         new users
                     :param create_repo_group: Defines if the method should also
                         create an repo group with user name, and owner
                     :param updating_user_id: if we set it up this is the user we want to
                         update this allows to editing username.
                     :param language: language of user from interface.
                     :param description: user description
                     :param strict_creation_check: checks for allowed creation license wise etc.
                     :returns: new User object with injected `is_new_user` attribute.
                     """
                     if not cur_user:
                         cur_user = getattr(get_current_rhodecode_user(), 'username', None)
                     from rhodecode.lib.auth import (
                         get_crypt_password, check_password)
                     from rhodecode.lib import hooks_base
                     def _password_change(new_user, password):
                         old_password = new_user.password or ''
                         # empty password
                         if not old_password:
                             return False
                         # password check is only needed for RhodeCode internal auth calls
                         # in case it's a plugin we don't care
                         if not plugin:
                             # first check if we gave crypted password back, and if it
                             # matches it's not password change
                             if new_user.password == password:
                                 return False
                             password_match = check_password(password, old_password)
                             if not password_match:
                                 return True
                         return False
                     # read settings on default personal repo group creation
                     if create_repo_group is None:
                         default_create_repo_group = RepoGroupModel()\
                             .get_default_create_personal_repo_group()
                         create_repo_group = default_create_repo_group
                     user_data = {
                         'username': username,
                         'password': password,
                         'email': email,
                         'firstname': firstname,
                         'lastname': lastname,
                         'active': active,
                         'admin': admin
                     }
                     if updating_user_id:
                         log.debug('Checking for existing account in RhodeCode '
                                   'database with user_id `%s` ', updating_user_id)
                         user = User.get(updating_user_id)
                     else:
                         log.debug('Checking for existing account in RhodeCode '
                                   'database with username `%s` ', username)
                         user = User.get_by_username(username, case_insensitive=True)
                     if user is None:
                         # we check internal flag if this method is actually allowed to
                         # create new user
                         if not allow_to_create_user:
                             msg = ('Method wants to create new user, but it is not '
                                    'allowed to do so')
                             log.warning(msg)
                             raise NotAllowedToCreateUserError(msg)
                         log.debug('Creating new user %s', username)
                         # only if we create user that is active
                         new_active_user = active
                         if new_active_user and strict_creation_check:
                             # raises UserCreationError if it's not allowed for any reason to
                             # create new active user, this also executes pre-create hooks
                             hooks_base.check_allowed_create_user(user_data, cur_user, strict_check=True)
                         events.trigger(events.UserPreCreate(user_data))
                         new_user = User()
                         edit = False
                     else:
                         log.debug('updating user `%s`', username)
                         events.trigger(events.UserPreUpdate(user, user_data))
                         new_user = user
                         edit = True
                         # we're not allowed to edit default user
                         if user.username == User.DEFAULT_USER:
                             raise DefaultUserException(
                                 "You can't edit this user (`%(username)s`) since it's "
                                 "crucial for entire application"
                                 % {'username': user.username})
                     # inject special attribute that will tell us if User is new or old
                     new_user.is_new_user = not edit
                     # for users that didn's specify auth type, we use RhodeCode built in
                     from rhodecode.authentication.plugins import auth_rhodecode
                     extern_name = extern_name or auth_rhodecode.RhodeCodeAuthPlugin.uid
                     extern_type = extern_type or auth_rhodecode.RhodeCodeAuthPlugin.uid
                     try:
                         new_user.username = username
                         new_user.admin = admin
                         new_user.email = email
                         new_user.active = active
-                        new_user.extern_name = safe_unicode(extern_name)
+                        new_user.extern_name = safe_str(extern_name)
-                        new_user.extern_type = safe_unicode(extern_type)
+                        new_user.extern_type = safe_str(extern_type)
                         new_user.name = firstname
                         new_user.lastname = lastname
                         new_user.description = description
                         # set password only if creating an user or password is changed
                         if not edit or _password_change(new_user, password):
                             reason = 'new password' if edit else 'new user'
                             log.debug('Updating password reason=>%s', reason)
                             new_user.password = get_crypt_password(password) if password else None
                         if force_password_change:
                             new_user.update_userdata(force_password_change=True)
                         if language:
                             new_user.update_userdata(language=language)
                         new_user.update_userdata(notification_status=True)
                         self.sa.add(new_user)
                         if not edit and create_repo_group:
                             RepoGroupModel().create_personal_repo_group(
                                 new_user, commit_early=False)
                         if not edit:
                             # add the RSS token
                             self.add_auth_token(
                                 user=username, lifetime_minutes=-1,
                                 role=self.auth_token_role.ROLE_FEED,
                                 description=u'Generated feed token')
                             kwargs = new_user.get_dict()
                             # backward compat, require api_keys present
                             kwargs['api_keys'] = kwargs['auth_tokens']
                             hooks_base.create_user(created_by=cur_user, **kwargs)
                             events.trigger(events.UserPostCreate(user_data))
                         return new_user
                     except (DatabaseError,):
                         log.error(traceback.format_exc())
                         raise
                 def create_registration(self, form_data,
                                         extern_name='rhodecode', extern_type='rhodecode'):
                     from rhodecode.model.notification import NotificationModel
                     from rhodecode.model.notification import EmailNotificationModel
                     try:
                         form_data['admin'] = False
                         form_data['extern_name'] = extern_name
                         form_data['extern_type'] = extern_type
                         new_user = self.create(form_data)
                         self.sa.add(new_user)
                         self.sa.flush()
                         user_data = new_user.get_dict()
                         user_data.update({
                             'first_name': user_data.get('firstname'),
                             'last_name': user_data.get('lastname'),
                         })
                         kwargs = {
                             # use SQLALCHEMY safe dump of user data
                             'user': AttributeDict(user_data),
                             'date': datetime.datetime.now()
                         }
                         notification_type = EmailNotificationModel.TYPE_REGISTRATION
                         # create notification objects, and emails
                         NotificationModel().create(
                             created_by=new_user,
                             notification_subject='',  # Filled in based on the notification_type
                             notification_body='',  # Filled in based on the notification_type
                             notification_type=notification_type,
                             recipients=None,  # all admins
                             email_kwargs=kwargs,
                         )
                         return new_user
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def _handle_user_repos(self, username, repositories, handle_user,
                                        handle_mode=None):
                     left_overs = True
                     from rhodecode.model.repo import RepoModel
                     if handle_mode == 'detach':
                         for obj in repositories:
                             obj.user = handle_user
                             # set description we know why we super admin now owns
                             # additional repositories that were orphaned !
                             obj.description += '  \n::detached repository from deleted user: %s' % (username,)
                             self.sa.add(obj)
                         left_overs = False
                     elif handle_mode == 'delete':
                         for obj in repositories:
                             RepoModel().delete(obj, forks='detach')
                         left_overs = False
                     # if nothing is done we have left overs left
                     return left_overs
                 def _handle_user_repo_groups(self, username, repository_groups, handle_user,
                                              handle_mode=None):
                     left_overs = True
                     from rhodecode.model.repo_group import RepoGroupModel
                     if handle_mode == 'detach':
                         for r in repository_groups:
                             r.user = handle_user
                             # set description we know why we super admin now owns
                             # additional repositories that were orphaned !
                             r.group_description += '  \n::detached repository group from deleted user: %s' % (username,)
                             r.personal = False
                             self.sa.add(r)
                         left_overs = False
                     elif handle_mode == 'delete':
                         for r in repository_groups:
                             RepoGroupModel().delete(r)
                         left_overs = False
                     # if nothing is done we have left overs left
                     return left_overs
                 def _handle_user_user_groups(self, username, user_groups, handle_user,
                                              handle_mode=None):
                     left_overs = True
                     from rhodecode.model.user_group import UserGroupModel
                     if handle_mode == 'detach':
                         for r in user_groups:
                             for user_user_group_to_perm in r.user_user_group_to_perm:
                                 if user_user_group_to_perm.user.username == username:
                                     user_user_group_to_perm.user = handle_user
                             r.user = handle_user
                             # set description we know why we super admin now owns
                             # additional repositories that were orphaned !
                             r.user_group_description += '  \n::detached user group from deleted user: %s' % (username,)
                             self.sa.add(r)
                         left_overs = False
                     elif handle_mode == 'delete':
                         for r in user_groups:
                             UserGroupModel().delete(r)
                         left_overs = False
                     # if nothing is done we have left overs left
                     return left_overs
                 def _handle_user_pull_requests(self, username, pull_requests, handle_user,
                                                handle_mode=None):
                     left_overs = True
                     from rhodecode.model.pull_request import PullRequestModel
                     if handle_mode == 'detach':
                         for pr in pull_requests:
                             pr.user_id = handle_user.user_id
                             # set description we know why we super admin now owns
                             # additional repositories that were orphaned !
                             pr.description += '  \n::detached pull requests from deleted user: %s' % (username,)
                             self.sa.add(pr)
                         left_overs = False
                     elif handle_mode == 'delete':
                         for pr in pull_requests:
                             PullRequestModel().delete(pr)
                         left_overs = False
-                    # if nothing is done we have left overs left
+                    # if nothing is done we have leftovers left
                     return left_overs
                 def _handle_user_artifacts(self, username, artifacts, handle_user,
                                            handle_mode=None):
                     left_overs = True
                     if handle_mode == 'detach':
                         for a in artifacts:
                             a.upload_user = handle_user
                             # set description we know why we super admin now owns
                             # additional artifacts that were orphaned !
                             a.file_description += '  \n::detached artifact from deleted user: %s' % (username,)
                             self.sa.add(a)
                         left_overs = False
                     elif handle_mode == 'delete':
                         from rhodecode.apps.file_store import utils as store_utils
                         request = get_current_request()
                         storage = store_utils.get_file_storage(request.registry.settings)
                         for a in artifacts:
                             file_uid = a.file_uid
                             storage.delete(file_uid)
                             self.sa.delete(a)
                         left_overs = False
                     # if nothing is done we have left overs left
                     return left_overs
                 def delete(self, user, cur_user=None, handle_repos=None,
                            handle_repo_groups=None, handle_user_groups=None,
                            handle_pull_requests=None, handle_artifacts=None, handle_new_owner=None):
                     from rhodecode.lib import hooks_base
                     if not cur_user:
                         cur_user = getattr(get_current_rhodecode_user(), 'username', None)
                     user = self._get_user(user)
                     try:
                         if user.username == User.DEFAULT_USER:
                             raise DefaultUserException(
                                 u"You can't remove this user since it's"
                                 u" crucial for entire application")
                         handle_user = handle_new_owner or self.cls.get_first_super_admin()
                         log.debug('New detached objects owner %s', handle_user)
                         left_overs = self._handle_user_repos(
                             user.username, user.repositories, handle_user, handle_repos)
                         if left_overs and user.repositories:
                             repos = [x.repo_name for x in user.repositories]
                             raise UserOwnsReposException(
                                 u'user "%(username)s" still owns %(len_repos)s repositories and cannot be '
                                 u'removed. Switch owners or remove those repositories:%(list_repos)s'
                                 % {'username': user.username, 'len_repos': len(repos),
                                    'list_repos': ', '.join(repos)})
                         left_overs = self._handle_user_repo_groups(
                             user.username, user.repository_groups, handle_user, handle_repo_groups)
                         if left_overs and user.repository_groups:
                             repo_groups = [x.group_name for x in user.repository_groups]
                             raise UserOwnsRepoGroupsException(
                                 u'user "%(username)s" still owns %(len_repo_groups)s repository groups and cannot be '
                                 u'removed. Switch owners or remove those repository groups:%(list_repo_groups)s'
                                 % {'username': user.username, 'len_repo_groups': len(repo_groups),
                                    'list_repo_groups': ', '.join(repo_groups)})
                         left_overs = self._handle_user_user_groups(
                             user.username, user.user_groups, handle_user, handle_user_groups)
                         if left_overs and user.user_groups:
                             user_groups = [x.users_group_name for x in user.user_groups]
                             raise UserOwnsUserGroupsException(
                                 u'user "%s" still owns %s user groups and cannot be '
                                 u'removed. Switch owners or remove those user groups:%s'
                                 % (user.username, len(user_groups), ', '.join(user_groups)))
                         left_overs = self._handle_user_pull_requests(
                             user.username, user.user_pull_requests, handle_user, handle_pull_requests)
                         if left_overs and user.user_pull_requests:
                             pull_requests = ['!{}'.format(x.pull_request_id) for x in user.user_pull_requests]
                             raise UserOwnsPullRequestsException(
                                 u'user "%s" still owns %s pull requests and cannot be '
                                 u'removed. Switch owners or remove those pull requests:%s'
                                 % (user.username, len(pull_requests), ', '.join(pull_requests)))
                         left_overs = self._handle_user_artifacts(
                             user.username, user.artifacts, handle_user, handle_artifacts)
                         if left_overs and user.artifacts:
                             artifacts = [x.file_uid for x in user.artifacts]
                             raise UserOwnsArtifactsException(
                                 u'user "%s" still owns %s artifacts and cannot be '
                                 u'removed. Switch owners or remove those artifacts:%s'
                                 % (user.username, len(artifacts), ', '.join(artifacts)))
                         user_data = user.get_dict()  # fetch user data before expire
                         # we might change the user data with detach/delete, make sure
                         # the object is marked as expired before actually deleting !
                         self.sa.expire(user)
                         self.sa.delete(user)
                         hooks_base.delete_user(deleted_by=cur_user, **user_data)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def reset_password_link(self, data, pwd_reset_url):
                     from rhodecode.lib.celerylib import tasks, run_task
                     from rhodecode.model.notification import EmailNotificationModel
                     user_email = data['email']
                     try:
                         user = User.get_by_email(user_email)
                         if user:
                             log.debug('password reset user found %s', user)
                             email_kwargs = {
                                 'password_reset_url': pwd_reset_url,
                                 'user': user,
                                 'email': user_email,
                                 'date': datetime.datetime.now(),
                                 'first_admin_email': User.get_first_super_admin().email
                             }
                             (subject, email_body, email_body_plaintext) = EmailNotificationModel().render_email(
                                 EmailNotificationModel.TYPE_PASSWORD_RESET, **email_kwargs)
                             recipients = [user_email]
                             action_logger_generic(
                                 'sending password reset email to user: {}'.format(
                                     user), namespace='security.password_reset')
                             run_task(tasks.send_email, recipients, subject,
                                      email_body_plaintext, email_body)
                         else:
                             log.debug("password reset email %s not found", user_email)
                     except Exception:
                         log.error(traceback.format_exc())
                         return False
                     return True
                 def reset_password(self, data):
                     from rhodecode.lib.celerylib import tasks, run_task
                     from rhodecode.model.notification import EmailNotificationModel
                     from rhodecode.lib import auth
                     user_email = data['email']
                     pre_db = True
                     try:
                         user = User.get_by_email(user_email)
                         new_passwd = auth.PasswordGenerator().gen_password(
 , auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
                         if user:
                             user.password = auth.get_crypt_password(new_passwd)
                             # also force this user to reset his password !
                             user.update_userdata(force_password_change=True)
                             Session().add(user)
                             # now delete the token in question
                             UserApiKeys = AuthTokenModel.cls
                             UserApiKeys().query().filter(
                                 UserApiKeys.api_key == data['token']).delete()
                             Session().commit()
                             log.info('successfully reset password for `%s`', user_email)
                         if new_passwd is None:
                             raise Exception('unable to generate new password')
                         pre_db = False
                         email_kwargs = {
                             'new_password': new_passwd,
                             'user': user,
                             'email': user_email,
                             'date': datetime.datetime.now(),
                             'first_admin_email': User.get_first_super_admin().email
                         }
                         (subject, email_body, email_body_plaintext) = EmailNotificationModel().render_email(
                             EmailNotificationModel.TYPE_PASSWORD_RESET_CONFIRMATION,
                             **email_kwargs)
                         recipients = [user_email]
                         action_logger_generic(
                             'sent new password to user: {} with email: {}'.format(
                                 user, user_email), namespace='security.password_reset')
                         run_task(tasks.send_email, recipients, subject,
                                  email_body_plaintext, email_body)
                     except Exception:
                         log.error('Failed to update user password')
                         log.error(traceback.format_exc())
                         if pre_db:
                             # we rollback only if local db stuff fails. If it goes into
                             # run_task, we're pass rollback state this wouldn't work then
                             Session().rollback()
                     return True
                 def fill_data(self, auth_user, user_id=None, api_key=None, username=None):
                     """
                     Fetches auth_user by user_id,or api_key if present.
                     Fills auth_user attributes with those taken from database.
                     Additionally set's is_authenitated if lookup fails
                     present in database
                     :param auth_user: instance of user to set attributes
                     :param user_id: user id to fetch by
                     :param api_key: api key to fetch by
                     :param username: username to fetch by
                     """
                     def token_obfuscate(token):
                         if token:
                             return token[:4] + "****"
                     if user_id is None and api_key is None and username is None:
                         raise Exception('You need to pass user_id, api_key or username')
                     log.debug(
                         'AuthUser: fill data execution based on: '
                         'user_id:%s api_key:%s username:%s', user_id, api_key, username)
                     try:
                         dbuser = None
                         if user_id:
                             dbuser = self.get(user_id)
                         elif api_key:
                             dbuser = self.get_by_auth_token(api_key)
                         elif username:
                             dbuser = self.get_by_username(username)
                         if not dbuser:
                             log.warning(
                                 'Unable to lookup user by id:%s api_key:%s username:%s',
                                 user_id, token_obfuscate(api_key), username)
                             return False
                         if not dbuser.active:
                             log.debug('User `%s:%s` is inactive, skipping fill data',
                                       username, user_id)
                             return False
                         log.debug('AuthUser: filling found user:%s data', dbuser)
                         attrs = {
                             'user_id': dbuser.user_id,
                             'username': dbuser.username,
                             'name': dbuser.name,
                             'first_name': dbuser.first_name,
                             'firstname': dbuser.firstname,
                             'last_name': dbuser.last_name,
                             'lastname': dbuser.lastname,
                             'admin': dbuser.admin,
                             'active': dbuser.active,
                             'email': dbuser.email,
                             'emails': dbuser.emails_cached(),
                             'short_contact': dbuser.short_contact,
                             'full_contact': dbuser.full_contact,
                             'full_name': dbuser.full_name,
                             'full_name_or_username': dbuser.full_name_or_username,
                             '_api_key': dbuser._api_key,
                             '_user_data': dbuser._user_data,
                             'created_on': dbuser.created_on,
                             'extern_name': dbuser.extern_name,
                             'extern_type': dbuser.extern_type,
                             'inherit_default_permissions': dbuser.inherit_default_permissions,
                             'language': dbuser.language,
                             'last_activity': dbuser.last_activity,
                             'last_login': dbuser.last_login,
                             'password': dbuser.password,
                         }
                         auth_user.__dict__.update(attrs)
                     except Exception:
                         log.error(traceback.format_exc())
                         auth_user.is_authenticated = False
                         return False
                     return True
                 def has_perm(self, user, perm):
                     perm = self._get_perm(perm)
                     user = self._get_user(user)
                     return UserToPerm.query().filter(UserToPerm.user == user)\
                         .filter(UserToPerm.permission == perm).scalar() is not None
                 def grant_perm(self, user, perm):
                     """
                     Grant user global permissions
                     :param user:
                     :param perm:
                     """
                     user = self._get_user(user)
                     perm = self._get_perm(perm)
                     # if this permission is already granted skip it
                     _perm = UserToPerm.query()\
                         .filter(UserToPerm.user == user)\
                         .filter(UserToPerm.permission == perm)\
                         .scalar()
                     if _perm:
                         return
                     new = UserToPerm()
                     new.user = user
                     new.permission = perm
                     self.sa.add(new)
                     return new
                 def revoke_perm(self, user, perm):
                     """
                     Revoke users global permissions
                     :param user:
                     :param perm:
                     """
                     user = self._get_user(user)
                     perm = self._get_perm(perm)
                     obj = UserToPerm.query()\
                             .filter(UserToPerm.user == user)\
                             .filter(UserToPerm.permission == perm)\
                             .scalar()
                     if obj:
                         self.sa.delete(obj)
                 def add_extra_email(self, user, email):
                     """
                     Adds email address to UserEmailMap
                     :param user:
                     :param email:
                     """
                     user = self._get_user(user)
                     obj = UserEmailMap()
                     obj.user = user
                     obj.email = email
                     self.sa.add(obj)
                     return obj
                 def delete_extra_email(self, user, email_id):
                     """
                     Removes email address from UserEmailMap
                     :param user:
                     :param email_id:
                     """
                     user = self._get_user(user)
                     obj = UserEmailMap.query().get(email_id)
                     if obj and obj.user_id == user.user_id:
                         self.sa.delete(obj)
                 def parse_ip_range(self, ip_range):
                     ip_list = []
                     def make_unique(value):
                         seen = []
                         return [c for c in value if not (c in seen or seen.append(c))]
                     # firsts split by commas
                     for ip_range in ip_range.split(','):
                         if not ip_range:
                             continue
                         ip_range = ip_range.strip()
                         if '-' in ip_range:
                             start_ip, end_ip = ip_range.split('-', 1)
-                            start_ip = ipaddress.ip_address(safe_unicode(start_ip.strip()))
+                            start_ip = ipaddress.ip_address(safe_str(start_ip.strip()))
-                            end_ip = ipaddress.ip_address(safe_unicode(end_ip.strip()))
+                            end_ip = ipaddress.ip_address(safe_str(end_ip.strip()))
                             parsed_ip_range = []
                             for index in range(int(start_ip), int(end_ip) + 1):
                                 new_ip = ipaddress.ip_address(index)
                                 parsed_ip_range.append(str(new_ip))
                             ip_list.extend(parsed_ip_range)
                         else:
                             ip_list.append(ip_range)
                     return make_unique(ip_list)
                 def add_extra_ip(self, user, ip, description=None):
                     """
                     Adds ip address to UserIpMap
                     :param user:
                     :param ip:
                     """
                     user = self._get_user(user)
                     obj = UserIpMap()
                     obj.user = user
                     obj.ip_addr = ip
                     obj.description = description
                     self.sa.add(obj)
                     return obj
                 auth_token_role = AuthTokenModel.cls
                 def add_auth_token(self, user, lifetime_minutes, role, description=u'',
                                    scope_callback=None):
                     """
                     Add AuthToken for user.
                     :param user: username/user_id
                     :param lifetime_minutes: in minutes the lifetime for token, -1 equals no limit
                     :param role: one of AuthTokenModel.cls.ROLE_*
                     :param description: optional string description
                     """
                     token = AuthTokenModel().create(
                         user, description, lifetime_minutes, role)
                     if scope_callback and callable(scope_callback):
                         # call the callback if we provide, used to attach scope for EE edition
                         scope_callback(token)
                     return token
                 def delete_extra_ip(self, user, ip_id):
                     """
                     Removes ip address from UserIpMap
                     :param user:
                     :param ip_id:
                     """
                     user = self._get_user(user)
                     obj = UserIpMap.query().get(ip_id)
                     if obj and obj.user_id == user.user_id:
                         self.sa.delete(obj)
                 def get_accounts_in_creation_order(self, current_user=None):
                     """
                     Get accounts in order of creation for deactivation for license limits
                     pick currently logged in user, and append to the list in position 0
                     pick all super-admins in order of creation date and add it to the list
                     pick all other accounts in order of creation and add it to the list.
                     Based on that list, the last accounts can be disabled as they are
                     created at the end and don't include any of the super admins as well
                     as the current user.
                     :param current_user: optionally current user running this operation
                     """
                     if not current_user:
                         current_user = get_current_rhodecode_user()
                     active_super_admins = [
                         x.user_id for x in User.query()
                         .filter(User.user_id != current_user.user_id)
                         .filter(User.active == true())
                         .filter(User.admin == true())
                         .order_by(User.created_on.asc())]
                     active_regular_users = [
                         x.user_id for x in User.query()
                         .filter(User.user_id != current_user.user_id)
                         .filter(User.active == true())
                         .filter(User.admin == false())
                         .order_by(User.created_on.asc())]
                     list_of_accounts = [current_user.user_id]
                     list_of_accounts += active_super_admins
                     list_of_accounts += active_regular_users
                     return list_of_accounts
                 def deactivate_last_users(self, expected_users, current_user=None):
                     """
                     Deactivate accounts that are over the license limits.
                     Algorithm of which accounts to disabled is based on the formula:
                     Get current user, then super admins in creation order, then regular
                     active users in creation order.
                     Using that list we mark all accounts from the end of it as inactive.
                     This way we block only latest created accounts.
                     :param expected_users: list of users in special order, we deactivate
                         the end N amount of users from that list
                     """
                     list_of_accounts = self.get_accounts_in_creation_order(
                         current_user=current_user)
                     for acc_id in list_of_accounts[expected_users + 1:]:
                         user = User.get(acc_id)
                         log.info('Deactivating account %s for license unlock', user)
                         user.active = False
                         Session().add(user)
                         Session().commit()
                     return
                 def get_user_log(self, user, filter_term):
                     user_log = UserLog.query()\
                         .filter(or_(UserLog.user_id == user.user_id,
                                     UserLog.username == user.username))\
                         .options(joinedload(UserLog.user))\
                         .options(joinedload(UserLog.repository))\
                         .order_by(UserLog.action_date.desc())
                     user_log = user_log_filter(user_log, filter_term)
                     return user_log

rhodecode/model/user_group.py

0 +3 -3

             # Copyright (C) 2011-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import traceback
-            from rhodecode.lib.utils2 import safe_str, safe_unicode
+            from rhodecode.lib.utils2 import safe_str
             from rhodecode.lib.exceptions import (
                 UserGroupAssignedException, RepoGroupAssignmentError)
             from rhodecode.lib.utils2 import (
                 get_current_rhodecode_user, action_logger_generic)
             from rhodecode.model import BaseModel
             from rhodecode.model.scm import UserGroupList
             from rhodecode.model.db import (
                 joinedload, true, func, User, UserGroupMember, UserGroup,
                 UserGroupRepoToPerm, Permission, UserGroupToPerm, UserUserGroupToPerm,
                 UserGroupUserGroupToPerm, UserGroupRepoGroupToPerm)
             log = logging.getLogger(__name__)
             class UserGroupModel(BaseModel):
                 cls = UserGroup
                 def _get_user_group(self, user_group):
                     return self._get_instance(UserGroup, user_group,
                                               callback=UserGroup.get_by_group_name)
                 def _create_default_perms(self, user_group):
                     # create default permission
                     default_perm = 'usergroup.read'
                     def_user = User.get_default_user()
                     for p in def_user.user_perms:
                         if p.permission.permission_name.startswith('usergroup.'):
                             default_perm = p.permission.permission_name
                             break
                     user_group_to_perm = UserUserGroupToPerm()
                     user_group_to_perm.permission = Permission.get_by_key(default_perm)
                     user_group_to_perm.user_group = user_group
-                    user_group_to_perm.user_id = def_user.user_id
+                    user_group_to_perm.user = def_user
                     return user_group_to_perm
                 def update_permissions(
                         self, user_group, perm_additions=None, perm_updates=None,
                         perm_deletions=None, check_perms=True, cur_user=None):
                     from rhodecode.lib.auth import HasUserGroupPermissionAny
                     if not perm_additions:
                         perm_additions = []
                     if not perm_updates:
                         perm_updates = []
                     if not perm_deletions:
                         perm_deletions = []
                     req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')
                     changes = {
                         'added': [],
                         'updated': [],
                         'deleted': []
                     }
                     change_obj = user_group.get_api_data()
                     # update permissions
                     for member_id, perm, member_type in perm_updates:
                         member_id = int(member_id)
                         if member_type == 'user':
                             member_name = User.get(member_id).username
                             # this updates existing one
                             self.grant_user_permission(
                                 user_group=user_group, user=member_id, perm=perm
                             )
                         elif member_type == 'user_group':
                             # check if we have permissions to alter this usergroup
                             member_name = UserGroup.get(member_id).users_group_name
                             if not check_perms or HasUserGroupPermissionAny(
                                     *req_perms)(member_name, user=cur_user):
                                 self.grant_user_group_permission(
                                     target_user_group=user_group, user_group=member_id, perm=perm)
                         else:
                             raise ValueError("member_type must be 'user' or 'user_group' "
                                              "got {} instead".format(member_type))
                         changes['updated'].append({
                             'change_obj': change_obj,
                             'type': member_type, 'id': member_id,
                             'name': member_name, 'new_perm': perm})
                     # set new permissions
                     for member_id, perm, member_type in perm_additions:
                         member_id = int(member_id)
                         if member_type == 'user':
                             member_name = User.get(member_id).username
                             self.grant_user_permission(
                                 user_group=user_group, user=member_id, perm=perm)
                         elif member_type == 'user_group':
                             # check if we have permissions to alter this usergroup
                             member_name = UserGroup.get(member_id).users_group_name
                             if not check_perms or HasUserGroupPermissionAny(
                                     *req_perms)(member_name, user=cur_user):
                                 self.grant_user_group_permission(
                                     target_user_group=user_group, user_group=member_id, perm=perm)
                         else:
                             raise ValueError("member_type must be 'user' or 'user_group' "
                                              "got {} instead".format(member_type))
                         changes['added'].append({
                             'change_obj': change_obj,
                             'type': member_type, 'id': member_id,
                             'name': member_name, 'new_perm': perm})
                     # delete permissions
                     for member_id, perm, member_type in perm_deletions:
                         member_id = int(member_id)
                         if member_type == 'user':
                             member_name = User.get(member_id).username
                             self.revoke_user_permission(user_group=user_group, user=member_id)
                         elif member_type == 'user_group':
                             # check if we have permissions to alter this usergroup
                             member_name = UserGroup.get(member_id).users_group_name
                             if not check_perms or HasUserGroupPermissionAny(
                                     *req_perms)(member_name, user=cur_user):
                                 self.revoke_user_group_permission(
                                     target_user_group=user_group, user_group=member_id)
                         else:
                             raise ValueError("member_type must be 'user' or 'user_group' "
                                              "got {} instead".format(member_type))
                         changes['deleted'].append({
                             'change_obj': change_obj,
                             'type': member_type, 'id': member_id,
                             'name': member_name, 'new_perm': perm})
                     return changes
                 def get(self, user_group_id, cache=False):
                     return UserGroup.get(user_group_id)
                 def get_group(self, user_group):
                     return self._get_user_group(user_group)
                 def get_by_name(self, name, cache=False, case_insensitive=False):
                     return UserGroup.get_by_group_name(name, cache, case_insensitive)
                 def create(self, name, description, owner, active=True, group_data=None):
                     try:
                         new_user_group = UserGroup()
                         new_user_group.user = self._get_user(owner)
                         new_user_group.users_group_name = name
                         new_user_group.user_group_description = description
                         new_user_group.users_group_active = active
                         if group_data:
                             new_user_group.group_data = group_data
                         self.sa.add(new_user_group)
                         perm_obj = self._create_default_perms(new_user_group)
                         self.sa.add(perm_obj)
                         self.grant_user_permission(user_group=new_user_group,
                                                    user=owner, perm='usergroup.admin')
                         return new_user_group
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def _get_memberships_for_user_ids(self, user_group, user_id_list):
                     members = []
                     for user_id in user_id_list:
                         member = self._get_membership(user_group.users_group_id, user_id)
                         members.append(member)
                     return members
                 def _get_added_and_removed_user_ids(self, user_group, user_id_list):
                     current_members = user_group.members or []
                     current_members_ids = [m.user.user_id for m in current_members]
                     added_members = [
                         user_id for user_id in user_id_list
                         if user_id not in current_members_ids]
                     if user_id_list == []:
                         # all members were deleted
                         deleted_members = current_members_ids
                     else:
                         deleted_members = [
                             user_id for user_id in current_members_ids
                             if user_id not in user_id_list]
                     return added_members, deleted_members
                 def _set_users_as_members(self, user_group, user_ids):
                     user_group.members = []
                     self.sa.flush()
                     members = self._get_memberships_for_user_ids(
                         user_group, user_ids)
                     user_group.members = members
                     self.sa.add(user_group)
                 def _update_members_from_user_ids(self, user_group, user_ids):
                     added, removed = self._get_added_and_removed_user_ids(
                         user_group, user_ids)
                     self._set_users_as_members(user_group, user_ids)
                     self._log_user_changes('added to', user_group, added)
                     self._log_user_changes('removed from', user_group, removed)
                     return added, removed
                 def _clean_members_data(self, members_data):
                     if not members_data:
                         members_data = []
                     members = []
                     for user in members_data:
                         uid = int(user['member_user_id'])
                         if uid not in members and user['type'] in ['new', 'existing']:
                             members.append(uid)
                     return members
                 def update(self, user_group, form_data, group_data=None):
                     user_group = self._get_user_group(user_group)
                     if 'users_group_name' in form_data:
                         user_group.users_group_name = form_data['users_group_name']
                     if 'users_group_active' in form_data:
                         user_group.users_group_active = form_data['users_group_active']
                     if 'user_group_description' in form_data:
                         user_group.user_group_description = form_data[
                             'user_group_description']
                     # handle owner change
                     if 'user' in form_data:
                         owner = form_data['user']
                         if isinstance(owner, str):
                             owner = User.get_by_username(form_data['user'])
                         if not isinstance(owner, User):
                             raise ValueError(
                                 'invalid owner for user group: %s' % form_data['user'])
                         user_group.user = owner
                     added_user_ids = []
                     removed_user_ids = []
                     if 'users_group_members' in form_data:
                         members_id_list = self._clean_members_data(
                             form_data['users_group_members'])
                         added_user_ids, removed_user_ids = \
                             self._update_members_from_user_ids(user_group, members_id_list)
                     if group_data:
                         new_group_data = {}
                         new_group_data.update(group_data)
                         user_group.group_data = new_group_data
                     self.sa.add(user_group)
                     return user_group, added_user_ids, removed_user_ids
                 def delete(self, user_group, force=False):
                     """
                     Deletes repository group, unless force flag is used
                     raises exception if there are members in that group, else deletes
                     group and users
                     :param user_group:
                     :param force:
                     """
                     user_group = self._get_user_group(user_group)
                     if not user_group:
                         return
                     try:
                         # check if this group is not assigned to repo
                         assigned_to_repo = [x.repository for x in UserGroupRepoToPerm.query()\
                             .filter(UserGroupRepoToPerm.users_group == user_group).all()]
                         # check if this group is not assigned to repo
                         assigned_to_repo_group = [x.group for x in UserGroupRepoGroupToPerm.query()\
                             .filter(UserGroupRepoGroupToPerm.users_group == user_group).all()]
                         if (assigned_to_repo or assigned_to_repo_group) and not force:
                             assigned = ','.join(map(safe_str,
                                                 assigned_to_repo+assigned_to_repo_group))
                             raise UserGroupAssignedException(
                                 'UserGroup assigned to %s' % (assigned,))
                         self.sa.delete(user_group)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def _log_user_changes(self, action, user_group, user_or_users):
                     users = user_or_users
                     if not isinstance(users, (list, tuple)):
                         users = [users]
                     group_name = user_group.users_group_name
                     for user_or_user_id in users:
                         user = self._get_user(user_or_user_id)
                         log_text = 'User {user} {action} {group}'.format(
                             action=action, user=user.username, group=group_name)
                         action_logger_generic(log_text)
                 def _find_user_in_group(self, user, user_group):
                     user_group_member = None
                     for m in user_group.members:
                         if m.user_id == user.user_id:
                             # Found this user's membership row
                             user_group_member = m
                             break
                     return user_group_member
                 def _get_membership(self, user_group_id, user_id):
                     user_group_member = UserGroupMember(user_group_id, user_id)
                     return user_group_member
                 def add_user_to_group(self, user_group, user):
                     user_group = self._get_user_group(user_group)
                     user = self._get_user(user)
                     user_member = self._find_user_in_group(user, user_group)
                     if user_member:
                         # user already in the group, skip
                         return True
                     member = self._get_membership(
                         user_group.users_group_id, user.user_id)
                     user_group.members.append(member)
                     try:
                         self.sa.add(member)
                     except Exception:
                         # what could go wrong here?
                         log.error(traceback.format_exc())
                         raise
                     self._log_user_changes('added to', user_group, user)
                     return member
                 def remove_user_from_group(self, user_group, user):
                     user_group = self._get_user_group(user_group)
                     user = self._get_user(user)
                     user_group_member = self._find_user_in_group(user, user_group)
                     if not user_group_member:
                         # User isn't in that group
                         return False
                     try:
                         self.sa.delete(user_group_member)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                     self._log_user_changes('removed from', user_group, user)
                     return True
                 def has_perm(self, user_group, perm):
                     user_group = self._get_user_group(user_group)
                     perm = self._get_perm(perm)
                     return UserGroupToPerm.query()\
                         .filter(UserGroupToPerm.users_group == user_group)\
                         .filter(UserGroupToPerm.permission == perm).scalar() is not None
                 def grant_perm(self, user_group, perm):
                     user_group = self._get_user_group(user_group)
                     perm = self._get_perm(perm)
                     # if this permission is already granted skip it
                     _perm = UserGroupToPerm.query()\
                         .filter(UserGroupToPerm.users_group == user_group)\
                         .filter(UserGroupToPerm.permission == perm)\
                         .scalar()
                     if _perm:
                         return
                     new = UserGroupToPerm()
                     new.users_group = user_group
                     new.permission = perm
                     self.sa.add(new)
                     return new
                 def revoke_perm(self, user_group, perm):
                     user_group = self._get_user_group(user_group)
                     perm = self._get_perm(perm)
                     obj = UserGroupToPerm.query()\
                         .filter(UserGroupToPerm.users_group == user_group)\
                         .filter(UserGroupToPerm.permission == perm).scalar()
                     if obj:
                         self.sa.delete(obj)
                 def grant_user_permission(self, user_group, user, perm):
                     """
                     Grant permission for user on given user group, or update
                     existing one if found
                     :param user_group: Instance of UserGroup, users_group_id,
                         or users_group_name
                     :param user: Instance of User, user_id or username
                     :param perm: Instance of Permission, or permission_name
                     """
                     changes = {
                         'added': [],
                         'updated': [],
                         'deleted': []
                     }
                     user_group = self._get_user_group(user_group)
                     user = self._get_user(user)
                     permission = self._get_perm(perm)
                     perm_name = permission.permission_name
                     member_id = user.user_id
                     member_name = user.username
                     # check if we have that permission already
                     obj = self.sa.query(UserUserGroupToPerm)\
                         .filter(UserUserGroupToPerm.user == user)\
                         .filter(UserUserGroupToPerm.user_group == user_group)\
                         .scalar()
                     if obj is None:
                         # create new !
                         obj = UserUserGroupToPerm()
                     obj.user_group = user_group
                     obj.user = user
                     obj.permission = permission
                     self.sa.add(obj)
                     log.debug('Granted perm %s to %s on %s', perm, user, user_group)
                     action_logger_generic(
                         'granted permission: {} to user: {} on usergroup: {}'.format(
                             perm, user, user_group), namespace='security.usergroup')
                     changes['added'].append({
                         'change_obj': user_group.get_api_data(),
                         'type': 'user', 'id': member_id,
                         'name': member_name, 'new_perm': perm_name})
                     return changes
                 def revoke_user_permission(self, user_group, user):
                     """
                     Revoke permission for user on given user group
                     :param user_group: Instance of UserGroup, users_group_id,
                         or users_group name
                     :param user: Instance of User, user_id or username
                     """
                     changes = {
                         'added': [],
                         'updated': [],
                         'deleted': []
                     }
                     user_group = self._get_user_group(user_group)
                     user = self._get_user(user)
                     perm_name = 'usergroup.none'
                     member_id = user.user_id
                     member_name = user.username
                     obj = self.sa.query(UserUserGroupToPerm)\
                         .filter(UserUserGroupToPerm.user == user)\
                         .filter(UserUserGroupToPerm.user_group == user_group)\
                         .scalar()
                     if obj:
                         self.sa.delete(obj)
                         log.debug('Revoked perm on %s on %s', user_group, user)
                         action_logger_generic(
                             'revoked permission from user: {} on usergroup: {}'.format(
                                 user, user_group), namespace='security.usergroup')
                         changes['deleted'].append({
                             'change_obj': user_group.get_api_data(),
                             'type': 'user', 'id': member_id,
                             'name': member_name, 'new_perm': perm_name})
                     return changes
                 def grant_user_group_permission(self, target_user_group, user_group, perm):
                     """
                     Grant user group permission for given target_user_group
                     :param target_user_group:
                     :param user_group:
                     :param perm:
                     """
                     changes = {
                         'added': [],
                         'updated': [],
                         'deleted': []
                     }
                     target_user_group = self._get_user_group(target_user_group)
                     user_group = self._get_user_group(user_group)
                     permission = self._get_perm(perm)
                     perm_name = permission.permission_name
                     member_id = user_group.users_group_id
                     member_name = user_group.users_group_name
                     # forbid assigning same user group to itself
                     if target_user_group == user_group:
                         raise RepoGroupAssignmentError('target repo:%s cannot be '
                                                        'assigned to itself' % target_user_group)
                     # check if we have that permission already
                     obj = self.sa.query(UserGroupUserGroupToPerm)\
                         .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group)\
                         .filter(UserGroupUserGroupToPerm.user_group == user_group)\
                         .scalar()
                     if obj is None:
                         # create new !
                         obj = UserGroupUserGroupToPerm()
                     obj.user_group = user_group
                     obj.target_user_group = target_user_group
                     obj.permission = permission
                     self.sa.add(obj)
                     log.debug(
                         'Granted perm %s to %s on %s', perm, target_user_group, user_group)
                     action_logger_generic(
                         'granted permission: {} to usergroup: {} on usergroup: {}'.format(
                             perm, user_group, target_user_group),
                         namespace='security.usergroup')
                     changes['added'].append({
                         'change_obj': target_user_group.get_api_data(),
                         'type': 'user_group', 'id': member_id,
                         'name': member_name, 'new_perm': perm_name})
                     return changes
                 def revoke_user_group_permission(self, target_user_group, user_group):
                     """
                     Revoke user group permission for given target_user_group
                     :param target_user_group:
                     :param user_group:
                     """
                     changes = {
                         'added': [],
                         'updated': [],
                         'deleted': []
                     }
                     target_user_group = self._get_user_group(target_user_group)
                     user_group = self._get_user_group(user_group)
                     perm_name = 'usergroup.none'
                     member_id = user_group.users_group_id
                     member_name = user_group.users_group_name
                     obj = self.sa.query(UserGroupUserGroupToPerm)\
                         .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group)\
                         .filter(UserGroupUserGroupToPerm.user_group == user_group)\
                         .scalar()
                     if obj:
                         self.sa.delete(obj)
                         log.debug(
                             'Revoked perm on %s on %s', target_user_group, user_group)
                         action_logger_generic(
                             'revoked permission from usergroup: {} on usergroup: {}'.format(
                                 user_group, target_user_group),
                             namespace='security.repogroup')
                         changes['deleted'].append({
                             'change_obj': target_user_group.get_api_data(),
                             'type': 'user_group', 'id': member_id,
                             'name': member_name, 'new_perm': perm_name})
                     return changes
                 def get_perms_summary(self, user_group_id):
                     permissions = {
                         'repositories': {},
                         'repositories_groups': {},
                     }
                     ugroup_repo_perms = UserGroupRepoToPerm.query()\
                         .options(joinedload(UserGroupRepoToPerm.permission))\
                         .options(joinedload(UserGroupRepoToPerm.repository))\
                         .filter(UserGroupRepoToPerm.users_group_id == user_group_id)\
                         .all()
                     for gr in ugroup_repo_perms:
                         permissions['repositories'][gr.repository.repo_name]  \
                             = gr.permission.permission_name
                     ugroup_group_perms = UserGroupRepoGroupToPerm.query()\
                         .options(joinedload(UserGroupRepoGroupToPerm.permission))\
                         .options(joinedload(UserGroupRepoGroupToPerm.group))\
                         .filter(UserGroupRepoGroupToPerm.users_group_id == user_group_id)\
                         .all()
                     for gr in ugroup_group_perms:
                         permissions['repositories_groups'][gr.group.group_name] \
                             = gr.permission.permission_name
                     return permissions
                 def enforce_groups(self, user, groups, extern_type=None):
                     user = self._get_user(user)
                     current_groups = user.group_member
                     # find the external created groups, i.e automatically created
                     log.debug('Enforcing user group set `%s` on user %s', groups, user)
                     # calculate from what groups user should be removed
                     # external_groups that are not in groups
                     for gr in [x.users_group for x in current_groups]:
                         managed = gr.group_data.get('extern_type')
                         if managed:
                             if gr.users_group_name not in groups:
                                 log.debug('Removing user %s from user group %s. '
                                           'Group sync managed by: %s', user, gr, managed)
                                 self.remove_user_from_group(gr, user)
                         else:
                             log.debug('Skipping removal from group %s since it is '
                                       'not set to be automatically synchronized', gr)
                     # now we calculate in which groups user should be == groups params
                     owner = User.get_first_super_admin().username
                     for gr in set(groups):
                         existing_group = UserGroup.get_by_group_name(gr)
                         if not existing_group:
                             desc = 'Automatically created from plugin:%s' % extern_type
                             # we use first admin account to set the owner of the group
                             existing_group = UserGroupModel().create(
                                 gr, desc, owner, group_data={'extern_type': extern_type})
                         # we can only add users to groups which have set sync flag via
                         # extern_type attribute.
                         # This is either set and created via plugins, or manually
                         managed = existing_group.group_data.get('extern_type')
                         if managed:
                             log.debug('Adding user %s to user group %s', user, gr)
                             UserGroupModel().add_user_to_group(existing_group, user)
                         else:
                             log.debug('Skipping addition to group %s since it is '
                                       'not set to be automatically synchronized', gr)
                 def change_groups(self, user, groups):
                     """
                     This method changes user group assignment
                     :param user:  User
                     :param groups: array of UserGroupModel
                     """
                     user = self._get_user(user)
                     log.debug('Changing user(%s) assignment to groups(%s)', user, groups)
                     current_groups = user.group_member
                     current_groups = [x.users_group for x in current_groups]
                     # calculate from what groups user should be removed/add
                     groups = set(groups)
                     current_groups = set(current_groups)
                     groups_to_remove = current_groups - groups
                     groups_to_add = groups - current_groups
                     removed_from_groups = []
                     added_to_groups = []
                     for gr in groups_to_remove:
                         log.debug('Removing user %s from user group %s',
                                   user.username, gr.users_group_name)
                         removed_from_groups.append(gr.users_group_id)
                         self.remove_user_from_group(gr.users_group_name, user.username)
                     for gr in groups_to_add:
                         log.debug('Adding user %s to user group %s',
                                   user.username, gr.users_group_name)
                         added_to_groups.append(gr.users_group_id)
                         UserGroupModel().add_user_to_group(
                             gr.users_group_name, user.username)
                     return added_to_groups, removed_from_groups
                 def _serialize_user_group(self, user_group):
                     import rhodecode.lib.helpers as h
                     return {
                             'id': user_group.users_group_id,
                             # TODO: marcink figure out a way to generate the url for the
                             # icon
                             'icon_link': '',
                             'value_display': 'Group: %s (%d members)' % (
                                 user_group.users_group_name, len(user_group.members),),
                             'value': user_group.users_group_name,
                             'description': user_group.user_group_description,
                             'owner': user_group.user.username,
                             'owner_icon': h.gravatar_url(user_group.user.email, 30),
                             'value_display_owner': h.person(user_group.user.email),
                             'value_type': 'user_group',
                             'active': user_group.users_group_active,
                         }
                 def get_user_groups(self, name_contains=None, limit=20, only_active=True,
                                     expand_groups=False):
                     query = self.sa.query(UserGroup)
                     if only_active:
                         query = query.filter(UserGroup.users_group_active == true())
                     if name_contains:
-                        ilike_expression = u'%{}%'.format(safe_unicode(name_contains))
+                        ilike_expression = u'%{}%'.format(safe_str(name_contains))
                         query = query.filter(
                             UserGroup.users_group_name.ilike(ilike_expression))\
                             .order_by(func.length(UserGroup.users_group_name))\
                             .order_by(UserGroup.users_group_name)
                         query = query.limit(limit)
                     user_groups = query.all()
                     perm_set = ['usergroup.read', 'usergroup.write', 'usergroup.admin']
                     user_groups = UserGroupList(user_groups, perm_set=perm_set)
                     # store same serialize method to extract data from User
                     from rhodecode.model.user import UserModel
                     serialize_user = UserModel()._serialize_user
                     _groups = []
                     for group in user_groups:
                         entry = self._serialize_user_group(group)
                         if expand_groups:
                             expanded_members = []
                             for member in group.members:
                                 expanded_members.append(serialize_user(member.user))
                             entry['members'] = expanded_members
                         _groups.append(entry)
                     return _groups
                 @staticmethod
                 def get_user_groups_as_dict(user_group):
                     import rhodecode.lib.helpers as h
                     data = {
                         'users_group_id': user_group.users_group_id,
                         'group_name': h.link_to_group(user_group.users_group_name),
                         'group_description': user_group.user_group_description,
                         'active': user_group.users_group_active,
                         "owner": user_group.user.username,
                         'owner_icon': h.gravatar_url(user_group.user.email, 30),
                         "owner_data": {
                             'owner': user_group.user.username,
                             'owner_icon': h.gravatar_url(user_group.user.email, 30)}
                         }
                     return data

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages