rhodecode-enterprise-ce Commit - r4351:2d86851b

users: added option to detach pull requests for users which we delete....

dan -

r4351:2d86851b default

parent child

The requested changes are too big and content was truncated. Show full diff

rhodecode/apps/admin/views/users.py

0 +40 -7

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import datetime
             import formencode
             import formencode.htmlfill
             from pyramid.httpexceptions import HTTPFound
             from pyramid.view import view_config
             from pyramid.renderers import render
             from pyramid.response import Response
             from rhodecode import events
             from rhodecode.apps._base import BaseAppView, DataGridAppView, UserAppView
             from rhodecode.apps.ssh_support import SshKeyFileChangeEvent
             from rhodecode.authentication.base import get_authn_registry, RhodeCodeExternalAuthPlugin
             from rhodecode.authentication.plugins import auth_rhodecode
             from rhodecode.events import trigger
             from rhodecode.model.db import true, UserNotice
             from rhodecode.lib import audit_logger, rc_cache
             from rhodecode.lib.exceptions import (
                 UserCreationError, UserOwnsReposException, UserOwnsRepoGroupsException,
-                UserOwnsUserGroupsException, DefaultUserException)
+                UserOwnsUserGroupsException, UserOwnsPullRequestsException,
+                UserOwnsArtifactsException, DefaultUserException)
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.auth import (
                 LoginRequired, HasPermissionAllDecorator, CSRFRequired)
             from rhodecode.lib import helpers as h
             from rhodecode.lib.helpers import SqlPage
             from rhodecode.lib.utils2 import safe_int, safe_unicode, AttributeDict
             from rhodecode.model.auth_token import AuthTokenModel
             from rhodecode.model.forms import (
                 UserForm, UserIndividualPermissionsForm, UserPermissionsForm,
                 UserExtraEmailForm, UserExtraIpForm)
             from rhodecode.model.permission import PermissionModel
             from rhodecode.model.repo_group import RepoGroupModel
             from rhodecode.model.ssh_key import SshKeyModel
             from rhodecode.model.user import UserModel
             from rhodecode.model.user_group import UserGroupModel
             from rhodecode.model.db import (
                 or_, coalesce,IntegrityError, User, UserGroup, UserIpMap, UserEmailMap,
                 UserApiKeys, UserSshKeys, RepoGroup)
             from rhodecode.model.meta import Session
             log = logging.getLogger(__name__)
             class AdminUsersView(BaseAppView, DataGridAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     return c
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='users', request_method='GET',
                     renderer='rhodecode:templates/admin/users/users.mako')
                 def users_list(self):
                     c = self.load_default_context()
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     # renderer defined below
                     route_name='users_data', request_method='GET',
                     renderer='json_ext', xhr=True)
                 def users_list_data(self):
                     self.load_default_context()
                     column_map = {
                         'first_name': 'name',
                         'last_name': 'lastname',
                     }
                     draw, start, limit = self._extract_chunk(self.request)
                     search_q, order_by, order_dir = self._extract_ordering(
                         self.request, column_map=column_map)
                     _render = self.request.get_partial_renderer(
                         'rhodecode:templates/data_table/_dt_elements.mako')
                     def user_actions(user_id, username):
                         return _render("user_actions", user_id, username)
                     users_data_total_count = User.query()\
                         .filter(User.username != User.DEFAULT_USER) \
                         .count()
                     users_data_total_inactive_count = User.query()\
                         .filter(User.username != User.DEFAULT_USER) \
                         .filter(User.active != true())\
                         .count()
                     # json generate
                     base_q = User.query().filter(User.username != User.DEFAULT_USER)
                     base_inactive_q = base_q.filter(User.active != true())
                     if search_q:
                         like_expression = u'%{}%'.format(safe_unicode(search_q))
                         base_q = base_q.filter(or_(
                             User.username.ilike(like_expression),
                             User._email.ilike(like_expression),
                             User.name.ilike(like_expression),
                             User.lastname.ilike(like_expression),
                         ))
                         base_inactive_q = base_q.filter(User.active != true())
                     users_data_total_filtered_count = base_q.count()
                     users_data_total_filtered_inactive_count = base_inactive_q.count()
                     sort_col = getattr(User, order_by, None)
                     if sort_col:
                         if order_dir == 'asc':
                             # handle null values properly to order by NULL last
                             if order_by in ['last_activity']:
                                 sort_col = coalesce(sort_col, datetime.date.max)
                             sort_col = sort_col.asc()
                         else:
                             # handle null values properly to order by NULL last
                             if order_by in ['last_activity']:
                                 sort_col = coalesce(sort_col, datetime.date.min)
                             sort_col = sort_col.desc()
                     base_q = base_q.order_by(sort_col)
                     base_q = base_q.offset(start).limit(limit)
                     users_list = base_q.all()
                     users_data = []
                     for user in users_list:
                         users_data.append({
                             "username": h.gravatar_with_user(self.request, user.username),
                             "email": user.email,
                             "first_name": user.first_name,
                             "last_name": user.last_name,
                             "last_login": h.format_date(user.last_login),
                             "last_activity": h.format_date(user.last_activity),
                             "active": h.bool2icon(user.active),
                             "active_raw": user.active,
                             "admin": h.bool2icon(user.admin),
                             "extern_type": user.extern_type,
                             "extern_name": user.extern_name,
                             "action": user_actions(user.user_id, user.username),
                         })
                     data = ({
                         'draw': draw,
                         'data': users_data,
                         'recordsTotal': users_data_total_count,
                         'recordsFiltered': users_data_total_filtered_count,
                         'recordsTotalInactive': users_data_total_inactive_count,
                         'recordsFilteredInactive': users_data_total_filtered_inactive_count
                     })
                     return data
                 def _set_personal_repo_group_template_vars(self, c_obj):
                     DummyUser = AttributeDict({
                         'username': '${username}',
                         'user_id': '${user_id}',
                     })
                     c_obj.default_create_repo_group = RepoGroupModel() \
                         .get_default_create_personal_repo_group()
                     c_obj.personal_repo_group_name = RepoGroupModel() \
                         .get_personal_group_name(DummyUser)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='users_new', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_add.mako')
                 def users_new(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.uid
                     self._set_personal_repo_group_template_vars(c)
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='users_create', request_method='POST',
                     renderer='rhodecode:templates/admin/users/user_add.mako')
                 def users_create(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.uid
                     user_model = UserModel()
                     user_form = UserForm(self.request.translate)()
                     try:
                         form_result = user_form.to_python(dict(self.request.POST))
                         user = user_model.create(form_result)
                         Session().flush()
                         creation_data = user.get_api_data()
                         username = form_result['username']
                         audit_logger.store_web(
                             'user.create', action_data={'data': creation_data},
                             user=c.rhodecode_user)
                         user_link = h.link_to(
                             h.escape(username),
                             h.route_path('user_edit', user_id=user.user_id))
                         h.flash(h.literal(_('Created user %(user_link)s')
                                           % {'user_link': user_link}), category='success')
                         Session().commit()
                     except formencode.Invalid as errors:
                         self._set_personal_repo_group_template_vars(c)
                         data = render(
                             'rhodecode:templates/admin/users/user_add.mako',
                             self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     except UserCreationError as e:
                         h.flash(e, 'error')
                     except Exception:
                         log.exception("Exception creation of user")
                         h.flash(_('Error occurred during creation of user %s')
                                 % self.request.POST.get('username'), category='error')
                     raise HTTPFound(h.route_path('users'))
             class UsersView(UserAppView):
                 ALLOW_SCOPED_TOKENS = False
                 """
                 This view has alternative version inside EE, if modified please take a look
                 in there as well.
                 """
                 def get_auth_plugins(self):
                     valid_plugins = []
                     authn_registry = get_authn_registry(self.request.registry)
                     for plugin in authn_registry.get_plugins_for_authentication():
                         if isinstance(plugin, RhodeCodeExternalAuthPlugin):
                             valid_plugins.append(plugin)
                         elif plugin.name == 'rhodecode':
                             valid_plugins.append(plugin)
                     # extend our choices if user has set a bound plugin which isn't enabled at the
                     # moment
                     extern_type = self.db_user.extern_type
                     if extern_type not in [x.uid for x in valid_plugins]:
                         try:
                             plugin = authn_registry.get_plugin_by_uid(extern_type)
                             if plugin:
                                 valid_plugins.append(plugin)
                         except Exception:
                             log.exception(
                                 'Could not extend user plugins with `{}`'.format(extern_type))
                     return valid_plugins
                 def load_default_context(self):
                     req = self.request
                     c = self._get_local_tmpl_context()
                     c.allow_scoped_tokens = self.ALLOW_SCOPED_TOKENS
                     c.allowed_languages = [
                         ('en', 'English (en)'),
                         ('de', 'German (de)'),
                         ('fr', 'French (fr)'),
                         ('it', 'Italian (it)'),
                         ('ja', 'Japanese (ja)'),
                         ('pl', 'Polish (pl)'),
                         ('pt', 'Portuguese (pt)'),
                         ('ru', 'Russian (ru)'),
                         ('zh', 'Chinese (zh)'),
                     ]
                     c.allowed_extern_types = [
                         (x.uid, x.get_display_name()) for x in self.get_auth_plugins()
                     ]
                     c.available_permissions = req.registry.settings['available_permissions']
                     PermissionModel().set_global_permission_choices(
                         c, gettext_translator=req.translate)
                     return c
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='user_update', request_method='POST',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     c.active = 'profile'
                     c.extern_type = c.user.extern_type
                     c.extern_name = c.user.extern_name
                     c.perm_user = c.user.AuthUser(ip_addr=self.request.remote_addr)
                     available_languages = [x[0] for x in c.allowed_languages]
                     _form = UserForm(self.request.translate, edit=True,
                                      available_languages=available_languages,
                                      old_data={'user_id': user_id,
                                                'email': c.user.email})()
                     form_result = {}
                     old_values = c.user.get_api_data()
                     try:
                         form_result = _form.to_python(dict(self.request.POST))
                         skip_attrs = ['extern_name']
                         # TODO: plugin should define if username can be updated
                         if c.extern_type != "rhodecode":
                             # forbid updating username for external accounts
                             skip_attrs.append('username')
                         UserModel().update_user(
                             user_id, skip_attrs=skip_attrs, **form_result)
                         audit_logger.store_web(
                             'user.edit', action_data={'old_data': old_values},
                             user=c.rhodecode_user)
                         Session().commit()
                         h.flash(_('User updated successfully'), category='success')
                     except formencode.Invalid as errors:
                         data = render(
                             'rhodecode:templates/admin/users/user_edit.mako',
                             self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     except UserCreationError as e:
                         h.flash(e, 'error')
                     except Exception:
                         log.exception("Exception updating user")
                         h.flash(_('Error occurred during update of user %s')
                                 % form_result.get('username'), category='error')
                     raise HTTPFound(h.route_path('user_edit', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='user_delete', request_method='POST',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     _repos = c.user.repositories
                     _repo_groups = c.user.repository_groups
                     _user_groups = c.user.user_groups
+                    _pull_requests = c.user.user_pull_requests
                     _artifacts = c.user.artifacts
                     handle_repos = None
                     handle_repo_groups = None
                     handle_user_groups = None
+                    handle_pull_requests = None
                     handle_artifacts = None
                     # calls for flash of handle based on handle case detach or delete
                     def set_handle_flash_repos():
                         handle = handle_repos
                         if handle == 'detach':
                             h.flash(_('Detached %s repositories') % len(_repos),
                                     category='success')
                         elif handle == 'delete':
                             h.flash(_('Deleted %s repositories') % len(_repos),
                                     category='success')
                     def set_handle_flash_repo_groups():
                         handle = handle_repo_groups
                         if handle == 'detach':
                             h.flash(_('Detached %s repository groups') % len(_repo_groups),
                                     category='success')
                         elif handle == 'delete':
                             h.flash(_('Deleted %s repository groups') % len(_repo_groups),
                                     category='success')
                     def set_handle_flash_user_groups():
                         handle = handle_user_groups
                         if handle == 'detach':
                             h.flash(_('Detached %s user groups') % len(_user_groups),
                                     category='success')
                         elif handle == 'delete':
                             h.flash(_('Deleted %s user groups') % len(_user_groups),
                                     category='success')
+                    def set_handle_flash_pull_requests():
+                        handle = handle_pull_requests
+                        if handle == 'detach':
+                            h.flash(_('Detached %s pull requests') % len(_pull_requests),
+                                    category='success')
+                        elif handle == 'delete':
+                            h.flash(_('Deleted %s pull requests') % len(_pull_requests),
+                                    category='success')
                     def set_handle_flash_artifacts():
                         handle = handle_artifacts
                         if handle == 'detach':
                             h.flash(_('Detached %s artifacts') % len(_artifacts),
                                     category='success')
                         elif handle == 'delete':
                             h.flash(_('Deleted %s artifacts') % len(_artifacts),
                                     category='success')
+                    handle_user = User.get_first_super_admin()
+                    handle_user_id = safe_int(self.request.POST.get('detach_user_id'))
+                    if handle_user_id:
+                        # NOTE(marcink): we get new owner for objects...
+                        handle_user = User.get_or_404(handle_user_id)
                     if _repos and self.request.POST.get('user_repos'):
                         handle_repos = self.request.POST['user_repos']
                     if _repo_groups and self.request.POST.get('user_repo_groups'):
                         handle_repo_groups = self.request.POST['user_repo_groups']
                     if _user_groups and self.request.POST.get('user_user_groups'):
                         handle_user_groups = self.request.POST['user_user_groups']
+                    if _pull_requests and self.request.POST.get('user_pull_requests'):
+                        handle_pull_requests = self.request.POST['user_pull_requests']
                     if _artifacts and self.request.POST.get('user_artifacts'):
                         handle_artifacts = self.request.POST['user_artifacts']
                     old_values = c.user.get_api_data()
                     try:
-                        UserModel().delete(c.user, handle_repos=handle_repos,
-                                           handle_repo_groups=handle_repo_groups,
+                        UserModel().delete(
-                                           handle_user_groups=handle_user_groups,
+                            c.user,
-                                           handle_artifacts=handle_artifacts)
+                            handle_repos=handle_repos,
+                            handle_repo_groups=handle_repo_groups,
+                            handle_user_groups=handle_user_groups,
+                            handle_pull_requests=handle_pull_requests,
+                            handle_artifacts=handle_artifacts,
+                            handle_new_owner=handle_user
+                        )
                         audit_logger.store_web(
                             'user.delete', action_data={'old_data': old_values},
                             user=c.rhodecode_user)
                         Session().commit()
                         set_handle_flash_repos()
                         set_handle_flash_repo_groups()
                         set_handle_flash_user_groups()
+                        set_handle_flash_pull_requests()
                         set_handle_flash_artifacts()
                         username = h.escape(old_values['username'])
                         h.flash(_('Successfully deleted user `{}`').format(username), category='success')
                     except (UserOwnsReposException, UserOwnsRepoGroupsException,
-                            UserOwnsUserGroupsException, DefaultUserException) as e:
+                            UserOwnsUserGroupsException, UserOwnsPullRequestsException,
+                            UserOwnsArtifactsException, DefaultUserException) as e:
                         h.flash(e, category='warning')
                     except Exception:
                         log.exception("Exception during deletion of user")
                         h.flash(_('An error occurred during deletion of user'),
                                 category='error')
                     raise HTTPFound(h.route_path('users'))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='user_edit', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_edit(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'profile'
                     c.extern_type = c.user.extern_type
                     c.extern_name = c.user.extern_name
                     c.perm_user = c.user.AuthUser(ip_addr=self.request.remote_addr)
                     defaults = c.user.get_dict()
                     defaults.update({'language': c.user.user_data.get('language')})
                     data = render(
                         'rhodecode:templates/admin/users/user_edit.mako',
                         self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='user_edit_advanced', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_edit_advanced(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
+                    c.detach_user = User.get_first_super_admin()
+                    detach_user_id = safe_int(self.request.GET.get('detach_user_id'))
+                    if detach_user_id:
+                        c.detach_user = User.get_or_404(detach_user_id)
                     c.active = 'advanced'
                     c.personal_repo_group = RepoGroup.get_user_personal_repo_group(user_id)
                     c.personal_repo_group_name = RepoGroupModel()\
                         .get_personal_group_name(c.user)
                     c.user_to_review_rules = sorted(
                         (x.user for x in c.user.user_review_rules),
                         key=lambda u: u.username.lower())
-                    c.first_admin = User.get_first_super_admin()
                     defaults = c.user.get_dict()
                     # Interim workaround if the user participated on any pull requests as a
                     # reviewer.
                     has_review = len(c.user.reviewer_pull_requests)
                     c.can_delete_user = not has_review
                     c.can_delete_user_message = ''
                     inactive_link = h.link_to(
                         'inactive', h.route_path('user_edit', user_id=user_id, _anchor='active'))
                     if has_review == 1:
                         c.can_delete_user_message = h.literal(_(
                             'The user participates as reviewer in {} pull request and '
                             'cannot be deleted. \nYou can set the user to '
                             '"{}" instead of deleting it.').format(
                             has_review, inactive_link))
                     elif has_review:
                         c.can_delete_user_message = h.literal(_(
                             'The user participates as reviewer in {} pull requests and '
                             'cannot be deleted. \nYou can set the user to '
                             '"{}" instead of deleting it.').format(
                             has_review, inactive_link))
                     data = render(
                         'rhodecode:templates/admin/users/user_edit.mako',
                         self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='user_edit_global_perms', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_edit_global_perms(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'global_perms'
                     c.default_user = User.get_default_user()
                     defaults = c.user.get_dict()
                     defaults.update(c.default_user.get_default_perms(suffix='_inherited'))
                     defaults.update(c.default_user.get_default_perms())
                     defaults.update(c.user.get_default_perms())
                     data = render(
                         'rhodecode:templates/admin/users/user_edit.mako',
                         self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='user_edit_global_perms_update', request_method='POST',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_edit_global_perms_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     c.active = 'global_perms'
                     try:
                         # first stage that verifies the checkbox
                         _form = UserIndividualPermissionsForm(self.request.translate)
                         form_result = _form.to_python(dict(self.request.POST))
                         inherit_perms = form_result['inherit_default_permissions']
                         c.user.inherit_default_permissions = inherit_perms
                         Session().add(c.user)
                         if not inherit_perms:
                             # only update the individual ones if we un check the flag
                             _form = UserPermissionsForm(
                                 self.request.translate,
                                 [x[0] for x in c.repo_create_choices],
                                 [x[0] for x in c.repo_create_on_write_choices],
                                 [x[0] for x in c.repo_group_create_choices],
                                 [x[0] for x in c.user_group_create_choices],
                                 [x[0] for x in c.fork_choices],
                                 [x[0] for x in c.inherit_default_permission_choices])()
                             form_result = _form.to_python(dict(self.request.POST))
                             form_result.update({'perm_user_id': c.user.user_id})
                             PermissionModel().update_user_permissions(form_result)
                         # TODO(marcink): implement global permissions
                         # audit_log.store_web('user.edit.permissions')
                         Session().commit()
                         h.flash(_('User global permissions updated successfully'),
                                 category='success')
                     except formencode.Invalid as errors:
                         data = render(
                             'rhodecode:templates/admin/users/user_edit.mako',
                             self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     except Exception:
                         log.exception("Exception during permissions saving")
                         h.flash(_('An error occurred during permissions saving'),
                                 category='error')
                     affected_user_ids = [user_id]
                     PermissionModel().trigger_permission_flush(affected_user_ids)
                     raise HTTPFound(h.route_path('user_edit_global_perms', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='user_enable_force_password_reset', request_method='POST',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_enable_force_password_reset(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     try:
                         c.user.update_userdata(force_password_change=True)
                         msg = _('Force password change enabled for user')
                         audit_logger.store_web('user.edit.password_reset.enabled',
                                                user=c.rhodecode_user)
                         Session().commit()
                         h.flash(msg, category='success')
                     except Exception:
                         log.exception("Exception during password reset for user")
                         h.flash(_('An error occurred during password reset for user'),
                                 category='error')
                     raise HTTPFound(h.route_path('user_edit_advanced', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='user_disable_force_password_reset', request_method='POST',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_disable_force_password_reset(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     try:
                         c.user.update_userdata(force_password_change=False)
                         msg = _('Force password change disabled for user')
                         audit_logger.store_web(
                             'user.edit.password_reset.disabled',
                             user=c.rhodecode_user)
                         Session().commit()
                         h.flash(msg, category='success')
                     except Exception:
                         log.exception("Exception during password reset for user")
                         h.flash(_('An error occurred during password reset for user'),
                                 category='error')
                     raise HTTPFound(h.route_path('user_edit_advanced', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='user_notice_dismiss', request_method='POST',
                     renderer='json_ext', xhr=True)
                 def user_notice_dismiss(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     user_notice_id = safe_int(self.request.POST.get('notice_id'))
                     notice = UserNotice().query()\
                         .filter(UserNotice.user_id == user_id)\
                         .filter(UserNotice.user_notice_id == user_notice_id)\
                         .scalar()
                     read = False
                     if notice:
                         notice.notice_read = True
                         Session().add(notice)
                         Session().commit()
                         read = True
                     return {'notice': user_notice_id, 'read': read}
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='user_create_personal_repo_group', request_method='POST',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_create_personal_repo_group(self):
                     """
                     Create personal repository group for this user
                     """
                     from rhodecode.model.repo_group import RepoGroupModel
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     personal_repo_group = RepoGroup.get_user_personal_repo_group(
                         c.user.user_id)
                     if personal_repo_group:
                         raise HTTPFound(h.route_path('user_edit_advanced', user_id=user_id))
                     personal_repo_group_name = RepoGroupModel().get_personal_group_name(c.user)
                     named_personal_group = RepoGroup.get_by_group_name(
                         personal_repo_group_name)
                     try:
                         if named_personal_group and named_personal_group.user_id == c.user.user_id:
                             # migrate the same named group, and mark it as personal
                             named_personal_group.personal = True
                             Session().add(named_personal_group)
                             Session().commit()
                             msg = _('Linked repository group `%s` as personal' % (
                                 personal_repo_group_name,))
                             h.flash(msg, category='success')
                         elif not named_personal_group:
                             RepoGroupModel().create_personal_repo_group(c.user)
                             msg = _('Created repository group `%s`' % (
                                 personal_repo_group_name,))
                             h.flash(msg, category='success')
                         else:
                             msg = _('Repository group `%s` is already taken' % (
                                 personal_repo_group_name,))
                             h.flash(msg, category='warning')
                     except Exception:
                         log.exception("Exception during repository group creation")
                         msg = _(
                             'An error occurred during repository group creation for user')
                         h.flash(msg, category='error')
                         Session().rollback()
                     raise HTTPFound(h.route_path('user_edit_advanced', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_auth_tokens', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def auth_tokens(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'auth_tokens'
                     c.lifetime_values = AuthTokenModel.get_lifetime_values(translator=_)
                     c.role_values = [
                         (x, AuthTokenModel.cls._get_role_name(x))
                         for x in AuthTokenModel.cls.ROLES]
                     c.role_options = [(c.role_values, _("Role"))]
                     c.user_auth_tokens = AuthTokenModel().get_auth_tokens(
                         c.user.user_id, show_expired=True)
                     c.role_vcs = AuthTokenModel.cls.ROLE_VCS
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_auth_tokens_view', request_method='POST',
                     renderer='json_ext', xhr=True)
                 def auth_tokens_view(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     auth_token_id = self.request.POST.get('auth_token_id')
                     if auth_token_id:
                         token = UserApiKeys.get_or_404(auth_token_id)
                         return {
                             'auth_token': token.api_key
                         }
                 def maybe_attach_token_scope(self, token):
                     # implemented in EE edition
                     pass
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_auth_tokens_add', request_method='POST')
                 def auth_tokens_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     user_data = c.user.get_api_data()
                     lifetime = safe_int(self.request.POST.get('lifetime'), -1)
                     description = self.request.POST.get('description')
                     role = self.request.POST.get('role')
                     token = UserModel().add_auth_token(
                         user=c.user.user_id,
                         lifetime_minutes=lifetime, role=role, description=description,
                         scope_callback=self.maybe_attach_token_scope)
                     token_data = token.get_api_data()
                     audit_logger.store_web(
                         'user.edit.token.add', action_data={
                             'data': {'token': token_data, 'user': user_data}},
                         user=self._rhodecode_user, )
                     Session().commit()
                     h.flash(_("Auth token successfully created"), category='success')
                     return HTTPFound(h.route_path('edit_user_auth_tokens', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_auth_tokens_delete', request_method='POST')
                 def auth_tokens_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     user_data = c.user.get_api_data()
                     del_auth_token = self.request.POST.get('del_auth_token')
                     if del_auth_token:
                         token = UserApiKeys.get_or_404(del_auth_token)
                         token_data = token.get_api_data()
                         AuthTokenModel().delete(del_auth_token, c.user.user_id)
                         audit_logger.store_web(
                             'user.edit.token.delete', action_data={
                                 'data': {'token': token_data, 'user': user_data}},
                             user=self._rhodecode_user,)
                         Session().commit()
                         h.flash(_("Auth token successfully deleted"), category='success')
                     return HTTPFound(h.route_path('edit_user_auth_tokens', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_ssh_keys', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def ssh_keys(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'ssh_keys'
                     c.default_key = self.request.GET.get('default_key')
                     c.user_ssh_keys = SshKeyModel().get_ssh_keys(c.user.user_id)
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_ssh_keys_generate_keypair', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def ssh_keys_generate_keypair(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'ssh_keys_generate'
                     comment = 'RhodeCode-SSH {}'.format(c.user.email or '')
                     private_format = self.request.GET.get('private_format') \
                                      or SshKeyModel.DEFAULT_PRIVATE_KEY_FORMAT
                     c.private, c.public = SshKeyModel().generate_keypair(
                         comment=comment, private_format=private_format)
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_ssh_keys_add', request_method='POST')
                 def ssh_keys_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     user_data = c.user.get_api_data()
                     key_data = self.request.POST.get('key_data')
                     description = self.request.POST.get('description')
                     fingerprint = 'unknown'
                     try:
                         if not key_data:
                             raise ValueError('Please add a valid public key')
                         key = SshKeyModel().parse_key(key_data.strip())
                         fingerprint = key.hash_md5()
                         ssh_key = SshKeyModel().create(
                             c.user.user_id, fingerprint, key.keydata, description)
                         ssh_key_data = ssh_key.get_api_data()
                         audit_logger.store_web(
                             'user.edit.ssh_key.add', action_data={
                                 'data': {'ssh_key': ssh_key_data, 'user': user_data}},
                             user=self._rhodecode_user, )
                         Session().commit()
                         # Trigger an event on change of keys.
                         trigger(SshKeyFileChangeEvent(), self.request.registry)
                         h.flash(_("Ssh Key successfully created"), category='success')
                     except IntegrityError:
                         log.exception("Exception during ssh key saving")
                         err = 'Such key with fingerprint `{}` already exists, ' \
                               'please use a different one'.format(fingerprint)
                         h.flash(_('An error occurred during ssh key saving: {}').format(err),
                                 category='error')
                     except Exception as e:
                         log.exception("Exception during ssh key saving")
                         h.flash(_('An error occurred during ssh key saving: {}').format(e),
                                 category='error')
                     return HTTPFound(
                         h.route_path('edit_user_ssh_keys', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_ssh_keys_delete', request_method='POST')
                 def ssh_keys_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     user_data = c.user.get_api_data()
                     del_ssh_key = self.request.POST.get('del_ssh_key')
                     if del_ssh_key:
                         ssh_key = UserSshKeys.get_or_404(del_ssh_key)
                         ssh_key_data = ssh_key.get_api_data()
                         SshKeyModel().delete(del_ssh_key, c.user.user_id)
                         audit_logger.store_web(
                             'user.edit.ssh_key.delete', action_data={
                                 'data': {'ssh_key': ssh_key_data, 'user': user_data}},
                             user=self._rhodecode_user,)
                         Session().commit()
                         # Trigger an event on change of keys.
                         trigger(SshKeyFileChangeEvent(), self.request.registry)
                         h.flash(_("Ssh key successfully deleted"), category='success')
                     return HTTPFound(h.route_path('edit_user_ssh_keys', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_emails', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def emails(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'emails'
                     c.user_email_map = UserEmailMap.query() \
                         .filter(UserEmailMap.user == c.user).all()
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_emails_add', request_method='POST')
                 def emails_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     email = self.request.POST.get('new_email')
                     user_data = c.user.get_api_data()
                     try:
                         form = UserExtraEmailForm(self.request.translate)()
                         data = form.to_python({'email': email})
                         email = data['email']
                         UserModel().add_extra_email(c.user.user_id, email)
                         audit_logger.store_web(
                             'user.edit.email.add',
                             action_data={'email': email, 'user': user_data},
                             user=self._rhodecode_user)
                         Session().commit()
                         h.flash(_("Added new email address `%s` for user account") % email,
                                 category='success')
                     except formencode.Invalid as error:
                         h.flash(h.escape(error.error_dict['email']), category='error')
                     except IntegrityError:
                         log.warning("Email %s already exists", email)
                         h.flash(_('Email `{}` is already registered for another user.').format(email),
                                 category='error')
                     except Exception:
                         log.exception("Exception during email saving")
                         h.flash(_('An error occurred during email saving'),
                                 category='error')
                     raise HTTPFound(h.route_path('edit_user_emails', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_emails_delete', request_method='POST')
                 def emails_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     email_id = self.request.POST.get('del_email_id')
                     user_model = UserModel()
                     email = UserEmailMap.query().get(email_id).email
                     user_data = c.user.get_api_data()
                     user_model.delete_extra_email(c.user.user_id, email_id)
                     audit_logger.store_web(
                         'user.edit.email.delete',
                         action_data={'email': email, 'user': user_data},
                         user=self._rhodecode_user)
                     Session().commit()
                     h.flash(_("Removed email address from user account"),
                             category='success')
                     raise HTTPFound(h.route_path('edit_user_emails', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_ips', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def ips(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'ips'
                     c.user_ip_map = UserIpMap.query() \
                         .filter(UserIpMap.user == c.user).all()
                     c.inherit_default_ips = c.user.inherit_default_permissions
                     c.default_user_ip_map = UserIpMap.query() \
                         .filter(UserIpMap.user == User.get_default_user()).all()
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_ips_add', request_method='POST')
                 # NOTE(marcink): this view is allowed for default users, as we can
                 # edit their IP white list
                 def ips_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     user_model = UserModel()
                     desc = self.request.POST.get('description')
                     try:
                         ip_list = user_model.parse_ip_range(
                             self.request.POST.get('new_ip'))
                     except Exception as e:
                         ip_list = []
                         log.exception("Exception during ip saving")
                         h.flash(_('An error occurred during ip saving:%s' % (e,)),
                                 category='error')
                     added = []
                     user_data = c.user.get_api_data()
                     for ip in ip_list:
                         try:
                             form = UserExtraIpForm(self.request.translate)()
                             data = form.to_python({'ip': ip})
                             ip = data['ip']
                             user_model.add_extra_ip(c.user.user_id, ip, desc)
                             audit_logger.store_web(
                                 'user.edit.ip.add',
                                 action_data={'ip': ip, 'user': user_data},
                                 user=self._rhodecode_user)
                             Session().commit()
                             added.append(ip)
                         except formencode.Invalid as error:
                             msg = error.error_dict['ip']
                             h.flash(msg, category='error')
                         except Exception:
                             log.exception("Exception during ip saving")
                             h.flash(_('An error occurred during ip saving'),
                                     category='error')
                     if added:
                         h.flash(
                             _("Added ips %s to user whitelist") % (', '.join(ip_list), ),
                             category='success')
                     if 'default_user' in self.request.POST:
                         # case for editing global IP list we do it for 'DEFAULT' user
                         raise HTTPFound(h.route_path('admin_permissions_ips'))
                     raise HTTPFound(h.route_path('edit_user_ips', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_ips_delete', request_method='POST')
                 # NOTE(marcink): this view is allowed for default users, as we can
                 # edit their IP white list
                 def ips_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     ip_id = self.request.POST.get('del_ip_id')
                     user_model = UserModel()
                     user_data = c.user.get_api_data()
                     ip = UserIpMap.query().get(ip_id).ip_addr
                     user_model.delete_extra_ip(c.user.user_id, ip_id)
                     audit_logger.store_web(
                         'user.edit.ip.delete', action_data={'ip': ip, 'user': user_data},
                         user=self._rhodecode_user)
                     Session().commit()
                     h.flash(_("Removed ip address from user whitelist"), category='success')
                     if 'default_user' in self.request.POST:
                         # case for editing global IP list we do it for 'DEFAULT' user
                         raise HTTPFound(h.route_path('admin_permissions_ips'))
                     raise HTTPFound(h.route_path('edit_user_ips', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_groups_management', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def groups_management(self):
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.data = c.user.group_member
                     groups = [UserGroupModel.get_user_groups_as_dict(group.users_group)
                               for group in c.user.group_member]
                     c.groups = json.dumps(groups)
                     c.active = 'groups'
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_groups_management_updates', request_method='POST')
                 def groups_management_updates(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     user_groups = set(self.request.POST.getall('users_group_id'))
                     user_groups_objects = []
                     for ugid in user_groups:
                         user_groups_objects.append(
                             UserGroupModel().get_group(safe_int(ugid)))
                     user_group_model = UserGroupModel()
                     added_to_groups, removed_from_groups = \
                         user_group_model.change_groups(c.user, user_groups_objects)
                     user_data = c.user.get_api_data()
                     for user_group_id in added_to_groups:
                         user_group = UserGroup.get(user_group_id)
                         old_values = user_group.get_api_data()
                         audit_logger.store_web(
                             'user_group.edit.member.add',
                             action_data={'user': user_data, 'old_data': old_values},
                             user=self._rhodecode_user)
                     for user_group_id in removed_from_groups:
                         user_group = UserGroup.get(user_group_id)
                         old_values = user_group.get_api_data()
                         audit_logger.store_web(
                             'user_group.edit.member.delete',
                             action_data={'user': user_data, 'old_data': old_values},
                             user=self._rhodecode_user)
                     Session().commit()
                     c.active = 'user_groups_management'
                     h.flash(_("Groups successfully changed"), category='success')
                     return HTTPFound(h.route_path(
                         'edit_user_groups_management', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_audit_logs', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_audit_logs(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'audit'
                     p = safe_int(self.request.GET.get('page', 1), 1)
                     filter_term = self.request.GET.get('filter')
                     user_log = UserModel().get_user_log(c.user, filter_term)
                     def url_generator(page_num):
                         query_params = {
                             'page': page_num
                         }
                         if filter_term:
                             query_params['filter'] = filter_term
                         return self.request.current_route_path(_query=query_params)
                     c.audit_logs = SqlPage(
                         user_log, page=p, items_per_page=10, url_maker=url_generator)
                     c.filter_term = filter_term
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_audit_logs_download', request_method='GET',
                     renderer='string')
                 def user_audit_logs_download(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     user_log = UserModel().get_user_log(c.user, filter_term=None)
                     audit_log_data = {}
                     for entry in user_log:
                         audit_log_data[entry.user_log_id] = entry.get_dict()
                     response = Response(json.dumps(audit_log_data, indent=4))
                     response.content_disposition = str(
                         'attachment; filename=%s' % 'user_{}_audit_logs.json'.format(c.user.user_id))
                     response.content_type = 'application/json'
                     return response
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_perms_summary', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_perms_summary(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'perms_summary'
                     c.perm_user = c.user.AuthUser(ip_addr=self.request.remote_addr)
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_perms_summary_json', request_method='GET',
                     renderer='json_ext')
                 def user_perms_summary_json(self):
                     self.load_default_context()
                     perm_user = self.db_user.AuthUser(ip_addr=self.request.remote_addr)
                     return perm_user.permissions
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_caches', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_caches(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'caches'
                     c.perm_user = c.user.AuthUser(ip_addr=self.request.remote_addr)
                     cache_namespace_uid = 'cache_user_auth.{}'.format(self.db_user.user_id)
                     c.region = rc_cache.get_or_create_region('cache_perms', cache_namespace_uid)
                     c.backend = c.region.backend
                     c.user_keys = sorted(c.region.backend.list_keys(prefix=cache_namespace_uid))
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_caches_update', request_method='POST')
                 def user_caches_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'caches'
                     c.perm_user = c.user.AuthUser(ip_addr=self.request.remote_addr)
                     cache_namespace_uid = 'cache_user_auth.{}'.format(self.db_user.user_id)
                     del_keys = rc_cache.clear_cache_namespace('cache_perms', cache_namespace_uid)
                     h.flash(_("Deleted {} cache keys").format(del_keys), category='success')
                     return HTTPFound(h.route_path(
                         'edit_user_caches', user_id=c.user.user_id))

rhodecode/lib/exceptions.py

0 +4 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Set of custom exceptions used in RhodeCode
             """
             from webob.exc import HTTPClientError
             from pyramid.httpexceptions import HTTPBadGateway
             class LdapUsernameError(Exception):
                 pass
             class LdapPasswordError(Exception):
                 pass
             class LdapConnectionError(Exception):
                 pass
             class LdapImportError(Exception):
                 pass
             class DefaultUserException(Exception):
                 pass
             class UserOwnsReposException(Exception):
                 pass
             class UserOwnsRepoGroupsException(Exception):
                 pass
             class UserOwnsUserGroupsException(Exception):
                 pass
+            class UserOwnsPullRequestsException(Exception):
+                pass
             class UserOwnsArtifactsException(Exception):
                 pass
             class UserGroupAssignedException(Exception):
                 pass
             class StatusChangeOnClosedPullRequestError(Exception):
                 pass
             class AttachedForksError(Exception):
                 pass
             class AttachedPullRequestsError(Exception):
                 pass
             class RepoGroupAssignmentError(Exception):
                 pass
             class NonRelativePathError(Exception):
                 pass
             class HTTPRequirementError(HTTPClientError):
                 title = explanation = 'Repository Requirement Missing'
                 reason = None
                 def __init__(self, message, *args, **kwargs):
                     self.title = self.explanation = message
                     super(HTTPRequirementError, self).__init__(*args, **kwargs)
                     self.args = (message, )
             class HTTPLockedRC(HTTPClientError):
                 """
                 Special Exception For locked Repos in RhodeCode, the return code can
                 be overwritten by _code keyword argument passed into constructors
                 """
                 code = 423
                 title = explanation = 'Repository Locked'
                 reason = None
                 def __init__(self, message, *args, **kwargs):
                     from rhodecode import CONFIG
                     from rhodecode.lib.utils2 import safe_int
                     _code = CONFIG.get('lock_ret_code')
                     self.code = safe_int(_code, self.code)
                     self.title = self.explanation = message
                     super(HTTPLockedRC, self).__init__(*args, **kwargs)
                     self.args = (message, )
             class HTTPBranchProtected(HTTPClientError):
                 """
                 Special Exception For Indicating that branch is protected in RhodeCode, the
                 return code can be overwritten by _code keyword argument passed into constructors
                 """
                 code = 403
                 title = explanation = 'Branch Protected'
                 reason = None
                 def __init__(self, message, *args, **kwargs):
                     self.title = self.explanation = message
                     super(HTTPBranchProtected, self).__init__(*args, **kwargs)
                     self.args = (message, )
             class IMCCommitError(Exception):
                 pass
             class UserCreationError(Exception):
                 pass
             class NotAllowedToCreateUserError(Exception):
                 pass
             class RepositoryCreationError(Exception):
                 pass
             class VCSServerUnavailable(HTTPBadGateway):
                 """ HTTP Exception class for VCS Server errors """
                 code = 502
                 title = 'VCS Server Error'
                 causes = [
                     'VCS Server is not running',
                     'Incorrect vcs.server=host:port',
                     'Incorrect vcs.server.protocol',
                 ]
                 def __init__(self, message=''):
                     self.explanation = 'Could not connect to VCS Server'
                     if message:
                         self.explanation += ': ' + message
                     super(VCSServerUnavailable, self).__init__()
             class ArtifactMetadataDuplicate(ValueError):
                 def __init__(self, *args, **kwargs):
                     self.err_section = kwargs.pop('err_section', None)
                     self.err_key = kwargs.pop('err_key', None)
                     super(ArtifactMetadataDuplicate, self).__init__(*args, **kwargs)
             class ArtifactMetadataBadValueType(ValueError):
                 pass

rhodecode/model/db.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/model/pull_request.py

0 +7 -2

             # -*- coding: utf-8 -*-
             # Copyright (C) 2012-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             pull request model for RhodeCode
             """
             import json
             import logging
             import os
             import datetime
             import urllib
             import collections
             from pyramid import compat
             from pyramid.threadlocal import get_current_request
             from rhodecode.lib.vcs.nodes import FileNode
             from rhodecode.translation import lazy_ugettext
             from rhodecode.lib import helpers as h, hooks_utils, diffs
             from rhodecode.lib import audit_logger
             from rhodecode.lib.compat import OrderedDict
             from rhodecode.lib.hooks_daemon import prepare_callback_daemon
             from rhodecode.lib.markup_renderer import (
                 DEFAULT_COMMENTS_RENDERER, RstTemplateRenderer)
-            from rhodecode.lib.utils2 import safe_unicode, safe_str, md5_safe, AttributeDict, safe_int
+            from rhodecode.lib.utils2 import (
+                safe_unicode, safe_str, md5_safe, AttributeDict, safe_int,
+                get_current_rhodecode_user)
             from rhodecode.lib.vcs.backends.base import (
                 Reference, MergeResponse, MergeFailureReason, UpdateFailureReason,
                 TargetRefMissing, SourceRefMissing)
             from rhodecode.lib.vcs.conf import settings as vcs_settings
             from rhodecode.lib.vcs.exceptions import (
                 CommitDoesNotExistError, EmptyRepositoryError)
             from rhodecode.model import BaseModel
             from rhodecode.model.changeset_status import ChangesetStatusModel
             from rhodecode.model.comment import CommentsModel
             from rhodecode.model.db import (
                 or_, String, cast, PullRequest, PullRequestReviewers, ChangesetStatus,
                 PullRequestVersion, ChangesetComment, Repository, RepoReviewRule, User)
             from rhodecode.model.meta import Session
             from rhodecode.model.notification import NotificationModel, \
                 EmailNotificationModel
             from rhodecode.model.scm import ScmModel
             from rhodecode.model.settings import VcsSettingsModel
             log = logging.getLogger(__name__)
             # Data structure to hold the response data when updating commits during a pull
             # request update.
             class UpdateResponse(object):
                 def __init__(self, executed, reason, new, old, common_ancestor_id,
                              commit_changes, source_changed, target_changed):
                     self.executed = executed
                     self.reason = reason
                     self.new = new
                     self.old = old
                     self.common_ancestor_id = common_ancestor_id
                     self.changes = commit_changes
                     self.source_changed = source_changed
                     self.target_changed = target_changed
             def get_diff_info(
                     source_repo, source_ref, target_repo, target_ref, get_authors=False,
                     get_commit_authors=True):
                 """
                 Calculates detailed diff information for usage in preview of creation of a pull-request.
                 This is also used for default reviewers logic
                 """
                 source_scm = source_repo.scm_instance()
                 target_scm = target_repo.scm_instance()
                 ancestor_id = target_scm.get_common_ancestor(target_ref, source_ref, source_scm)
                 if not ancestor_id:
                     raise ValueError(
                         'cannot calculate diff info without a common ancestor. '
                         'Make sure both repositories are related, and have a common forking commit.')
                 # case here is that want a simple diff without incoming commits,
                 # previewing what will be merged based only on commits in the source.
                 log.debug('Using ancestor %s as source_ref instead of %s',
                           ancestor_id, source_ref)
                 # source of changes now is the common ancestor
                 source_commit = source_scm.get_commit(commit_id=ancestor_id)
                 # target commit becomes the source ref as it is the last commit
                 # for diff generation this logic gives proper diff
                 target_commit = source_scm.get_commit(commit_id=source_ref)
                 vcs_diff = \
                     source_scm.get_diff(commit1=source_commit, commit2=target_commit,
                                         ignore_whitespace=False, context=3)
                 diff_processor = diffs.DiffProcessor(
                     vcs_diff, format='newdiff', diff_limit=None,
                     file_limit=None, show_full_diff=True)
                 _parsed = diff_processor.prepare()
                 all_files = []
                 all_files_changes = []
                 changed_lines = {}
                 stats = [0, 0]
                 for f in _parsed:
                     all_files.append(f['filename'])
                     all_files_changes.append({
                         'filename': f['filename'],
                         'stats': f['stats']
                     })
                     stats[0] += f['stats']['added']
                     stats[1] += f['stats']['deleted']
                     changed_lines[f['filename']] = []
                     if len(f['chunks']) < 2:
                         continue
                     # first line is "context" information
                     for chunks in f['chunks'][1:]:
                         for chunk in chunks['lines']:
                             if chunk['action'] not in ('del', 'mod'):
                                 continue
                             changed_lines[f['filename']].append(chunk['old_lineno'])
                 commit_authors = []
                 user_counts = {}
                 email_counts = {}
                 author_counts = {}
                 _commit_cache = {}
                 commits = []
                 if get_commit_authors:
                     commits = target_scm.compare(
                         target_ref, source_ref, source_scm, merge=True,
                         pre_load=["author"])
                     for commit in commits:
                         user = User.get_from_cs_author(commit.author)
                         if user and user not in commit_authors:
                             commit_authors.append(user)
                 # lines
                 if get_authors:
                     target_commit = source_repo.get_commit(ancestor_id)
                     for fname, lines in changed_lines.items():
                         try:
                             node = target_commit.get_node(fname)
                         except Exception:
                             continue
                         if not isinstance(node, FileNode):
                             continue
                         for annotation in node.annotate:
                             line_no, commit_id, get_commit_func, line_text = annotation
                             if line_no in lines:
                                 if commit_id not in _commit_cache:
                                     _commit_cache[commit_id] = get_commit_func()
                                 commit = _commit_cache[commit_id]
                                 author = commit.author
                                 email = commit.author_email
                                 user = User.get_from_cs_author(author)
                                 if user:
                                     user_counts[user] = user_counts.get(user, 0) + 1
                                 author_counts[author] = author_counts.get(author, 0) + 1
                                 email_counts[email] = email_counts.get(email, 0) + 1
                 return {
                     'commits': commits,
                     'files': all_files_changes,
                     'stats': stats,
                     'ancestor': ancestor_id,
                     # original authors of modified files
                     'original_authors': {
                         'users': user_counts,
                         'authors': author_counts,
                         'emails': email_counts,
                     },
                     'commit_authors': commit_authors
                 }
             class PullRequestModel(BaseModel):
                 cls = PullRequest
                 DIFF_CONTEXT = diffs.DEFAULT_CONTEXT
                 UPDATE_STATUS_MESSAGES = {
                     UpdateFailureReason.NONE: lazy_ugettext(
                         'Pull request update successful.'),
                     UpdateFailureReason.UNKNOWN: lazy_ugettext(
                         'Pull request update failed because of an unknown error.'),
                     UpdateFailureReason.NO_CHANGE: lazy_ugettext(
                         'No update needed because the source and target have not changed.'),
                     UpdateFailureReason.WRONG_REF_TYPE: lazy_ugettext(
                         'Pull request cannot be updated because the reference type is '
                         'not supported for an update. Only Branch, Tag or Bookmark is allowed.'),
                     UpdateFailureReason.MISSING_TARGET_REF: lazy_ugettext(
                         'This pull request cannot be updated because the target '
                         'reference is missing.'),
                     UpdateFailureReason.MISSING_SOURCE_REF: lazy_ugettext(
                         'This pull request cannot be updated because the source '
                         'reference is missing.'),
                 }
                 REF_TYPES = ['bookmark', 'book', 'tag', 'branch']
                 UPDATABLE_REF_TYPES = ['bookmark', 'book', 'branch']
                 def __get_pull_request(self, pull_request):
                     return self._get_instance((
                         PullRequest, PullRequestVersion), pull_request)
                 def _check_perms(self, perms, pull_request, user, api=False):
                     if not api:
                         return h.HasRepoPermissionAny(*perms)(
                             user=user, repo_name=pull_request.target_repo.repo_name)
                     else:
                         return h.HasRepoPermissionAnyApi(*perms)(
                             user=user, repo_name=pull_request.target_repo.repo_name)
                 def check_user_read(self, pull_request, user, api=False):
                     _perms = ('repository.admin', 'repository.write', 'repository.read',)
                     return self._check_perms(_perms, pull_request, user, api)
                 def check_user_merge(self, pull_request, user, api=False):
                     _perms = ('repository.admin', 'repository.write', 'hg.admin',)
                     return self._check_perms(_perms, pull_request, user, api)
                 def check_user_update(self, pull_request, user, api=False):
                     owner = user.user_id == pull_request.user_id
                     return self.check_user_merge(pull_request, user, api) or owner
                 def check_user_delete(self, pull_request, user):
                     owner = user.user_id == pull_request.user_id
                     _perms = ('repository.admin',)
                     return self._check_perms(_perms, pull_request, user) or owner
                 def check_user_change_status(self, pull_request, user, api=False):
                     reviewer = user.user_id in [x.user_id for x in
                                                 pull_request.reviewers]
                     return self.check_user_update(pull_request, user, api) or reviewer
                 def check_user_comment(self, pull_request, user):
                     owner = user.user_id == pull_request.user_id
                     return self.check_user_read(pull_request, user) or owner
                 def get(self, pull_request):
                     return self.__get_pull_request(pull_request)
                 def _prepare_get_all_query(self, repo_name, search_q=None, source=False,
                                            statuses=None, opened_by=None, order_by=None,
                                            order_dir='desc', only_created=False):
                     repo = None
                     if repo_name:
                         repo = self._get_repo(repo_name)
                     q = PullRequest.query()
                     if search_q:
                         like_expression = u'%{}%'.format(safe_unicode(search_q))
                         q = q.join(User)
                         q = q.filter(or_(
                             cast(PullRequest.pull_request_id, String).ilike(like_expression),
                             User.username.ilike(like_expression),
                             PullRequest.title.ilike(like_expression),
                             PullRequest.description.ilike(like_expression),
                         ))
                     # source or target
                     if repo and source:
                         q = q.filter(PullRequest.source_repo == repo)
                     elif repo:
                         q = q.filter(PullRequest.target_repo == repo)
                     # closed,opened
                     if statuses:
                         q = q.filter(PullRequest.status.in_(statuses))
                     # opened by filter
                     if opened_by:
                         q = q.filter(PullRequest.user_id.in_(opened_by))
                     # only get those that are in "created" state
                     if only_created:
                         q = q.filter(PullRequest.pull_request_state == PullRequest.STATE_CREATED)
                     if order_by:
                         order_map = {
                             'name_raw': PullRequest.pull_request_id,
                             'id': PullRequest.pull_request_id,
                             'title': PullRequest.title,
                             'updated_on_raw': PullRequest.updated_on,
                             'target_repo': PullRequest.target_repo_id
                         }
                         if order_dir == 'asc':
                             q = q.order_by(order_map[order_by].asc())
                         else:
                             q = q.order_by(order_map[order_by].desc())
                     return q
                 def count_all(self, repo_name, search_q=None, source=False, statuses=None,
                               opened_by=None):
                     """
                     Count the number of pull requests for a specific repository.
                     :param repo_name: target or source repo
                     :param search_q: filter by text
                     :param source: boolean flag to specify if repo_name refers to source
                     :param statuses: list of pull request statuses
                     :param opened_by: author user of the pull request
                     :returns: int number of pull requests
                     """
                     q = self._prepare_get_all_query(
                         repo_name, search_q=search_q, source=source, statuses=statuses,
                         opened_by=opened_by)
                     return q.count()
                 def get_all(self, repo_name, search_q=None, source=False, statuses=None,
                             opened_by=None, offset=0, length=None, order_by=None, order_dir='desc'):
                     """
                     Get all pull requests for a specific repository.
                     :param repo_name: target or source repo
                     :param search_q: filter by text
                     :param source: boolean flag to specify if repo_name refers to source
                     :param statuses: list of pull request statuses
                     :param opened_by: author user of the pull request
                     :param offset: pagination offset
                     :param length: length of returned list
                     :param order_by: order of the returned list
                     :param order_dir: 'asc' or 'desc' ordering direction
                     :returns: list of pull requests
                     """
                     q = self._prepare_get_all_query(
                         repo_name, search_q=search_q, source=source, statuses=statuses,
                         opened_by=opened_by, order_by=order_by, order_dir=order_dir)
                     if length:
                         pull_requests = q.limit(length).offset(offset).all()
                     else:
                         pull_requests = q.all()
                     return pull_requests
                 def count_awaiting_review(self, repo_name, search_q=None, source=False, statuses=None,
                                           opened_by=None):
                     """
                     Count the number of pull requests for a specific repository that are
                     awaiting review.
                     :param repo_name: target or source repo
                     :param search_q: filter by text
                     :param source: boolean flag to specify if repo_name refers to source
                     :param statuses: list of pull request statuses
                     :param opened_by: author user of the pull request
                     :returns: int number of pull requests
                     """
                     pull_requests = self.get_awaiting_review(
                         repo_name, search_q=search_q, source=source, statuses=statuses, opened_by=opened_by)
                     return len(pull_requests)
                 def get_awaiting_review(self, repo_name, search_q=None, source=False, statuses=None,
                                         opened_by=None, offset=0, length=None,
                                         order_by=None, order_dir='desc'):
                     """
                     Get all pull requests for a specific repository that are awaiting
                     review.
                     :param repo_name: target or source repo
                     :param search_q: filter by text
                     :param source: boolean flag to specify if repo_name refers to source
                     :param statuses: list of pull request statuses
                     :param opened_by: author user of the pull request
                     :param offset: pagination offset
                     :param length: length of returned list
                     :param order_by: order of the returned list
                     :param order_dir: 'asc' or 'desc' ordering direction
                     :returns: list of pull requests
                     """
                     pull_requests = self.get_all(
                         repo_name, search_q=search_q, source=source, statuses=statuses,
                         opened_by=opened_by, order_by=order_by, order_dir=order_dir)
                     _filtered_pull_requests = []
                     for pr in pull_requests:
                         status = pr.calculated_review_status()
                         if status in [ChangesetStatus.STATUS_NOT_REVIEWED,
                                       ChangesetStatus.STATUS_UNDER_REVIEW]:
                             _filtered_pull_requests.append(pr)
                     if length:
                         return _filtered_pull_requests[offset:offset+length]
                     else:
                         return _filtered_pull_requests
                 def count_awaiting_my_review(self, repo_name, search_q=None, source=False, statuses=None,
                                              opened_by=None, user_id=None):
                     """
                     Count the number of pull requests for a specific repository that are
                     awaiting review from a specific user.
                     :param repo_name: target or source repo
                     :param search_q: filter by text
                     :param source: boolean flag to specify if repo_name refers to source
                     :param statuses: list of pull request statuses
                     :param opened_by: author user of the pull request
                     :param user_id: reviewer user of the pull request
                     :returns: int number of pull requests
                     """
                     pull_requests = self.get_awaiting_my_review(
                         repo_name, search_q=search_q, source=source, statuses=statuses,
                         opened_by=opened_by, user_id=user_id)
                     return len(pull_requests)
                 def get_awaiting_my_review(self, repo_name, search_q=None, source=False, statuses=None,
                                            opened_by=None, user_id=None, offset=0,
                                            length=None, order_by=None, order_dir='desc'):
                     """
                     Get all pull requests for a specific repository that are awaiting
                     review from a specific user.
                     :param repo_name: target or source repo
                     :param search_q: filter by text
                     :param source: boolean flag to specify if repo_name refers to source
                     :param statuses: list of pull request statuses
                     :param opened_by: author user of the pull request
                     :param user_id: reviewer user of the pull request
                     :param offset: pagination offset
                     :param length: length of returned list
                     :param order_by: order of the returned list
                     :param order_dir: 'asc' or 'desc' ordering direction
                     :returns: list of pull requests
                     """
                     pull_requests = self.get_all(
                         repo_name, search_q=search_q, source=source, statuses=statuses,
                         opened_by=opened_by, order_by=order_by, order_dir=order_dir)
                     _my = PullRequestModel().get_not_reviewed(user_id)
                     my_participation = []
                     for pr in pull_requests:
                         if pr in _my:
                             my_participation.append(pr)
                     _filtered_pull_requests = my_participation
                     if length:
                         return _filtered_pull_requests[offset:offset+length]
                     else:
                         return _filtered_pull_requests
                 def get_not_reviewed(self, user_id):
                     return [
                         x.pull_request for x in PullRequestReviewers.query().filter(
                             PullRequestReviewers.user_id == user_id).all()
                     ]
                 def _prepare_participating_query(self, user_id=None, statuses=None, query='',
                                                  order_by=None, order_dir='desc'):
                     q = PullRequest.query()
                     if user_id:
                         reviewers_subquery = Session().query(
                             PullRequestReviewers.pull_request_id).filter(
                             PullRequestReviewers.user_id == user_id).subquery()
                         user_filter = or_(
                             PullRequest.user_id == user_id,
                             PullRequest.pull_request_id.in_(reviewers_subquery)
                         )
                         q = PullRequest.query().filter(user_filter)
                     # closed,opened
                     if statuses:
                         q = q.filter(PullRequest.status.in_(statuses))
                     if query:
                         like_expression = u'%{}%'.format(safe_unicode(query))
                         q = q.join(User)
                         q = q.filter(or_(
                             cast(PullRequest.pull_request_id, String).ilike(like_expression),
                             User.username.ilike(like_expression),
                             PullRequest.title.ilike(like_expression),
                             PullRequest.description.ilike(like_expression),
                         ))
                     if order_by:
                         order_map = {
                             'name_raw': PullRequest.pull_request_id,
                             'title': PullRequest.title,
                             'updated_on_raw': PullRequest.updated_on,
                             'target_repo': PullRequest.target_repo_id
                         }
                         if order_dir == 'asc':
                             q = q.order_by(order_map[order_by].asc())
                         else:
                             q = q.order_by(order_map[order_by].desc())
                     return q
                 def count_im_participating_in(self, user_id=None, statuses=None, query=''):
                     q = self._prepare_participating_query(user_id, statuses=statuses, query=query)
                     return q.count()
                 def get_im_participating_in(
                         self, user_id=None, statuses=None, query='', offset=0,
                         length=None, order_by=None, order_dir='desc'):
                     """
                     Get all Pull requests that i'm participating in, or i have opened
                     """
                     q = self._prepare_participating_query(
                         user_id, statuses=statuses, query=query, order_by=order_by,
                         order_dir=order_dir)
                     if length:
                         pull_requests = q.limit(length).offset(offset).all()
                     else:
                         pull_requests = q.all()
                     return pull_requests
                 def get_versions(self, pull_request):
                     """
                     returns version of pull request sorted by ID descending
                     """
                     return PullRequestVersion.query()\
                         .filter(PullRequestVersion.pull_request == pull_request)\
                         .order_by(PullRequestVersion.pull_request_version_id.asc())\
                         .all()
                 def get_pr_version(self, pull_request_id, version=None):
                     at_version = None
                     if version and version == 'latest':
                         pull_request_ver = PullRequest.get(pull_request_id)
                         pull_request_obj = pull_request_ver
                         _org_pull_request_obj = pull_request_obj
                         at_version = 'latest'
                     elif version:
                         pull_request_ver = PullRequestVersion.get_or_404(version)
                         pull_request_obj = pull_request_ver
                         _org_pull_request_obj = pull_request_ver.pull_request
                         at_version = pull_request_ver.pull_request_version_id
                     else:
                         _org_pull_request_obj = pull_request_obj = PullRequest.get_or_404(
                             pull_request_id)
                     pull_request_display_obj = PullRequest.get_pr_display_object(
                         pull_request_obj, _org_pull_request_obj)
                     return _org_pull_request_obj, pull_request_obj, \
                            pull_request_display_obj, at_version
                 def create(self, created_by, source_repo, source_ref, target_repo,
                            target_ref, revisions, reviewers, title, description=None,
                            common_ancestor_id=None,
                            description_renderer=None,
                            reviewer_data=None, translator=None, auth_user=None):
                     translator = translator or get_current_request().translate
                     created_by_user = self._get_user(created_by)
                     auth_user = auth_user or created_by_user.AuthUser()
                     source_repo = self._get_repo(source_repo)
                     target_repo = self._get_repo(target_repo)
                     pull_request = PullRequest()
                     pull_request.source_repo = source_repo
                     pull_request.source_ref = source_ref
                     pull_request.target_repo = target_repo
                     pull_request.target_ref = target_ref
                     pull_request.revisions = revisions
                     pull_request.title = title
                     pull_request.description = description
                     pull_request.description_renderer = description_renderer
                     pull_request.author = created_by_user
                     pull_request.reviewer_data = reviewer_data
                     pull_request.pull_request_state = pull_request.STATE_CREATING
                     pull_request.common_ancestor_id = common_ancestor_id
                     Session().add(pull_request)
                     Session().flush()
                     reviewer_ids = set()
                     # members / reviewers
                     for reviewer_object in reviewers:
                         user_id, reasons, mandatory, rules = reviewer_object
                         user = self._get_user(user_id)
                         # skip duplicates
                         if user.user_id in reviewer_ids:
                             continue
                         reviewer_ids.add(user.user_id)
                         reviewer = PullRequestReviewers()
                         reviewer.user = user
                         reviewer.pull_request = pull_request
                         reviewer.reasons = reasons
                         reviewer.mandatory = mandatory
                         # NOTE(marcink): pick only first rule for now
                         rule_id = list(rules)[0] if rules else None
                         rule = RepoReviewRule.get(rule_id) if rule_id else None
                         if rule:
                             review_group = rule.user_group_vote_rule(user_id)
                             # we check if this particular reviewer is member of a voting group
                             if review_group:
                                 # NOTE(marcink):
                                 # can be that user is member of more but we pick the first same,
                                 # same as default reviewers algo
                                 review_group = review_group[0]
                                 rule_data = {
                                     'rule_name':
                                         rule.review_rule_name,
                                     'rule_user_group_entry_id':
                                         review_group.repo_review_rule_users_group_id,
                                     'rule_user_group_name':
                                         review_group.users_group.users_group_name,
                                     'rule_user_group_members':
                                         [x.user.username for x in review_group.users_group.members],
                                     'rule_user_group_members_id':
                                         [x.user.user_id for x in review_group.users_group.members],
                                 }
                                 # e.g {'vote_rule': -1, 'mandatory': True}
                                 rule_data.update(review_group.rule_data())
                                 reviewer.rule_data = rule_data
                         Session().add(reviewer)
                         Session().flush()
                     # Set approval status to "Under Review" for all commits which are
                     # part of this pull request.
                     ChangesetStatusModel().set_status(
                         repo=target_repo,
                         status=ChangesetStatus.STATUS_UNDER_REVIEW,
                         user=created_by_user,
                         pull_request=pull_request
                     )
                     # we commit early at this point. This has to do with a fact
                     # that before queries do some row-locking. And because of that
                     # we need to commit and finish transaction before below validate call
                     # that for large repos could be long resulting in long row locks
                     Session().commit()
                     # prepare workspace, and run initial merge simulation. Set state during that
                     # operation
                     pull_request = PullRequest.get(pull_request.pull_request_id)
                     # set as merging, for merge simulation, and if finished to created so we mark
                     # simulation is working fine
                     with pull_request.set_state(PullRequest.STATE_MERGING,
                                                 final_state=PullRequest.STATE_CREATED) as state_obj:
                         MergeCheck.validate(
                             pull_request, auth_user=auth_user, translator=translator)
                     self.notify_reviewers(pull_request, reviewer_ids)
                     self.trigger_pull_request_hook(pull_request, created_by_user, 'create')
                     creation_data = pull_request.get_api_data(with_merge_state=False)
                     self._log_audit_action(
                         'repo.pull_request.create', {'data': creation_data},
                         auth_user, pull_request)
                     return pull_request
                 def trigger_pull_request_hook(self, pull_request, user, action, data=None):
                     pull_request = self.__get_pull_request(pull_request)
                     target_scm = pull_request.target_repo.scm_instance()
                     if action == 'create':
                         trigger_hook = hooks_utils.trigger_create_pull_request_hook
                     elif action == 'merge':
                         trigger_hook = hooks_utils.trigger_merge_pull_request_hook
                     elif action == 'close':
                         trigger_hook = hooks_utils.trigger_close_pull_request_hook
                     elif action == 'review_status_change':
                         trigger_hook = hooks_utils.trigger_review_pull_request_hook
                     elif action == 'update':
                         trigger_hook = hooks_utils.trigger_update_pull_request_hook
                     elif action == 'comment':
                         trigger_hook = hooks_utils.trigger_comment_pull_request_hook
                     else:
                         return
                     log.debug('Handling pull_request %s trigger_pull_request_hook with action %s and hook: %s',
                               pull_request, action, trigger_hook)
                     trigger_hook(
                         username=user.username,
                         repo_name=pull_request.target_repo.repo_name,
                         repo_type=target_scm.alias,
                         pull_request=pull_request,
                         data=data)
                 def _get_commit_ids(self, pull_request):
                     """
                     Return the commit ids of the merged pull request.
                     This method is not dealing correctly yet with the lack of autoupdates
                     nor with the implicit target updates.
                     For example: if a commit in the source repo is already in the target it
                     will be reported anyways.
                     """
                     merge_rev = pull_request.merge_rev
                     if merge_rev is None:
                         raise ValueError('This pull request was not merged yet')
                     commit_ids = list(pull_request.revisions)
                     if merge_rev not in commit_ids:
                         commit_ids.append(merge_rev)
                     return commit_ids
                 def merge_repo(self, pull_request, user, extras):
                     log.debug("Merging pull request %s", pull_request.pull_request_id)
                     extras['user_agent'] = 'internal-merge'
                     merge_state = self._merge_pull_request(pull_request, user, extras)
                     if merge_state.executed:
                         log.debug("Merge was successful, updating the pull request comments.")
                         self._comment_and_close_pr(pull_request, user, merge_state)
                         self._log_audit_action(
                             'repo.pull_request.merge',
                             {'merge_state': merge_state.__dict__},
                             user, pull_request)
                     else:
                         log.warn("Merge failed, not updating the pull request.")
                     return merge_state
                 def _merge_pull_request(self, pull_request, user, extras, merge_msg=None):
                     target_vcs = pull_request.target_repo.scm_instance()
                     source_vcs = pull_request.source_repo.scm_instance()
                     message = safe_unicode(merge_msg or vcs_settings.MERGE_MESSAGE_TMPL).format(
                         pr_id=pull_request.pull_request_id,
                         pr_title=pull_request.title,
                         source_repo=source_vcs.name,
                         source_ref_name=pull_request.source_ref_parts.name,
                         target_repo=target_vcs.name,
                         target_ref_name=pull_request.target_ref_parts.name,
                     )
                     workspace_id = self._workspace_id(pull_request)
                     repo_id = pull_request.target_repo.repo_id
                     use_rebase = self._use_rebase_for_merging(pull_request)
                     close_branch = self._close_branch_before_merging(pull_request)
                     user_name = self._user_name_for_merging(pull_request, user)
                     target_ref = self._refresh_reference(
                         pull_request.target_ref_parts, target_vcs)
                     callback_daemon, extras = prepare_callback_daemon(
                         extras, protocol=vcs_settings.HOOKS_PROTOCOL,
                         host=vcs_settings.HOOKS_HOST,
                         use_direct_calls=vcs_settings.HOOKS_DIRECT_CALLS)
                     with callback_daemon:
                         # TODO: johbo: Implement a clean way to run a config_override
                         # for a single call.
                         target_vcs.config.set(
                             'rhodecode', 'RC_SCM_DATA', json.dumps(extras))
                         merge_state = target_vcs.merge(
                             repo_id, workspace_id, target_ref, source_vcs,
                             pull_request.source_ref_parts,
                             user_name=user_name, user_email=user.email,
                             message=message, use_rebase=use_rebase,
                             close_branch=close_branch)
                     return merge_state
                 def _comment_and_close_pr(self, pull_request, user, merge_state, close_msg=None):
                     pull_request.merge_rev = merge_state.merge_ref.commit_id
                     pull_request.updated_on = datetime.datetime.now()
                     close_msg = close_msg or 'Pull request merged and closed'
                     CommentsModel().create(
                         text=safe_unicode(close_msg),
                         repo=pull_request.target_repo.repo_id,
                         user=user.user_id,
                         pull_request=pull_request.pull_request_id,
                         f_path=None,
                         line_no=None,
                         closing_pr=True
                     )
                     Session().add(pull_request)
                     Session().flush()
                     # TODO: paris: replace invalidation with less radical solution
                     ScmModel().mark_for_invalidation(
                         pull_request.target_repo.repo_name)
                     self.trigger_pull_request_hook(pull_request, user, 'merge')
                 def has_valid_update_type(self, pull_request):
                     source_ref_type = pull_request.source_ref_parts.type
                     return source_ref_type in self.REF_TYPES
                 def get_flow_commits(self, pull_request):
                     # source repo
                     source_ref_name = pull_request.source_ref_parts.name
                     source_ref_type = pull_request.source_ref_parts.type
                     source_ref_id = pull_request.source_ref_parts.commit_id
                     source_repo = pull_request.source_repo.scm_instance()
                     try:
                         if source_ref_type in self.REF_TYPES:
                             source_commit = source_repo.get_commit(source_ref_name)
                         else:
                             source_commit = source_repo.get_commit(source_ref_id)
                     except CommitDoesNotExistError:
                         raise SourceRefMissing()
                     # target repo
                     target_ref_name = pull_request.target_ref_parts.name
                     target_ref_type = pull_request.target_ref_parts.type
                     target_ref_id = pull_request.target_ref_parts.commit_id
                     target_repo = pull_request.target_repo.scm_instance()
                     try:
                         if target_ref_type in self.REF_TYPES:
                             target_commit = target_repo.get_commit(target_ref_name)
                         else:
                             target_commit = target_repo.get_commit(target_ref_id)
                     except CommitDoesNotExistError:
                         raise TargetRefMissing()
                     return source_commit, target_commit
                 def update_commits(self, pull_request, updating_user):
                     """
                     Get the updated list of commits for the pull request
                     and return the new pull request version and the list
                     of commits processed by this update action
                     updating_user is the user_object who triggered the update
                     """
                     pull_request = self.__get_pull_request(pull_request)
                     source_ref_type = pull_request.source_ref_parts.type
                     source_ref_name = pull_request.source_ref_parts.name
                     source_ref_id = pull_request.source_ref_parts.commit_id
                     target_ref_type = pull_request.target_ref_parts.type
                     target_ref_name = pull_request.target_ref_parts.name
                     target_ref_id = pull_request.target_ref_parts.commit_id
                     if not self.has_valid_update_type(pull_request):
                         log.debug("Skipping update of pull request %s due to ref type: %s",
                                   pull_request, source_ref_type)
                         return UpdateResponse(
                             executed=False,
                             reason=UpdateFailureReason.WRONG_REF_TYPE,
                             old=pull_request, new=None, common_ancestor_id=None, commit_changes=None,
                             source_changed=False, target_changed=False)
                     try:
                         source_commit, target_commit = self.get_flow_commits(pull_request)
                     except SourceRefMissing:
                         return UpdateResponse(
                             executed=False,
                             reason=UpdateFailureReason.MISSING_SOURCE_REF,
                             old=pull_request, new=None, common_ancestor_id=None, commit_changes=None,
                             source_changed=False, target_changed=False)
                     except TargetRefMissing:
                         return UpdateResponse(
                             executed=False,
                             reason=UpdateFailureReason.MISSING_TARGET_REF,
                             old=pull_request, new=None, common_ancestor_id=None, commit_changes=None,
                             source_changed=False, target_changed=False)
                     source_changed = source_ref_id != source_commit.raw_id
                     target_changed = target_ref_id != target_commit.raw_id
                     if not (source_changed or target_changed):
                         log.debug("Nothing changed in pull request %s", pull_request)
                         return UpdateResponse(
                             executed=False,
                             reason=UpdateFailureReason.NO_CHANGE,
                             old=pull_request, new=None, common_ancestor_id=None, commit_changes=None,
                             source_changed=target_changed, target_changed=source_changed)
                     change_in_found = 'target repo' if target_changed else 'source repo'
                     log.debug('Updating pull request because of change in %s detected',
                               change_in_found)
                     # Finally there is a need for an update, in case of source change
                     # we create a new version, else just an update
                     if source_changed:
                         pull_request_version = self._create_version_from_snapshot(pull_request)
                         self._link_comments_to_version(pull_request_version)
                     else:
                         try:
                             ver = pull_request.versions[-1]
                         except IndexError:
                             ver = None
                         pull_request.pull_request_version_id = \
                             ver.pull_request_version_id if ver else None
                         pull_request_version = pull_request
                     source_repo = pull_request.source_repo.scm_instance()
                     target_repo = pull_request.target_repo.scm_instance()
                     # re-compute commit ids
                     old_commit_ids = pull_request.revisions
                     pre_load = ["author", "date", "message", "branch"]
                     commit_ranges = target_repo.compare(
                         target_commit.raw_id, source_commit.raw_id, source_repo, merge=True,
                         pre_load=pre_load)
                     target_ref = target_commit.raw_id
                     source_ref = source_commit.raw_id
                     ancestor_commit_id = target_repo.get_common_ancestor(
                         target_ref, source_ref, source_repo)
                     if not ancestor_commit_id:
                         raise ValueError(
                             'cannot calculate diff info without a common ancestor. '
                             'Make sure both repositories are related, and have a common forking commit.')
                     pull_request.common_ancestor_id = ancestor_commit_id
                     pull_request.source_ref = '%s:%s:%s' % (
                         source_ref_type, source_ref_name, source_commit.raw_id)
                     pull_request.target_ref = '%s:%s:%s' % (
                         target_ref_type, target_ref_name, ancestor_commit_id)
                     pull_request.revisions = [
                         commit.raw_id for commit in reversed(commit_ranges)]
                     pull_request.updated_on = datetime.datetime.now()
                     Session().add(pull_request)
                     new_commit_ids = pull_request.revisions
                     old_diff_data, new_diff_data = self._generate_update_diffs(
                         pull_request, pull_request_version)
                     # calculate commit and file changes
                     commit_changes = self._calculate_commit_id_changes(
                         old_commit_ids, new_commit_ids)
                     file_changes = self._calculate_file_changes(
                         old_diff_data, new_diff_data)
                     # set comments as outdated if DIFFS changed
                     CommentsModel().outdate_comments(
                         pull_request, old_diff_data=old_diff_data,
                         new_diff_data=new_diff_data)
                     valid_commit_changes = (commit_changes.added or commit_changes.removed)
                     file_node_changes = (
                         file_changes.added or file_changes.modified or file_changes.removed)
                     pr_has_changes = valid_commit_changes or file_node_changes
                     # Add an automatic comment to the pull request, in case
                     # anything has changed
                     if pr_has_changes:
                         update_comment = CommentsModel().create(
                             text=self._render_update_message(ancestor_commit_id, commit_changes, file_changes),
                             repo=pull_request.target_repo,
                             user=pull_request.author,
                             pull_request=pull_request,
                             send_email=False, renderer=DEFAULT_COMMENTS_RENDERER)
                         # Update status to "Under Review" for added commits
                         for commit_id in commit_changes.added:
                             ChangesetStatusModel().set_status(
                                 repo=pull_request.source_repo,
                                 status=ChangesetStatus.STATUS_UNDER_REVIEW,
                                 comment=update_comment,
                                 user=pull_request.author,
                                 pull_request=pull_request,
                                 revision=commit_id)
                         # send update email to users
                         try:
                             self.notify_users(pull_request=pull_request, updating_user=updating_user,
                                               ancestor_commit_id=ancestor_commit_id,
                                               commit_changes=commit_changes,
                                               file_changes=file_changes)
                         except Exception:
                             log.exception('Failed to send email notification to users')
                     log.debug(
                         'Updated pull request %s, added_ids: %s, common_ids: %s, '
                         'removed_ids: %s', pull_request.pull_request_id,
                         commit_changes.added, commit_changes.common, commit_changes.removed)
                     log.debug(
                         'Updated pull request with the following file changes: %s',
                         file_changes)
                     log.info(
                         "Updated pull request %s from commit %s to commit %s, "
                         "stored new version %s of this pull request.",
                         pull_request.pull_request_id, source_ref_id,
                         pull_request.source_ref_parts.commit_id,
                         pull_request_version.pull_request_version_id)
                     Session().commit()
                     self.trigger_pull_request_hook(pull_request, pull_request.author, 'update')
                     return UpdateResponse(
                         executed=True, reason=UpdateFailureReason.NONE,
                         old=pull_request, new=pull_request_version,
                         common_ancestor_id=ancestor_commit_id, commit_changes=commit_changes,
                         source_changed=source_changed, target_changed=target_changed)
                 def _create_version_from_snapshot(self, pull_request):
                     version = PullRequestVersion()
                     version.title = pull_request.title
                     version.description = pull_request.description
                     version.status = pull_request.status
                     version.pull_request_state = pull_request.pull_request_state
                     version.created_on = datetime.datetime.now()
                     version.updated_on = pull_request.updated_on
                     version.user_id = pull_request.user_id
                     version.source_repo = pull_request.source_repo
                     version.source_ref = pull_request.source_ref
                     version.target_repo = pull_request.target_repo
                     version.target_ref = pull_request.target_ref
                     version._last_merge_source_rev = pull_request._last_merge_source_rev
                     version._last_merge_target_rev = pull_request._last_merge_target_rev
                     version.last_merge_status = pull_request.last_merge_status
                     version.last_merge_metadata = pull_request.last_merge_metadata
                     version.shadow_merge_ref = pull_request.shadow_merge_ref
                     version.merge_rev = pull_request.merge_rev
                     version.reviewer_data = pull_request.reviewer_data
                     version.revisions = pull_request.revisions
                     version.common_ancestor_id = pull_request.common_ancestor_id
                     version.pull_request = pull_request
                     Session().add(version)
                     Session().flush()
                     return version
                 def _generate_update_diffs(self, pull_request, pull_request_version):
                     diff_context = (
                         self.DIFF_CONTEXT +
                         CommentsModel.needed_extra_diff_context())
                     hide_whitespace_changes = False
                     source_repo = pull_request_version.source_repo
                     source_ref_id = pull_request_version.source_ref_parts.commit_id
                     target_ref_id = pull_request_version.target_ref_parts.commit_id
                     old_diff = self._get_diff_from_pr_or_version(
                         source_repo, source_ref_id, target_ref_id,
                         hide_whitespace_changes=hide_whitespace_changes, diff_context=diff_context)
                     source_repo = pull_request.source_repo
                     source_ref_id = pull_request.source_ref_parts.commit_id
                     target_ref_id = pull_request.target_ref_parts.commit_id
                     new_diff = self._get_diff_from_pr_or_version(
                         source_repo, source_ref_id, target_ref_id,
                         hide_whitespace_changes=hide_whitespace_changes, diff_context=diff_context)
                     old_diff_data = diffs.DiffProcessor(old_diff)
                     old_diff_data.prepare()
                     new_diff_data = diffs.DiffProcessor(new_diff)
                     new_diff_data.prepare()
                     return old_diff_data, new_diff_data
                 def _link_comments_to_version(self, pull_request_version):
                     """
                     Link all unlinked comments of this pull request to the given version.
                     :param pull_request_version: The `PullRequestVersion` to which
                         the comments shall be linked.
                     """
                     pull_request = pull_request_version.pull_request
                     comments = ChangesetComment.query()\
                         .filter(
                             # TODO: johbo: Should we query for the repo at all here?
                             # Pending decision on how comments of PRs are to be related
                             # to either the source repo, the target repo or no repo at all.
                             ChangesetComment.repo_id == pull_request.target_repo.repo_id,
                             ChangesetComment.pull_request == pull_request,
                             ChangesetComment.pull_request_version == None)\
                         .order_by(ChangesetComment.comment_id.asc())
                     # TODO: johbo: Find out why this breaks if it is done in a bulk
                     # operation.
                     for comment in comments:
                         comment.pull_request_version_id = (
                             pull_request_version.pull_request_version_id)
                         Session().add(comment)
                 def _calculate_commit_id_changes(self, old_ids, new_ids):
                     added = [x for x in new_ids if x not in old_ids]
                     common = [x for x in new_ids if x in old_ids]
                     removed = [x for x in old_ids if x not in new_ids]
                     total = new_ids
                     return ChangeTuple(added, common, removed, total)
                 def _calculate_file_changes(self, old_diff_data, new_diff_data):
                     old_files = OrderedDict()
                     for diff_data in old_diff_data.parsed_diff:
                         old_files[diff_data['filename']] = md5_safe(diff_data['raw_diff'])
                     added_files = []
                     modified_files = []
                     removed_files = []
                     for diff_data in new_diff_data.parsed_diff:
                         new_filename = diff_data['filename']
                         new_hash = md5_safe(diff_data['raw_diff'])
                         old_hash = old_files.get(new_filename)
                         if not old_hash:
                             # file is not present in old diff, we have to figure out from parsed diff
                             # operation ADD/REMOVE
                             operations_dict = diff_data['stats']['ops']
                             if diffs.DEL_FILENODE in operations_dict:
                                 removed_files.append(new_filename)
                             else:
                                 added_files.append(new_filename)
                         else:
                             if new_hash != old_hash:
                                 modified_files.append(new_filename)
                             # now remove a file from old, since we have seen it already
                             del old_files[new_filename]
                     # removed files is when there are present in old, but not in NEW,
                     # since we remove old files that are present in new diff, left-overs
                     # if any should be the removed files
                     removed_files.extend(old_files.keys())
                     return FileChangeTuple(added_files, modified_files, removed_files)
                 def _render_update_message(self, ancestor_commit_id, changes, file_changes):
                     """
                     render the message using DEFAULT_COMMENTS_RENDERER (RST renderer),
                     so it's always looking the same disregarding on which default
                     renderer system is using.
                     :param ancestor_commit_id: ancestor raw_id
                     :param changes: changes named tuple
                     :param file_changes: file changes named tuple
                     """
                     new_status = ChangesetStatus.get_status_lbl(
                         ChangesetStatus.STATUS_UNDER_REVIEW)
                     changed_files = (
                         file_changes.added + file_changes.modified + file_changes.removed)
                     params = {
                         'under_review_label': new_status,
                         'added_commits': changes.added,
                         'removed_commits': changes.removed,
                         'changed_files': changed_files,
                         'added_files': file_changes.added,
                         'modified_files': file_changes.modified,
                         'removed_files': file_changes.removed,
                         'ancestor_commit_id': ancestor_commit_id
                     }
                     renderer = RstTemplateRenderer()
                     return renderer.render('pull_request_update.mako', **params)
                 def edit(self, pull_request, title, description, description_renderer, user):
                     pull_request = self.__get_pull_request(pull_request)
                     old_data = pull_request.get_api_data(with_merge_state=False)
                     if pull_request.is_closed():
                         raise ValueError('This pull request is closed')
                     if title:
                         pull_request.title = title
                     pull_request.description = description
                     pull_request.updated_on = datetime.datetime.now()
                     pull_request.description_renderer = description_renderer
                     Session().add(pull_request)
                     self._log_audit_action(
                         'repo.pull_request.edit', {'old_data': old_data},
                         user, pull_request)
                 def update_reviewers(self, pull_request, reviewer_data, user):
                     """
                     Update the reviewers in the pull request
                     :param pull_request: the pr to update
                     :param reviewer_data: list of tuples
                         [(user, ['reason1', 'reason2'], mandatory_flag, [rules])]
                     """
                     pull_request = self.__get_pull_request(pull_request)
                     if pull_request.is_closed():
                         raise ValueError('This pull request is closed')
                     reviewers = {}
                     for user_id, reasons, mandatory, rules in reviewer_data:
                         if isinstance(user_id, (int, compat.string_types)):
                             user_id = self._get_user(user_id).user_id
                         reviewers[user_id] = {
                             'reasons': reasons, 'mandatory': mandatory}
                     reviewers_ids = set(reviewers.keys())
                     current_reviewers = PullRequestReviewers.query()\
                         .filter(PullRequestReviewers.pull_request ==
                                 pull_request).all()
                     current_reviewers_ids = set([x.user.user_id for x in current_reviewers])
                     ids_to_add = reviewers_ids.difference(current_reviewers_ids)
                     ids_to_remove = current_reviewers_ids.difference(reviewers_ids)
                     log.debug("Adding %s reviewers", ids_to_add)
                     log.debug("Removing %s reviewers", ids_to_remove)
                     changed = False
                     added_audit_reviewers = []
                     removed_audit_reviewers = []
                     for uid in ids_to_add:
                         changed = True
                         _usr = self._get_user(uid)
                         reviewer = PullRequestReviewers()
                         reviewer.user = _usr
                         reviewer.pull_request = pull_request
                         reviewer.reasons = reviewers[uid]['reasons']
                         # NOTE(marcink): mandatory shouldn't be changed now
                         # reviewer.mandatory = reviewers[uid]['reasons']
                         Session().add(reviewer)
                         added_audit_reviewers.append(reviewer.get_dict())
                     for uid in ids_to_remove:
                         changed = True
                         # NOTE(marcink): we fetch "ALL" reviewers using .all(). This is an edge case
                         # that prevents and fixes cases that we added the same reviewer twice.
                         # this CAN happen due to the lack of DB checks
                         reviewers = PullRequestReviewers.query()\
                             .filter(PullRequestReviewers.user_id == uid,
                                     PullRequestReviewers.pull_request == pull_request)\
                             .all()
                         for obj in reviewers:
                             added_audit_reviewers.append(obj.get_dict())
                             Session().delete(obj)
                     if changed:
                         Session().expire_all()
                         pull_request.updated_on = datetime.datetime.now()
                         Session().add(pull_request)
                     # finally store audit logs
                     for user_data in added_audit_reviewers:
                         self._log_audit_action(
                             'repo.pull_request.reviewer.add', {'data': user_data},
                             user, pull_request)
                     for user_data in removed_audit_reviewers:
                         self._log_audit_action(
                             'repo.pull_request.reviewer.delete', {'old_data': user_data},
                             user, pull_request)
                     self.notify_reviewers(pull_request, ids_to_add)
                     return ids_to_add, ids_to_remove
                 def get_url(self, pull_request, request=None, permalink=False):
                     if not request:
                         request = get_current_request()
                     if permalink:
                         return request.route_url(
                             'pull_requests_global',
                             pull_request_id=pull_request.pull_request_id,)
                     else:
                         return request.route_url('pullrequest_show',
                             repo_name=safe_str(pull_request.target_repo.repo_name),
                             pull_request_id=pull_request.pull_request_id,)
                 def get_shadow_clone_url(self, pull_request, request=None):
                     """
                     Returns qualified url pointing to the shadow repository. If this pull
                     request is closed there is no shadow repository and ``None`` will be
                     returned.
                     """
                     if pull_request.is_closed():
                         return None
                     else:
                         pr_url = urllib.unquote(self.get_url(pull_request, request=request))
                         return safe_unicode('{pr_url}/repository'.format(pr_url=pr_url))
                 def notify_reviewers(self, pull_request, reviewers_ids):
                     # notification to reviewers
                     if not reviewers_ids:
                         return
                     log.debug('Notify following reviewers about pull-request %s', reviewers_ids)
                     pull_request_obj = pull_request
                     # get the current participants of this pull request
                     recipients = reviewers_ids
                     notification_type = EmailNotificationModel.TYPE_PULL_REQUEST
                     pr_source_repo = pull_request_obj.source_repo
                     pr_target_repo = pull_request_obj.target_repo
                     pr_url = h.route_url('pullrequest_show',
                                          repo_name=pr_target_repo.repo_name,
                                          pull_request_id=pull_request_obj.pull_request_id,)
                     # set some variables for email notification
                     pr_target_repo_url = h.route_url(
                         'repo_summary', repo_name=pr_target_repo.repo_name)
                     pr_source_repo_url = h.route_url(
                         'repo_summary', repo_name=pr_source_repo.repo_name)
                     # pull request specifics
                     pull_request_commits = [
                         (x.raw_id, x.message)
                         for x in map(pr_source_repo.get_commit, pull_request.revisions)]
                     kwargs = {
                         'user': pull_request.author,
                         'pull_request': pull_request_obj,
                         'pull_request_commits': pull_request_commits,
                         'pull_request_target_repo': pr_target_repo,
                         'pull_request_target_repo_url': pr_target_repo_url,
                         'pull_request_source_repo': pr_source_repo,
                         'pull_request_source_repo_url': pr_source_repo_url,
                         'pull_request_url': pr_url,
                     }
                     # pre-generate the subject for notification itself
                     (subject,
                      _h, _e,  # we don't care about those
                      body_plaintext) = EmailNotificationModel().render_email(
                         notification_type, **kwargs)
                     # create notification objects, and emails
                     NotificationModel().create(
                         created_by=pull_request.author,
                         notification_subject=subject,
                         notification_body=body_plaintext,
                         notification_type=notification_type,
                         recipients=recipients,
                         email_kwargs=kwargs,
                     )
                 def notify_users(self, pull_request, updating_user, ancestor_commit_id,
                                  commit_changes, file_changes):
                     updating_user_id = updating_user.user_id
                     reviewers = set([x.user.user_id for x in pull_request.reviewers])
                     # NOTE(marcink): send notification to all other users except to
                     # person who updated the PR
                     recipients = reviewers.difference(set([updating_user_id]))
                     log.debug('Notify following recipients about pull-request update %s', recipients)
                     pull_request_obj = pull_request
                     # send email about the update
                     changed_files = (
                             file_changes.added + file_changes.modified + file_changes.removed)
                     pr_source_repo = pull_request_obj.source_repo
                     pr_target_repo = pull_request_obj.target_repo
                     pr_url = h.route_url('pullrequest_show',
                                          repo_name=pr_target_repo.repo_name,
                                          pull_request_id=pull_request_obj.pull_request_id,)
                     # set some variables for email notification
                     pr_target_repo_url = h.route_url(
                         'repo_summary', repo_name=pr_target_repo.repo_name)
                     pr_source_repo_url = h.route_url(
                         'repo_summary', repo_name=pr_source_repo.repo_name)
                     email_kwargs = {
                         'date': datetime.datetime.now(),
                         'updating_user': updating_user,
                         'pull_request': pull_request_obj,
                         'pull_request_target_repo': pr_target_repo,
                         'pull_request_target_repo_url': pr_target_repo_url,
                         'pull_request_source_repo': pr_source_repo,
                         'pull_request_source_repo_url': pr_source_repo_url,
                         'pull_request_url': pr_url,
                         'ancestor_commit_id': ancestor_commit_id,
                         'added_commits': commit_changes.added,
                         'removed_commits': commit_changes.removed,
                         'changed_files': changed_files,
                         'added_files': file_changes.added,
                         'modified_files': file_changes.modified,
                         'removed_files': file_changes.removed,
                     }
                     (subject,
                      _h, _e,  # we don't care about those
                      body_plaintext) = EmailNotificationModel().render_email(
                         EmailNotificationModel.TYPE_PULL_REQUEST_UPDATE, **email_kwargs)
                     # create notification objects, and emails
                     NotificationModel().create(
                         created_by=updating_user,
                         notification_subject=subject,
                         notification_body=body_plaintext,
                         notification_type=EmailNotificationModel.TYPE_PULL_REQUEST_UPDATE,
                         recipients=recipients,
                         email_kwargs=email_kwargs,
                     )
-                def delete(self, pull_request, user):
+                def delete(self, pull_request, user=None):
+                    if not user:
+                        user = getattr(get_current_rhodecode_user(), 'username', None)
                     pull_request = self.__get_pull_request(pull_request)
                     old_data = pull_request.get_api_data(with_merge_state=False)
                     self._cleanup_merge_workspace(pull_request)
                     self._log_audit_action(
                         'repo.pull_request.delete', {'old_data': old_data},
                         user, pull_request)
                     Session().delete(pull_request)
                 def close_pull_request(self, pull_request, user):
                     pull_request = self.__get_pull_request(pull_request)
                     self._cleanup_merge_workspace(pull_request)
                     pull_request.status = PullRequest.STATUS_CLOSED
                     pull_request.updated_on = datetime.datetime.now()
                     Session().add(pull_request)
                     self.trigger_pull_request_hook(pull_request, pull_request.author, 'close')
                     pr_data = pull_request.get_api_data(with_merge_state=False)
                     self._log_audit_action(
                         'repo.pull_request.close', {'data': pr_data}, user, pull_request)
                 def close_pull_request_with_comment(
                         self, pull_request, user, repo, message=None, auth_user=None):
                     pull_request_review_status = pull_request.calculated_review_status()
                     if pull_request_review_status == ChangesetStatus.STATUS_APPROVED:
                         # approved only if we have voting consent
                         status = ChangesetStatus.STATUS_APPROVED
                     else:
                         status = ChangesetStatus.STATUS_REJECTED
                     status_lbl = ChangesetStatus.get_status_lbl(status)
                     default_message = (
                         'Closing with status change {transition_icon} {status}.'
                     ).format(transition_icon='>', status=status_lbl)
                     text = message or default_message
                     # create a comment, and link it to new status
                     comment = CommentsModel().create(
                         text=text,
                         repo=repo.repo_id,
                         user=user.user_id,
                         pull_request=pull_request.pull_request_id,
                         status_change=status_lbl,
                         status_change_type=status,
                         closing_pr=True,
                         auth_user=auth_user,
                     )
                     # calculate old status before we change it
                     old_calculated_status = pull_request.calculated_review_status()
                     ChangesetStatusModel().set_status(
                         repo.repo_id,
                         status,
                         user.user_id,
                         comment=comment,
                         pull_request=pull_request.pull_request_id
                     )
                     Session().flush()
                     self.trigger_pull_request_hook(pull_request, user, 'comment',
                                                    data={'comment': comment})
                     # we now calculate the status of pull request again, and based on that
                     # calculation trigger status change. This might happen in cases
                     # that non-reviewer admin closes a pr, which means his vote doesn't
                     # change the status, while if he's a reviewer this might change it.
                     calculated_status = pull_request.calculated_review_status()
                     if old_calculated_status != calculated_status:
                         self.trigger_pull_request_hook(pull_request, user, 'review_status_change',
                                                        data={'status': calculated_status})
                     # finally close the PR
                     PullRequestModel().close_pull_request(pull_request.pull_request_id, user)
                     return comment, status
                 def merge_status(self, pull_request, translator=None, force_shadow_repo_refresh=False):
                     _ = translator or get_current_request().translate
                     if not self._is_merge_enabled(pull_request):
                         return None, False, _('Server-side pull request merging is disabled.')
                     if pull_request.is_closed():
                         return None, False, _('This pull request is closed.')
                     merge_possible, msg = self._check_repo_requirements(
                         target=pull_request.target_repo, source=pull_request.source_repo,
                         translator=_)
                     if not merge_possible:
                         return None, merge_possible, msg
                     try:
                         merge_response = self._try_merge(
                             pull_request, force_shadow_repo_refresh=force_shadow_repo_refresh)
                         log.debug("Merge response: %s", merge_response)
                         return merge_response, merge_response.possible, merge_response.merge_status_message
                     except NotImplementedError:
                         return None, False, _('Pull request merging is not supported.')
                 def _check_repo_requirements(self, target, source, translator):
                     """
                     Check if `target` and `source` have compatible requirements.
                     Currently this is just checking for largefiles.
                     """
                     _ = translator
                     target_has_largefiles = self._has_largefiles(target)
                     source_has_largefiles = self._has_largefiles(source)
                     merge_possible = True
                     message = u''
                     if target_has_largefiles != source_has_largefiles:
                         merge_possible = False
                         if source_has_largefiles:
                             message = _(
                                 'Target repository large files support is disabled.')
                         else:
                             message = _(
                                 'Source repository large files support is disabled.')
                     return merge_possible, message
                 def _has_largefiles(self, repo):
                     largefiles_ui = VcsSettingsModel(repo=repo).get_ui_settings(
                         'extensions', 'largefiles')
                     return largefiles_ui and largefiles_ui[0].active
                 def _try_merge(self, pull_request, force_shadow_repo_refresh=False):
                     """
                     Try to merge the pull request and return the merge status.
                     """
                     log.debug(
                         "Trying out if the pull request %s can be merged. Force_refresh=%s",
                         pull_request.pull_request_id, force_shadow_repo_refresh)
                     target_vcs = pull_request.target_repo.scm_instance()
                     # Refresh the target reference.
                     try:
                         target_ref = self._refresh_reference(
                             pull_request.target_ref_parts, target_vcs)
                     except CommitDoesNotExistError:
                         merge_state = MergeResponse(
                             False, False, None, MergeFailureReason.MISSING_TARGET_REF,
                             metadata={'target_ref': pull_request.target_ref_parts})
                         return merge_state
                     target_locked = pull_request.target_repo.locked
                     if target_locked and target_locked[0]:
                         locked_by = 'user:{}'.format(target_locked[0])
                         log.debug("The target repository is locked by %s.", locked_by)
                         merge_state = MergeResponse(
                             False, False, None, MergeFailureReason.TARGET_IS_LOCKED,
                             metadata={'locked_by': locked_by})
                     elif force_shadow_repo_refresh or self._needs_merge_state_refresh(
                             pull_request, target_ref):
                         log.debug("Refreshing the merge status of the repository.")
                         merge_state = self._refresh_merge_state(
                             pull_request, target_vcs, target_ref)
                     else:
                         possible = pull_request.last_merge_status == MergeFailureReason.NONE
                         metadata = {
                             'unresolved_files': '',
                             'target_ref': pull_request.target_ref_parts,
                             'source_ref': pull_request.source_ref_parts,
                         }
                         if pull_request.last_merge_metadata:
                             metadata.update(pull_request.last_merge_metadata)
                         if not possible and target_ref.type == 'branch':
                             # NOTE(marcink): case for mercurial multiple heads on branch
                             heads = target_vcs._heads(target_ref.name)
                             if len(heads) != 1:
                                 heads = '\n,'.join(target_vcs._heads(target_ref.name))
                                 metadata.update({
                                     'heads': heads
                                 })
                         merge_state = MergeResponse(
                             possible, False, None, pull_request.last_merge_status, metadata=metadata)
                     return merge_state
                 def _refresh_reference(self, reference, vcs_repository):
                     if reference.type in self.UPDATABLE_REF_TYPES:
                         name_or_id = reference.name
                     else:
                         name_or_id = reference.commit_id
                     refreshed_commit = vcs_repository.get_commit(name_or_id)
                     refreshed_reference = Reference(
                         reference.type, reference.name, refreshed_commit.raw_id)
                     return refreshed_reference
                 def _needs_merge_state_refresh(self, pull_request, target_reference):
                     return not(
                         pull_request.revisions and
                         pull_request.revisions[0] == pull_request._last_merge_source_rev and
                         target_reference.commit_id == pull_request._last_merge_target_rev)
                 def _refresh_merge_state(self, pull_request, target_vcs, target_reference):
                     workspace_id = self._workspace_id(pull_request)
                     source_vcs = pull_request.source_repo.scm_instance()
                     repo_id = pull_request.target_repo.repo_id
                     use_rebase = self._use_rebase_for_merging(pull_request)
                     close_branch = self._close_branch_before_merging(pull_request)
                     merge_state = target_vcs.merge(
                         repo_id, workspace_id,
                         target_reference, source_vcs, pull_request.source_ref_parts,
                         dry_run=True, use_rebase=use_rebase,
                         close_branch=close_branch)
                     # Do not store the response if there was an unknown error.
                     if merge_state.failure_reason != MergeFailureReason.UNKNOWN:
                         pull_request._last_merge_source_rev = \
                             pull_request.source_ref_parts.commit_id
                         pull_request._last_merge_target_rev = target_reference.commit_id
                         pull_request.last_merge_status = merge_state.failure_reason
                         pull_request.last_merge_metadata = merge_state.metadata
                         pull_request.shadow_merge_ref = merge_state.merge_ref
                         Session().add(pull_request)
                         Session().commit()
                     return merge_state
                 def _workspace_id(self, pull_request):
                     workspace_id = 'pr-%s' % pull_request.pull_request_id
                     return workspace_id
                 def generate_repo_data(self, repo, commit_id=None, branch=None,
                                        bookmark=None, translator=None):
                     from rhodecode.model.repo import RepoModel
                     all_refs, selected_ref = \
                         self._get_repo_pullrequest_sources(
                             repo.scm_instance(), commit_id=commit_id,
                             branch=branch, bookmark=bookmark, translator=translator)
                     refs_select2 = []
                     for element in all_refs:
                         children = [{'id': x[0], 'text': x[1]} for x in element[0]]
                         refs_select2.append({'text': element[1], 'children': children})
                     return {
                         'user': {
                             'user_id': repo.user.user_id,
                             'username': repo.user.username,
                             'firstname': repo.user.first_name,
                             'lastname': repo.user.last_name,
                             'gravatar_link': h.gravatar_url(repo.user.email, 14),
                         },
                         'name': repo.repo_name,
                         'link': RepoModel().get_url(repo),
                         'description': h.chop_at_smart(repo.description_safe, '\n'),
                         'refs': {
                             'all_refs': all_refs,
                             'selected_ref': selected_ref,
                             'select2_refs': refs_select2
                         }
                     }
                 def generate_pullrequest_title(self, source, source_ref, target):
                     return u'{source}#{at_ref} to {target}'.format(
                         source=source,
                         at_ref=source_ref,
                         target=target,
                     )
                 def _cleanup_merge_workspace(self, pull_request):
                     # Merging related cleanup
                     repo_id = pull_request.target_repo.repo_id
                     target_scm = pull_request.target_repo.scm_instance()
                     workspace_id = self._workspace_id(pull_request)
                     try:
                         target_scm.cleanup_merge_workspace(repo_id, workspace_id)
                     except NotImplementedError:
                         pass
                 def _get_repo_pullrequest_sources(
                         self, repo, commit_id=None, branch=None, bookmark=None,
                         translator=None):
                     """
                     Return a structure with repo's interesting commits, suitable for
                     the selectors in pullrequest controller
                     :param commit_id: a commit that must be in the list somehow
                         and selected by default
                     :param branch: a branch that must be in the list and selected
                         by default - even if closed
                     :param bookmark: a bookmark that must be in the list and selected
                     """
                     _ = translator or get_current_request().translate
                     commit_id = safe_str(commit_id) if commit_id else None
                     branch = safe_unicode(branch) if branch else None
                     bookmark = safe_unicode(bookmark) if bookmark else None
                     selected = None
                     # order matters: first source that has commit_id in it will be selected
                     sources = []
                     sources.append(('book', repo.bookmarks.items(), _('Bookmarks'), bookmark))
                     sources.append(('branch', repo.branches.items(), _('Branches'), branch))
                     if commit_id:
                         ref_commit = (h.short_id(commit_id), commit_id)
                         sources.append(('rev', [ref_commit], _('Commit IDs'), commit_id))
                     sources.append(
                         ('branch', repo.branches_closed.items(), _('Closed Branches'), branch),
                     )
                     groups = []
                     for group_key, ref_list, group_name, match in sources:
                         group_refs = []
                         for ref_name, ref_id in ref_list:
                             ref_key = u'{}:{}:{}'.format(group_key, ref_name, ref_id)
                             group_refs.append((ref_key, ref_name))
                             if not selected:
                                 if set([commit_id, match]) & set([ref_id, ref_name]):
                                     selected = ref_key
                         if group_refs:
                             groups.append((group_refs, group_name))
                     if not selected:
                         ref = commit_id or branch or bookmark
                         if ref:
                             raise CommitDoesNotExistError(
                                 u'No commit refs could be found matching: {}'.format(ref))
                         elif repo.DEFAULT_BRANCH_NAME in repo.branches:
                             selected = u'branch:{}:{}'.format(
                                 safe_unicode(repo.DEFAULT_BRANCH_NAME),
                                 safe_unicode(repo.branches[repo.DEFAULT_BRANCH_NAME])
                             )
                         elif repo.commit_ids:
                             # make the user select in this case
                             selected = None
                         else:
                             raise EmptyRepositoryError()
                     return groups, selected
                 def get_diff(self, source_repo, source_ref_id, target_ref_id,
                              hide_whitespace_changes, diff_context):
                     return self._get_diff_from_pr_or_version(
                         source_repo, source_ref_id, target_ref_id,
                         hide_whitespace_changes=hide_whitespace_changes, diff_context=diff_context)
                 def _get_diff_from_pr_or_version(
                         self, source_repo, source_ref_id, target_ref_id,
                         hide_whitespace_changes, diff_context):
                     target_commit = source_repo.get_commit(
                         commit_id=safe_str(target_ref_id))
                     source_commit = source_repo.get_commit(
                         commit_id=safe_str(source_ref_id), maybe_unreachable=True)
                     if isinstance(source_repo, Repository):
                         vcs_repo = source_repo.scm_instance()
                     else:
                         vcs_repo = source_repo
                     # TODO: johbo: In the context of an update, we cannot reach
                     # the old commit anymore with our normal mechanisms. It needs
                     # some sort of special support in the vcs layer to avoid this
                     # workaround.
                     if (source_commit.raw_id == vcs_repo.EMPTY_COMMIT_ID and
                             vcs_repo.alias == 'git'):
                         source_commit.raw_id = safe_str(source_ref_id)
                     log.debug('calculating diff between '
                               'source_ref:%s and target_ref:%s for repo `%s`',
                               target_ref_id, source_ref_id,
                               safe_unicode(vcs_repo.path))
                     vcs_diff = vcs_repo.get_diff(
                         commit1=target_commit, commit2=source_commit,
                         ignore_whitespace=hide_whitespace_changes, context=diff_context)
                     return vcs_diff
                 def _is_merge_enabled(self, pull_request):
                     return self._get_general_setting(
                         pull_request, 'rhodecode_pr_merge_enabled')
                 def _use_rebase_for_merging(self, pull_request):
                     repo_type = pull_request.target_repo.repo_type
                     if repo_type == 'hg':
                         return self._get_general_setting(
                             pull_request, 'rhodecode_hg_use_rebase_for_merging')
                     elif repo_type == 'git':
                         return self._get_general_setting(
                             pull_request, 'rhodecode_git_use_rebase_for_merging')
                     return False
                 def _user_name_for_merging(self, pull_request, user):
                     env_user_name_attr = os.environ.get('RC_MERGE_USER_NAME_ATTR', '')
                     if env_user_name_attr and hasattr(user, env_user_name_attr):
                         user_name_attr = env_user_name_attr
                     else:
                         user_name_attr = 'short_contact'
                     user_name = getattr(user, user_name_attr)
                     return user_name
                 def _close_branch_before_merging(self, pull_request):
                     repo_type = pull_request.target_repo.repo_type
                     if repo_type == 'hg':
                         return self._get_general_setting(
                             pull_request, 'rhodecode_hg_close_branch_before_merging')
                     elif repo_type == 'git':
                         return self._get_general_setting(
                             pull_request, 'rhodecode_git_close_branch_before_merging')
                     return False
                 def _get_general_setting(self, pull_request, settings_key, default=False):
                     settings_model = VcsSettingsModel(repo=pull_request.target_repo)
                     settings = settings_model.get_general_settings()
                     return settings.get(settings_key, default)
                 def _log_audit_action(self, action, action_data, user, pull_request):
                     audit_logger.store(
                         action=action,
                         action_data=action_data,
                         user=user,
                         repo=pull_request.target_repo)
                 def get_reviewer_functions(self):
                     """
                     Fetches functions for validation and fetching default reviewers.
                     If available we use the EE package, else we fallback to CE
                     package functions
                     """
                     try:
                         from rc_reviewers.utils import get_default_reviewers_data
                         from rc_reviewers.utils import validate_default_reviewers
                     except ImportError:
                         from rhodecode.apps.repository.utils import get_default_reviewers_data
                         from rhodecode.apps.repository.utils import validate_default_reviewers
                     return get_default_reviewers_data, validate_default_reviewers
             class MergeCheck(object):
                 """
                 Perform Merge Checks and returns a check object which stores information
                 about merge errors, and merge conditions
                 """
                 TODO_CHECK = 'todo'
                 PERM_CHECK = 'perm'
                 REVIEW_CHECK = 'review'
                 MERGE_CHECK = 'merge'
                 WIP_CHECK = 'wip'
                 def __init__(self):
                     self.review_status = None
                     self.merge_possible = None
                     self.merge_msg = ''
                     self.merge_response = None
                     self.failed = None
                     self.errors = []
                     self.error_details = OrderedDict()
                     self.source_commit = AttributeDict()
                     self.target_commit = AttributeDict()
                 def __repr__(self):
                     return '<MergeCheck(possible:{}, failed:{}, errors:{})>'.format(
                         self.merge_possible, self.failed, self.errors)
                 def push_error(self, error_type, message, error_key, details):
                     self.failed = True
                     self.errors.append([error_type, message])
                     self.error_details[error_key] = dict(
                         details=details,
                         error_type=error_type,
                         message=message
                     )
                 @classmethod
                 def validate(cls, pull_request, auth_user, translator, fail_early=False,
                              force_shadow_repo_refresh=False):
                     _ = translator
                     merge_check = cls()
                     # title has WIP:
                     if pull_request.work_in_progress:
                         log.debug("MergeCheck: cannot merge, title has wip: marker.")
                         msg = _('WIP marker in title prevents from accidental merge.')
                         merge_check.push_error('error', msg, cls.WIP_CHECK, pull_request.title)
                         if fail_early:
                             return merge_check
                     # permissions to merge
                     user_allowed_to_merge = PullRequestModel().check_user_merge(pull_request, auth_user)
                     if not user_allowed_to_merge:
                         log.debug("MergeCheck: cannot merge, approval is pending.")
                         msg = _('User `{}` not allowed to perform merge.').format(auth_user.username)
                         merge_check.push_error('error', msg, cls.PERM_CHECK, auth_user.username)
                         if fail_early:
                             return merge_check
                     # permission to merge into the target branch
                     target_commit_id = pull_request.target_ref_parts.commit_id
                     if pull_request.target_ref_parts.type == 'branch':
                         branch_name = pull_request.target_ref_parts.name
                     else:
                         # for mercurial we can always figure out the branch from the commit
                         # in case of bookmark
                         target_commit = pull_request.target_repo.get_commit(target_commit_id)
                         branch_name = target_commit.branch
                     rule, branch_perm = auth_user.get_rule_and_branch_permission(
                         pull_request.target_repo.repo_name, branch_name)
                     if branch_perm and branch_perm == 'branch.none':
                         msg = _('Target branch `{}` changes rejected by rule {}.').format(
                             branch_name, rule)
                         merge_check.push_error('error', msg, cls.PERM_CHECK, auth_user.username)
                         if fail_early:
                             return merge_check
                     # review status, must be always present
                     review_status = pull_request.calculated_review_status()
                     merge_check.review_status = review_status
                     status_approved = review_status == ChangesetStatus.STATUS_APPROVED
                     if not status_approved:
                         log.debug("MergeCheck: cannot merge, approval is pending.")
                         msg = _('Pull request reviewer approval is pending.')
                         merge_check.push_error('warning', msg, cls.REVIEW_CHECK, review_status)
                         if fail_early:
                             return merge_check
                     # left over TODOs
                     todos = CommentsModel().get_pull_request_unresolved_todos(pull_request)
                     if todos:
                         log.debug("MergeCheck: cannot merge, {} "
                                   "unresolved TODOs left.".format(len(todos)))
                         if len(todos) == 1:
                             msg = _('Cannot merge, {} TODO still not resolved.').format(
                                 len(todos))
                         else:
                             msg = _('Cannot merge, {} TODOs still not resolved.').format(
                                 len(todos))
                         merge_check.push_error('warning', msg, cls.TODO_CHECK, todos)
                         if fail_early:
                             return merge_check
                     # merge possible, here is the filesystem simulation + shadow repo
                     merge_response, merge_status, msg = PullRequestModel().merge_status(
                         pull_request, translator=translator,
                         force_shadow_repo_refresh=force_shadow_repo_refresh)
                     merge_check.merge_possible = merge_status
                     merge_check.merge_msg = msg
                     merge_check.merge_response = merge_response
                     source_ref_id = pull_request.source_ref_parts.commit_id
                     target_ref_id = pull_request.target_ref_parts.commit_id
                     try:
                         source_commit, target_commit = PullRequestModel().get_flow_commits(pull_request)
                         merge_check.source_commit.changed = source_ref_id != source_commit.raw_id
                         merge_check.source_commit.ref_spec = pull_request.source_ref_parts
                         merge_check.source_commit.current_raw_id = source_commit.raw_id
                         merge_check.source_commit.previous_raw_id = source_ref_id
                         merge_check.target_commit.changed = target_ref_id != target_commit.raw_id
                         merge_check.target_commit.ref_spec = pull_request.target_ref_parts
                         merge_check.target_commit.current_raw_id = target_commit.raw_id
                         merge_check.target_commit.previous_raw_id = target_ref_id
                     except (SourceRefMissing, TargetRefMissing):
                         pass
                     if not merge_status:
                         log.debug("MergeCheck: cannot merge, pull request merge not possible.")
                         merge_check.push_error('warning', msg, cls.MERGE_CHECK, None)
                         if fail_early:
                             return merge_check
                     log.debug('MergeCheck: is failed: %s', merge_check.failed)
                     return merge_check
                 @classmethod
                 def get_merge_conditions(cls, pull_request, translator):
                     _ = translator
                     merge_details = {}
                     model = PullRequestModel()
                     use_rebase = model._use_rebase_for_merging(pull_request)
                     if use_rebase:
                         merge_details['merge_strategy'] = dict(
                             details={},
                             message=_('Merge strategy: rebase')
                         )
                     else:
                         merge_details['merge_strategy'] = dict(
                             details={},
                             message=_('Merge strategy: explicit merge commit')
                         )
                     close_branch = model._close_branch_before_merging(pull_request)
                     if close_branch:
                         repo_type = pull_request.target_repo.repo_type
                         close_msg = ''
                         if repo_type == 'hg':
                             close_msg = _('Source branch will be closed after merge.')
                         elif repo_type == 'git':
                             close_msg = _('Source branch will be deleted after merge.')
                         merge_details['close_branch'] = dict(
                             details={},
                             message=close_msg
                         )
                     return merge_details
             ChangeTuple = collections.namedtuple(
                 'ChangeTuple', ['added', 'common', 'removed', 'total'])
             FileChangeTuple = collections.namedtuple(
                 'FileChangeTuple', ['added', 'modified', 'removed'])

rhodecode/model/user.py

0 +64 -24

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             users model for RhodeCode
             """
             import logging
             import traceback
             import datetime
             import ipaddress
             from pyramid.threadlocal import get_current_request
             from sqlalchemy.exc import DatabaseError
             from rhodecode import events
             from rhodecode.lib.user_log_filter import user_log_filter
             from rhodecode.lib.utils2 import (
                 safe_unicode, get_current_rhodecode_user, action_logger_generic,
                 AttributeDict, str2bool)
             from rhodecode.lib.exceptions import (
                 DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,
-                UserOwnsUserGroupsException, NotAllowedToCreateUserError, UserOwnsArtifactsException)
+                UserOwnsUserGroupsException, NotAllowedToCreateUserError,
+                UserOwnsPullRequestsException, UserOwnsArtifactsException)
             from rhodecode.lib.caching_query import FromCache
             from rhodecode.model import BaseModel
-            from rhodecode.model.auth_token import AuthTokenModel
             from rhodecode.model.db import (
                 _hash_key, true, false, or_, joinedload, User, UserToPerm,
                 UserEmailMap, UserIpMap, UserLog)
             from rhodecode.model.meta import Session
+            from rhodecode.model.auth_token import AuthTokenModel
             from rhodecode.model.repo_group import RepoGroupModel
             log = logging.getLogger(__name__)
             class UserModel(BaseModel):
                 cls = User
                 def get(self, user_id, cache=False):
                     user = self.sa.query(User)
                     if cache:
                         user = user.options(
                             FromCache("sql_cache_short", "get_user_%s" % user_id))
                     return user.get(user_id)
                 def get_user(self, user):
                     return self._get_user(user)
                 def _serialize_user(self, user):
                     import rhodecode.lib.helpers as h
                     return {
                         'id': user.user_id,
                         'first_name': user.first_name,
                         'last_name': user.last_name,
                         'username': user.username,
                         'email': user.email,
                         'icon_link': h.gravatar_url(user.email, 30),
                         'profile_link':  h.link_to_user(user),
                         'value_display': h.escape(h.person(user)),
                         'value': user.username,
                         'value_type': 'user',
                         'active': user.active,
                     }
                 def get_users(self, name_contains=None, limit=20, only_active=True):
                     query = self.sa.query(User)
                     if only_active:
                         query = query.filter(User.active == true())
                     if name_contains:
                         ilike_expression = u'%{}%'.format(safe_unicode(name_contains))
                         query = query.filter(
                             or_(
                                 User.name.ilike(ilike_expression),
                                 User.lastname.ilike(ilike_expression),
                                 User.username.ilike(ilike_expression)
                             )
                         )
                         query = query.limit(limit)
                     users = query.all()
                     _users = [
                         self._serialize_user(user) for user in users
                     ]
                     return _users
                 def get_by_username(self, username, cache=False, case_insensitive=False):
                     if case_insensitive:
                         user = self.sa.query(User).filter(User.username.ilike(username))
                     else:
                         user = self.sa.query(User)\
                             .filter(User.username == username)
                     if cache:
                         name_key = _hash_key(username)
                         user = user.options(
                             FromCache("sql_cache_short", "get_user_%s" % name_key))
                     return user.scalar()
                 def get_by_email(self, email, cache=False, case_insensitive=False):
                     return User.get_by_email(email, case_insensitive, cache)
                 def get_by_auth_token(self, auth_token, cache=False):
                     return User.get_by_auth_token(auth_token, cache)
                 def get_active_user_count(self, cache=False):
                     qry = User.query().filter(
                         User.active == true()).filter(
                             User.username != User.DEFAULT_USER)
                     if cache:
                         qry = qry.options(
                             FromCache("sql_cache_short", "get_active_users"))
                     return qry.count()
                 def create(self, form_data, cur_user=None):
                     if not cur_user:
                         cur_user = getattr(get_current_rhodecode_user(), 'username', None)
                     user_data = {
                         'username': form_data['username'],
                         'password': form_data['password'],
                         'email': form_data['email'],
                         'firstname': form_data['firstname'],
                         'lastname': form_data['lastname'],
                         'active': form_data['active'],
                         'extern_type': form_data['extern_type'],
                         'extern_name': form_data['extern_name'],
                         'admin': False,
                         'cur_user': cur_user
                     }
                     if 'create_repo_group' in form_data:
                         user_data['create_repo_group'] = str2bool(
                             form_data.get('create_repo_group'))
                     try:
                         if form_data.get('password_change'):
                             user_data['force_password_change'] = True
                         return UserModel().create_or_update(**user_data)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def update_user(self, user, skip_attrs=None, **kwargs):
                     from rhodecode.lib.auth import get_crypt_password
                     user = self._get_user(user)
                     if user.username == User.DEFAULT_USER:
                         raise DefaultUserException(
                             "You can't edit this user (`%(username)s`) since it's "
                             "crucial for entire application" % {
                             'username': user.username})
                     # first store only defaults
                     user_attrs = {
                         'updating_user_id': user.user_id,
                         'username': user.username,
                         'password': user.password,
                         'email': user.email,
                         'firstname': user.name,
                         'lastname': user.lastname,
                         'description': user.description,
                         'active': user.active,
                         'admin': user.admin,
                         'extern_name': user.extern_name,
                         'extern_type': user.extern_type,
                         'language': user.user_data.get('language')
                     }
                     # in case there's new_password, that comes from form, use it to
                     # store password
                     if kwargs.get('new_password'):
                         kwargs['password'] = kwargs['new_password']
                     # cleanups, my_account password change form
                     kwargs.pop('current_password', None)
                     kwargs.pop('new_password', None)
                     # cleanups, user edit password change form
                     kwargs.pop('password_confirmation', None)
                     kwargs.pop('password_change', None)
                     # create repo group on user creation
                     kwargs.pop('create_repo_group', None)
                     # legacy forms send name, which is the firstname
                     firstname = kwargs.pop('name', None)
                     if firstname:
                         kwargs['firstname'] = firstname
                     for k, v in kwargs.items():
                         # skip if we don't want to update this
                         if skip_attrs and k in skip_attrs:
                             continue
                         user_attrs[k] = v
                     try:
                         return self.create_or_update(**user_attrs)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def create_or_update(
                         self, username, password, email, firstname='', lastname='',
                         active=True, admin=False, extern_type=None, extern_name=None,
                         cur_user=None, plugin=None, force_password_change=False,
                         allow_to_create_user=True, create_repo_group=None,
                         updating_user_id=None, language=None, description='',
                         strict_creation_check=True):
                     """
                     Creates a new instance if not found, or updates current one
                     :param username:
                     :param password:
                     :param email:
                     :param firstname:
                     :param lastname:
                     :param active:
                     :param admin:
                     :param extern_type:
                     :param extern_name:
                     :param cur_user:
                     :param plugin: optional plugin this method was called from
                     :param force_password_change: toggles new or existing user flag
                         for password change
                     :param allow_to_create_user: Defines if the method can actually create
                         new users
                     :param create_repo_group: Defines if the method should also
                         create an repo group with user name, and owner
                     :param updating_user_id: if we set it up this is the user we want to
                         update this allows to editing username.
                     :param language: language of user from interface.
                     :param description: user description
                     :param strict_creation_check: checks for allowed creation license wise etc.
                     :returns: new User object with injected `is_new_user` attribute.
                     """
                     if not cur_user:
                         cur_user = getattr(get_current_rhodecode_user(), 'username', None)
                     from rhodecode.lib.auth import (
-                        get_crypt_password, check_password, generate_auth_token)
+                        get_crypt_password, check_password)
                     from rhodecode.lib.hooks_base import (
                         log_create_user, check_allowed_create_user)
                     def _password_change(new_user, password):
                         old_password = new_user.password or ''
                         # empty password
                         if not old_password:
                             return False
                         # password check is only needed for RhodeCode internal auth calls
                         # in case it's a plugin we don't care
                         if not plugin:
                             # first check if we gave crypted password back, and if it
                             # matches it's not password change
                             if new_user.password == password:
                                 return False
                             password_match = check_password(password, old_password)
                             if not password_match:
                                 return True
                         return False
                     # read settings on default personal repo group creation
                     if create_repo_group is None:
                         default_create_repo_group = RepoGroupModel()\
                             .get_default_create_personal_repo_group()
                         create_repo_group = default_create_repo_group
                     user_data = {
                         'username': username,
                         'password': password,
                         'email': email,
                         'firstname': firstname,
                         'lastname': lastname,
                         'active': active,
                         'admin': admin
                     }
                     if updating_user_id:
                         log.debug('Checking for existing account in RhodeCode '
                                   'database with user_id `%s` ', updating_user_id)
                         user = User.get(updating_user_id)
                     else:
                         log.debug('Checking for existing account in RhodeCode '
                                   'database with username `%s` ', username)
                         user = User.get_by_username(username, case_insensitive=True)
                     if user is None:
                         # we check internal flag if this method is actually allowed to
                         # create new user
                         if not allow_to_create_user:
                             msg = ('Method wants to create new user, but it is not '
                                    'allowed to do so')
                             log.warning(msg)
                             raise NotAllowedToCreateUserError(msg)
                         log.debug('Creating new user %s', username)
                         # only if we create user that is active
                         new_active_user = active
                         if new_active_user and strict_creation_check:
                             # raises UserCreationError if it's not allowed for any reason to
                             # create new active user, this also executes pre-create hooks
                             check_allowed_create_user(user_data, cur_user, strict_check=True)
                         events.trigger(events.UserPreCreate(user_data))
                         new_user = User()
                         edit = False
                     else:
                         log.debug('updating user `%s`', username)
                         events.trigger(events.UserPreUpdate(user, user_data))
                         new_user = user
                         edit = True
                         # we're not allowed to edit default user
                         if user.username == User.DEFAULT_USER:
                             raise DefaultUserException(
                                 "You can't edit this user (`%(username)s`) since it's "
                                 "crucial for entire application"
                                 % {'username': user.username})
                     # inject special attribute that will tell us if User is new or old
                     new_user.is_new_user = not edit
                     # for users that didn's specify auth type, we use RhodeCode built in
                     from rhodecode.authentication.plugins import auth_rhodecode
                     extern_name = extern_name or auth_rhodecode.RhodeCodeAuthPlugin.uid
                     extern_type = extern_type or auth_rhodecode.RhodeCodeAuthPlugin.uid
                     try:
                         new_user.username = username
                         new_user.admin = admin
                         new_user.email = email
                         new_user.active = active
                         new_user.extern_name = safe_unicode(extern_name)
                         new_user.extern_type = safe_unicode(extern_type)
                         new_user.name = firstname
                         new_user.lastname = lastname
                         new_user.description = description
                         # set password only if creating an user or password is changed
                         if not edit or _password_change(new_user, password):
                             reason = 'new password' if edit else 'new user'
                             log.debug('Updating password reason=>%s', reason)
                             new_user.password = get_crypt_password(password) if password else None
                         if force_password_change:
                             new_user.update_userdata(force_password_change=True)
                         if language:
                             new_user.update_userdata(language=language)
                         new_user.update_userdata(notification_status=True)
                         self.sa.add(new_user)
                         if not edit and create_repo_group:
                             RepoGroupModel().create_personal_repo_group(
                                 new_user, commit_early=False)
                         if not edit:
                             # add the RSS token
                             self.add_auth_token(
                                 user=username, lifetime_minutes=-1,
                                 role=self.auth_token_role.ROLE_FEED,
                                 description=u'Generated feed token')
                             kwargs = new_user.get_dict()
                             # backward compat, require api_keys present
                             kwargs['api_keys'] = kwargs['auth_tokens']
                             log_create_user(created_by=cur_user, **kwargs)
                             events.trigger(events.UserPostCreate(user_data))
                         return new_user
                     except (DatabaseError,):
                         log.error(traceback.format_exc())
                         raise
                 def create_registration(self, form_data,
                                         extern_name='rhodecode', extern_type='rhodecode'):
                     from rhodecode.model.notification import NotificationModel
                     from rhodecode.model.notification import EmailNotificationModel
                     try:
                         form_data['admin'] = False
                         form_data['extern_name'] = extern_name
                         form_data['extern_type'] = extern_type
                         new_user = self.create(form_data)
                         self.sa.add(new_user)
                         self.sa.flush()
                         user_data = new_user.get_dict()
                         user_data.update({
                             'first_name': user_data.get('firstname'),
                             'last_name': user_data.get('lastname'),
                         })
                         kwargs = {
                             # use SQLALCHEMY safe dump of user data
                             'user': AttributeDict(user_data),
                             'date': datetime.datetime.now()
                         }
                         notification_type = EmailNotificationModel.TYPE_REGISTRATION
                         # pre-generate the subject for notification itself
                         (subject,
                          _h, _e,  # we don't care about those
                          body_plaintext) = EmailNotificationModel().render_email(
                             notification_type, **kwargs)
                         # create notification objects, and emails
                         NotificationModel().create(
                             created_by=new_user,
                             notification_subject=subject,
                             notification_body=body_plaintext,
                             notification_type=notification_type,
                             recipients=None,  # all admins
                             email_kwargs=kwargs,
                         )
                         return new_user
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
-                def _handle_user_repos(self, username, repositories, handle_mode=None):
+                def _handle_user_repos(self, username, repositories, handle_user,
-                    _superadmin = self.cls.get_first_super_admin()
+                                       handle_mode=None):
                     left_overs = True
                     from rhodecode.model.repo import RepoModel
                     if handle_mode == 'detach':
                         for obj in repositories:
-                            obj.user = _superadmin
+                            obj.user = handle_user
                             # set description we know why we super admin now owns
                             # additional repositories that were orphaned !
                             obj.description += '  \n::detached repository from deleted user: %s' % (username,)
                             self.sa.add(obj)
                         left_overs = False
                     elif handle_mode == 'delete':
                         for obj in repositories:
                             RepoModel().delete(obj, forks='detach')
                         left_overs = False
                     # if nothing is done we have left overs left
                     return left_overs
-                def _handle_user_repo_groups(self, username, repository_groups,
+                def _handle_user_repo_groups(self, username, repository_groups, handle_user,
                                              handle_mode=None):
-                    _superadmin = self.cls.get_first_super_admin()
                     left_overs = True
                     from rhodecode.model.repo_group import RepoGroupModel
                     if handle_mode == 'detach':
                         for r in repository_groups:
-                            r.user = _superadmin
+                            r.user = handle_user
                             # set description we know why we super admin now owns
                             # additional repositories that were orphaned !
                             r.group_description += '  \n::detached repository group from deleted user: %s' % (username,)
                             r.personal = False
                             self.sa.add(r)
                         left_overs = False
                     elif handle_mode == 'delete':
                         for r in repository_groups:
                             RepoGroupModel().delete(r)
                         left_overs = False
                     # if nothing is done we have left overs left
                     return left_overs
-                def _handle_user_user_groups(self, username, user_groups, handle_mode=None):
+                def _handle_user_user_groups(self, username, user_groups, handle_user,
-                    _superadmin = self.cls.get_first_super_admin()
+                                             handle_mode=None):
                     left_overs = True
                     from rhodecode.model.user_group import UserGroupModel
                     if handle_mode == 'detach':
                         for r in user_groups:
                             for user_user_group_to_perm in r.user_user_group_to_perm:
                                 if user_user_group_to_perm.user.username == username:
-                                    user_user_group_to_perm.user = _superadmin
+                                    user_user_group_to_perm.user = handle_user
-                            r.user = _superadmin
+                            r.user = handle_user
                             # set description we know why we super admin now owns
                             # additional repositories that were orphaned !
                             r.user_group_description += '  \n::detached user group from deleted user: %s' % (username,)
                             self.sa.add(r)
                         left_overs = False
                     elif handle_mode == 'delete':
                         for r in user_groups:
                             UserGroupModel().delete(r)
                         left_overs = False
                     # if nothing is done we have left overs left
                     return left_overs
-                def _handle_user_artifacts(self, username, artifacts, handle_mode=None):
+                def _handle_user_pull_requests(self, username, pull_requests, handle_user,
-                    _superadmin = self.cls.get_first_super_admin()
+                                               handle_mode=None):
+                    left_overs = True
+                    from rhodecode.model.pull_request import PullRequestModel
+                    if handle_mode == 'detach':
+                        for pr in pull_requests:
+                            pr.user_id = handle_user.user_id
+                            # set description we know why we super admin now owns
+                            # additional repositories that were orphaned !
+                            pr.description += '  \n::detached pull requests from deleted user: %s' % (username,)
+                            self.sa.add(pr)
+                        left_overs = False
+                    elif handle_mode == 'delete':
+                        for pr in pull_requests:
+                            PullRequestModel().delete(pr)
+                        left_overs = False
+                    # if nothing is done we have left overs left
+                    return left_overs
+                def _handle_user_artifacts(self, username, artifacts, handle_user,
+                                           handle_mode=None):
                     left_overs = True
                     if handle_mode == 'detach':
                         for a in artifacts:
-                            a.upload_user = _superadmin
+                            a.upload_user = handle_user
                             # set description we know why we super admin now owns
                             # additional artifacts that were orphaned !
                             a.file_description += '  \n::detached artifact from deleted user: %s' % (username,)
                             self.sa.add(a)
                         left_overs = False
                     elif handle_mode == 'delete':
                         from rhodecode.apps.file_store import utils as store_utils
-                        storage = store_utils.get_file_storage(self.request.registry.settings)
+                        request = get_current_request()
+                        storage = store_utils.get_file_storage(request.registry.settings)
                         for a in artifacts:
                             file_uid = a.file_uid
                             storage.delete(file_uid)
                             self.sa.delete(a)
                         left_overs = False
                     # if nothing is done we have left overs left
                     return left_overs
                 def delete(self, user, cur_user=None, handle_repos=None,
-                           handle_repo_groups=None, handle_user_groups=None, handle_artifacts=None):
+                           handle_repo_groups=None, handle_user_groups=None,
+                           handle_pull_requests=None, handle_artifacts=None, handle_new_owner=None):
                     from rhodecode.lib.hooks_base import log_delete_user
                     if not cur_user:
                         cur_user = getattr(get_current_rhodecode_user(), 'username', None)
                     user = self._get_user(user)
                     try:
                         if user.username == User.DEFAULT_USER:
                             raise DefaultUserException(
                                 u"You can't remove this user since it's"
                                 u" crucial for entire application")
+                        handle_user = handle_new_owner or self.cls.get_first_super_admin()
+                        log.debug('New detached objects owner %s', handle_user)
                         left_overs = self._handle_user_repos(
-                            user.username, user.repositories, handle_repos)
+                            user.username, user.repositories, handle_user, handle_repos)
                         if left_overs and user.repositories:
                             repos = [x.repo_name for x in user.repositories]
                             raise UserOwnsReposException(
                                 u'user "%(username)s" still owns %(len_repos)s repositories and cannot be '
                                 u'removed. Switch owners or remove those repositories:%(list_repos)s'
                                 % {'username': user.username, 'len_repos': len(repos),
                                    'list_repos': ', '.join(repos)})
                         left_overs = self._handle_user_repo_groups(
-                            user.username, user.repository_groups, handle_repo_groups)
+                            user.username, user.repository_groups, handle_user, handle_repo_groups)
                         if left_overs and user.repository_groups:
                             repo_groups = [x.group_name for x in user.repository_groups]
                             raise UserOwnsRepoGroupsException(
                                 u'user "%(username)s" still owns %(len_repo_groups)s repository groups and cannot be '
                                 u'removed. Switch owners or remove those repository groups:%(list_repo_groups)s'
                                 % {'username': user.username, 'len_repo_groups': len(repo_groups),
                                    'list_repo_groups': ', '.join(repo_groups)})
                         left_overs = self._handle_user_user_groups(
-                            user.username, user.user_groups, handle_user_groups)
+                            user.username, user.user_groups, handle_user, handle_user_groups)
                         if left_overs and user.user_groups:
                             user_groups = [x.users_group_name for x in user.user_groups]
                             raise UserOwnsUserGroupsException(
                                 u'user "%s" still owns %s user groups and cannot be '
                                 u'removed. Switch owners or remove those user groups:%s'
                                 % (user.username, len(user_groups), ', '.join(user_groups)))
+                        left_overs = self._handle_user_pull_requests(
+                            user.username, user.user_pull_requests, handle_user, handle_pull_requests)
+                        if left_overs and user.user_pull_requests:
+                            pull_requests = ['!{}'.format(x.pull_request_id) for x in user.user_pull_requests]
+                            raise UserOwnsPullRequestsException(
+                                u'user "%s" still owns %s pull requests and cannot be '
+                                u'removed. Switch owners or remove those pull requests:%s'
+                                % (user.username, len(pull_requests), ', '.join(pull_requests)))
                         left_overs = self._handle_user_artifacts(
-                            user.username, user.artifacts, handle_artifacts)
+                            user.username, user.artifacts, handle_user, handle_artifacts)
                         if left_overs and user.artifacts:
                             artifacts = [x.file_uid for x in user.artifacts]
                             raise UserOwnsArtifactsException(
                                 u'user "%s" still owns %s artifacts and cannot be '
                                 u'removed. Switch owners or remove those artifacts:%s'
                                 % (user.username, len(artifacts), ', '.join(artifacts)))
                         user_data = user.get_dict()  # fetch user data before expire
                         # we might change the user data with detach/delete, make sure
                         # the object is marked as expired before actually deleting !
                         self.sa.expire(user)
                         self.sa.delete(user)
                         log_delete_user(deleted_by=cur_user, **user_data)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def reset_password_link(self, data, pwd_reset_url):
                     from rhodecode.lib.celerylib import tasks, run_task
                     from rhodecode.model.notification import EmailNotificationModel
                     user_email = data['email']
                     try:
                         user = User.get_by_email(user_email)
                         if user:
                             log.debug('password reset user found %s', user)
                             email_kwargs = {
                                 'password_reset_url': pwd_reset_url,
                                 'user': user,
                                 'email': user_email,
                                 'date': datetime.datetime.now(),
                                 'first_admin_email': User.get_first_super_admin().email
                             }
                             (subject, headers, email_body,
                              email_body_plaintext) = EmailNotificationModel().render_email(
                                 EmailNotificationModel.TYPE_PASSWORD_RESET, **email_kwargs)
                             recipients = [user_email]
                             action_logger_generic(
                                 'sending password reset email to user: {}'.format(
                                     user), namespace='security.password_reset')
                             run_task(tasks.send_email, recipients, subject,
                                      email_body_plaintext, email_body)
                         else:
                             log.debug("password reset email %s not found", user_email)
                     except Exception:
                         log.error(traceback.format_exc())
                         return False
                     return True
                 def reset_password(self, data):
                     from rhodecode.lib.celerylib import tasks, run_task
                     from rhodecode.model.notification import EmailNotificationModel
                     from rhodecode.lib import auth
                     user_email = data['email']
                     pre_db = True
                     try:
                         user = User.get_by_email(user_email)
                         new_passwd = auth.PasswordGenerator().gen_password(
 , auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
                         if user:
                             user.password = auth.get_crypt_password(new_passwd)
                             # also force this user to reset his password !
                             user.update_userdata(force_password_change=True)
                             Session().add(user)
                             # now delete the token in question
                             UserApiKeys = AuthTokenModel.cls
                             UserApiKeys().query().filter(
                                 UserApiKeys.api_key == data['token']).delete()
                             Session().commit()
                             log.info('successfully reset password for `%s`', user_email)
                         if new_passwd is None:
                             raise Exception('unable to generate new password')
                         pre_db = False
                         email_kwargs = {
                             'new_password': new_passwd,
                             'user': user,
                             'email': user_email,
                             'date': datetime.datetime.now(),
                             'first_admin_email': User.get_first_super_admin().email
                         }
                         (subject, headers, email_body,
                          email_body_plaintext) = EmailNotificationModel().render_email(
                             EmailNotificationModel.TYPE_PASSWORD_RESET_CONFIRMATION,
                             **email_kwargs)
                         recipients = [user_email]
                         action_logger_generic(
                             'sent new password to user: {} with email: {}'.format(
                                 user, user_email), namespace='security.password_reset')
                         run_task(tasks.send_email, recipients, subject,
                                  email_body_plaintext, email_body)
                     except Exception:
                         log.error('Failed to update user password')
                         log.error(traceback.format_exc())
                         if pre_db:
                             # we rollback only if local db stuff fails. If it goes into
                             # run_task, we're pass rollback state this wouldn't work then
                             Session().rollback()
                     return True
                 def fill_data(self, auth_user, user_id=None, api_key=None, username=None):
                     """
                     Fetches auth_user by user_id,or api_key if present.
                     Fills auth_user attributes with those taken from database.
                     Additionally set's is_authenitated if lookup fails
                     present in database
                     :param auth_user: instance of user to set attributes
                     :param user_id: user id to fetch by
                     :param api_key: api key to fetch by
                     :param username: username to fetch by
                     """
                     def token_obfuscate(token):
                         if token:
                             return token[:4] + "****"
                     if user_id is None and api_key is None and username is None:
                         raise Exception('You need to pass user_id, api_key or username')
                     log.debug(
                         'AuthUser: fill data execution based on: '
                         'user_id:%s api_key:%s username:%s', user_id, api_key, username)
                     try:
                         dbuser = None
                         if user_id:
                             dbuser = self.get(user_id)
                         elif api_key:
                             dbuser = self.get_by_auth_token(api_key)
                         elif username:
                             dbuser = self.get_by_username(username)
                         if not dbuser:
                             log.warning(
                                 'Unable to lookup user by id:%s api_key:%s username:%s',
                                 user_id, token_obfuscate(api_key), username)
                             return False
                         if not dbuser.active:
                             log.debug('User `%s:%s` is inactive, skipping fill data',
                                       username, user_id)
                             return False
                         log.debug('AuthUser: filling found user:%s data', dbuser)
                         attrs = {
                             'user_id': dbuser.user_id,
                             'username': dbuser.username,
                             'name': dbuser.name,
                             'first_name': dbuser.first_name,
                             'firstname': dbuser.firstname,
                             'last_name': dbuser.last_name,
                             'lastname': dbuser.lastname,
                             'admin': dbuser.admin,
                             'active': dbuser.active,
                             'email': dbuser.email,
                             'emails': dbuser.emails_cached(),
                             'short_contact': dbuser.short_contact,
                             'full_contact': dbuser.full_contact,
                             'full_name': dbuser.full_name,
                             'full_name_or_username': dbuser.full_name_or_username,
                             '_api_key': dbuser._api_key,
                             '_user_data': dbuser._user_data,
                             'created_on': dbuser.created_on,
                             'extern_name': dbuser.extern_name,
                             'extern_type': dbuser.extern_type,
                             'inherit_default_permissions': dbuser.inherit_default_permissions,
                             'language': dbuser.language,
                             'last_activity': dbuser.last_activity,
                             'last_login': dbuser.last_login,
                             'password': dbuser.password,
                         }
                         auth_user.__dict__.update(attrs)
                     except Exception:
                         log.error(traceback.format_exc())
                         auth_user.is_authenticated = False
                         return False
                     return True
                 def has_perm(self, user, perm):
                     perm = self._get_perm(perm)
                     user = self._get_user(user)
                     return UserToPerm.query().filter(UserToPerm.user == user)\
                         .filter(UserToPerm.permission == perm).scalar() is not None
                 def grant_perm(self, user, perm):
                     """
                     Grant user global permissions
                     :param user:
                     :param perm:
                     """
                     user = self._get_user(user)
                     perm = self._get_perm(perm)
                     # if this permission is already granted skip it
                     _perm = UserToPerm.query()\
                         .filter(UserToPerm.user == user)\
                         .filter(UserToPerm.permission == perm)\
                         .scalar()
                     if _perm:
                         return
                     new = UserToPerm()
                     new.user = user
                     new.permission = perm
                     self.sa.add(new)
                     return new
                 def revoke_perm(self, user, perm):
                     """
                     Revoke users global permissions
                     :param user:
                     :param perm:
                     """
                     user = self._get_user(user)
                     perm = self._get_perm(perm)
                     obj = UserToPerm.query()\
                             .filter(UserToPerm.user == user)\
                             .filter(UserToPerm.permission == perm)\
                             .scalar()
                     if obj:
                         self.sa.delete(obj)
                 def add_extra_email(self, user, email):
                     """
                     Adds email address to UserEmailMap
                     :param user:
                     :param email:
                     """
                     user = self._get_user(user)
                     obj = UserEmailMap()
                     obj.user = user
                     obj.email = email
                     self.sa.add(obj)
                     return obj
                 def delete_extra_email(self, user, email_id):
                     """
                     Removes email address from UserEmailMap
                     :param user:
                     :param email_id:
                     """
                     user = self._get_user(user)
                     obj = UserEmailMap.query().get(email_id)
                     if obj and obj.user_id == user.user_id:
                         self.sa.delete(obj)
                 def parse_ip_range(self, ip_range):
                     ip_list = []
                     def make_unique(value):
                         seen = []
                         return [c for c in value if not (c in seen or seen.append(c))]
                     # firsts split by commas
                     for ip_range in ip_range.split(','):
                         if not ip_range:
                             continue
                         ip_range = ip_range.strip()
                         if '-' in ip_range:
                             start_ip, end_ip = ip_range.split('-', 1)
                             start_ip = ipaddress.ip_address(safe_unicode(start_ip.strip()))
                             end_ip = ipaddress.ip_address(safe_unicode(end_ip.strip()))
                             parsed_ip_range = []
-                            for index in xrange(int(start_ip), int(end_ip) + 1):
+                            for index in range(int(start_ip), int(end_ip) + 1):
                                 new_ip = ipaddress.ip_address(index)
                                 parsed_ip_range.append(str(new_ip))
                             ip_list.extend(parsed_ip_range)
                         else:
                             ip_list.append(ip_range)
                     return make_unique(ip_list)
                 def add_extra_ip(self, user, ip, description=None):
                     """
                     Adds ip address to UserIpMap
                     :param user:
                     :param ip:
                     """
                     user = self._get_user(user)
                     obj = UserIpMap()
                     obj.user = user
                     obj.ip_addr = ip
                     obj.description = description
                     self.sa.add(obj)
                     return obj
                 auth_token_role = AuthTokenModel.cls
                 def add_auth_token(self, user, lifetime_minutes, role, description=u'',
                                    scope_callback=None):
                     """
                     Add AuthToken for user.
                     :param user: username/user_id
                     :param lifetime_minutes: in minutes the lifetime for token, -1 equals no limit
                     :param role: one of AuthTokenModel.cls.ROLE_*
                     :param description: optional string description
                     """
                     token = AuthTokenModel().create(
                         user, description, lifetime_minutes, role)
                     if scope_callback and callable(scope_callback):
                         # call the callback if we provide, used to attach scope for EE edition
                         scope_callback(token)
                     return token
                 def delete_extra_ip(self, user, ip_id):
                     """
                     Removes ip address from UserIpMap
                     :param user:
                     :param ip_id:
                     """
                     user = self._get_user(user)
                     obj = UserIpMap.query().get(ip_id)
                     if obj and obj.user_id == user.user_id:
                         self.sa.delete(obj)
                 def get_accounts_in_creation_order(self, current_user=None):
                     """
                     Get accounts in order of creation for deactivation for license limits
                     pick currently logged in user, and append to the list in position 0
                     pick all super-admins in order of creation date and add it to the list
                     pick all other accounts in order of creation and add it to the list.
                     Based on that list, the last accounts can be disabled as they are
                     created at the end and don't include any of the super admins as well
                     as the current user.
                     :param current_user: optionally current user running this operation
                     """
                     if not current_user:
                         current_user = get_current_rhodecode_user()
                     active_super_admins = [
                         x.user_id for x in User.query()
                         .filter(User.user_id != current_user.user_id)
                         .filter(User.active == true())
                         .filter(User.admin == true())
                         .order_by(User.created_on.asc())]
                     active_regular_users = [
                         x.user_id for x in User.query()
                         .filter(User.user_id != current_user.user_id)
                         .filter(User.active == true())
                         .filter(User.admin == false())
                         .order_by(User.created_on.asc())]
                     list_of_accounts = [current_user.user_id]
                     list_of_accounts += active_super_admins
                     list_of_accounts += active_regular_users
                     return list_of_accounts
                 def deactivate_last_users(self, expected_users, current_user=None):
                     """
                     Deactivate accounts that are over the license limits.
                     Algorithm of which accounts to disabled is based on the formula:
                     Get current user, then super admins in creation order, then regular
                     active users in creation order.
                     Using that list we mark all accounts from the end of it as inactive.
                     This way we block only latest created accounts.
                     :param expected_users: list of users in special order, we deactivate
                         the end N amount of users from that list
                     """
                     list_of_accounts = self.get_accounts_in_creation_order(
                         current_user=current_user)
                     for acc_id in list_of_accounts[expected_users + 1:]:
                         user = User.get(acc_id)
                         log.info('Deactivating account %s for license unlock', user)
                         user.active = False
                         Session().add(user)
                         Session().commit()
                     return
                 def get_user_log(self, user, filter_term):
                     user_log = UserLog.query()\
                         .filter(or_(UserLog.user_id == user.user_id,
                                     UserLog.username == user.username))\
                         .options(joinedload(UserLog.user))\
                         .options(joinedload(UserLog.repository))\
                         .order_by(UserLog.action_date.desc())
                     user_log = user_log_filter(user_log, filter_term)
                     return user_log

rhodecode/templates/admin/users/user_edit_advanced.mako

0 +19 -6

             <%namespace name="base" file="/base/base.mako"/>
             <%
              elems = [
                 (_('User ID'), c.user.user_id, '', ''),
                 (_('Created on'), h.format_date(c.user.created_on), '', ''),
                 (_('Source of Record'), c.user.extern_type, '', ''),
                 (_('Last login'), c.user.last_login or '-', '', ''),
                 (_('Last activity'), c.user.last_activity, '', ''),
                 (_('Repositories'), len(c.user.repositories), '', [x.repo_name for x in c.user.repositories]),
                 (_('Repository groups'), len(c.user.repository_groups), '', [x.group_name for x in c.user.repository_groups]),
                 (_('User groups'), len(c.user.user_groups), '', [x.users_group_name for x in c.user.user_groups]),
                 (_('Owned Artifacts'), len(c.user.artifacts), '', [x.file_uid for x in c.user.artifacts]),
                 (_('Reviewer of pull requests'), len(c.user.reviewer_pull_requests), '', ['Pull Request #{}'.format(x.pull_request.pull_request_id) for x in c.user.reviewer_pull_requests]),
                 (_('Assigned to review rules'), len(c.user_to_review_rules), '', [x for x in c.user_to_review_rules]),
                 (_('Member of User groups'), len(c.user.group_member), '', [x.users_group.users_group_name for x in c.user.group_member]),
                 (_('Force password change'), c.user.user_data.get('force_password_change', 'False'), '', ''),
              ]
             %>
             <div class="panel panel-default">
                 <div class="panel-heading">
                     <h3 class="panel-title">
                         ${base.gravatar_with_user(c.user.username, 16, tooltip=False, _class='pull-left')}
                         &nbsp;- ${_('Access Permissions')}
                     </h3>
                 </div>
                 <div class="panel-body">
                     <table class="rctable">
                         <tr>
                             <th>Name</th>
                             <th>Value</th>
                             <th>Action</th>
                         </tr>
                         % for elem in elems:
                             ${base.tr_info_entry(elem)}
                         % endfor
                     </table>
                 </div>
             </div>
             <div class="panel panel-default">
                 <div class="panel-heading">
                     <h3 class="panel-title">${_('Force Password Reset')}</h3>
                 </div>
                 <div class="panel-body">
                     ${h.secure_form(h.route_path('user_disable_force_password_reset', user_id=c.user.user_id), request=request)}
                         <div class="field">
                             <button class="btn btn-default" type="submit">
                                 <i class="icon-unlock"></i> ${_('Disable forced password reset')}
                             </button>
                         </div>
                         <div class="field">
                             <span class="help-block">
                                 ${_("Clear the forced password change flag.")}
                             </span>
                         </div>
                     ${h.end_form()}
                     ${h.secure_form(h.route_path('user_enable_force_password_reset', user_id=c.user.user_id), request=request)}
                         <div class="field">
                             <button class="btn btn-default" type="submit" onclick="return confirm('${_('Confirm to enable forced password change')}');">
                                 <i class="icon-lock"></i> ${_('Enable forced password reset')}
                             </button>
                         </div>
                         <div class="field">
                             <span class="help-block">
                                 ${_("When this is enabled user will have to change they password when they next use RhodeCode system. This will also forbid vcs operations until someone makes a password change in the web interface")}
                             </span>
                         </div>
                     ${h.end_form()}
                 </div>
             </div>
             <div class="panel panel-default">
                 <div class="panel-heading">
                     <h3 class="panel-title">${_('Personal Repository Group')}</h3>
                 </div>
                 <div class="panel-body">
                     ${h.secure_form(h.route_path('user_create_personal_repo_group', user_id=c.user.user_id), request=request)}
                     %if c.personal_repo_group:
                         <div class="panel-body-title-text">${_('Users personal repository group')} : ${h.link_to(c.personal_repo_group.group_name, h.route_path('repo_group_home', repo_group_name=c.personal_repo_group.group_name))}</div>
                     %else:
                         <div class="panel-body-title-text">
                             ${_('This user currently does not have a personal repository group')}
                             <br/>
                             ${_('New group will be created at: `/%(path)s`') % {'path': c.personal_repo_group_name}}
                         </div>
                     %endif
                         <button class="btn btn-default" type="submit" ${'disabled="disabled"' if c.personal_repo_group else ''}>
                             <i class="icon-repo-group"></i>
                             ${_('Create personal repository group')}
                         </button>
                     ${h.end_form()}
                 </div>
             </div>
             <div class="panel panel-danger">
                 <div class="panel-heading">
                     <h3 class="panel-title">${_('Delete User')}</h3>
                 </div>
                 <div class="panel-body">
                     ${h.secure_form(h.route_path('user_delete', user_id=c.user.user_id), request=request)}
                         <table class="display rctable">
                             <tr>
                                 <td>
                                     ${_ungettext('This user owns %s repository.', 'This user owns %s repositories.', len(c.user.repositories)) % len(c.user.repositories)}
                                 </td>
                                 <td>
                                     <input type="radio" id="user_repos_1" name="user_repos" value="detach" checked="checked" ${'disabled=1' if len(c.user.repositories) == 0 else ''} /> <label for="user_repos_1">${_('Detach repositories')}</label>
                                 </td>
                                 <td>
                                     <input type="radio" id="user_repos_2" name="user_repos" value="delete" ${'disabled=1' if len(c.user.repositories) == 0 else ''} /> <label for="user_repos_2">${_('Delete repositories')}</label>
                                 </td>
                             </tr>
                             <tr>
                                 <td>
                                     ${_ungettext('This user owns %s repository group.', 'This user owns %s repository groups.', len(c.user.repository_groups)) % len(c.user.repository_groups)}
                                 </td>
                                 <td>
                                     <input type="radio" id="user_repo_groups_1" name="user_repo_groups" value="detach" checked="checked" ${'disabled=1' if len(c.user.repository_groups) == 0 else ''} /> <label for="user_repo_groups_1">${_('Detach repository groups')}</label>
                                 </td>
                                 <td>
                                     <input type="radio" id="user_repo_groups_2" name="user_repo_groups" value="delete" ${'disabled=1' if len(c.user.repository_groups) == 0 else ''}/> <label for="user_repo_groups_2">${_('Delete repositories')}</label>
                                 </td>
                             </tr>
                             <tr>
                                 <td>
                                     ${_ungettext('This user owns %s user group.', 'This user owns %s user groups.', len(c.user.user_groups)) % len(c.user.user_groups)}
                                 </td>
                                 <td>
                                     <input type="radio" id="user_user_groups_1" name="user_user_groups" value="detach" checked="checked" ${'disabled=1' if len(c.user.user_groups) == 0 else ''}/> <label for="user_user_groups_1">${_('Detach user groups')}</label>
                                 </td>
                                 <td>
                                     <input type="radio" id="user_user_groups_2" name="user_user_groups" value="delete" ${'disabled=1' if len(c.user.user_groups) == 0 else ''}/> <label for="user_user_groups_2">${_('Delete repositories')}</label>
                                 </td>
                             </tr>
                             <tr>
                                 <td>
+                                    ${_ungettext('This user owns %s pull request.', 'This user owns %s pull requests.', len(c.user.user_pull_requests)) % len(c.user.user_pull_requests)}
+                                </td>
+                                <td>
+                                    <input type="radio" id="user_pull_requests_1" name="user_pull_requests" value="detach" checked="checked" ${'disabled=1' if len(c.user.user_pull_requests) == 0 else ''}/> <label for="user_pull_requests_1">${_('Detach pull requests')}</label>
+                                </td>
+                                <td>
+                                    <input type="radio" id="user_pull_requests_2" name="user_pull_requests" value="delete" ${'disabled=1' if len(c.user.user_pull_requests) == 0 else ''}/> <label for="user_pull_requests_2">${_('Delete pull requests')}</label>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td>
                                     ${_ungettext('This user owns %s artifact.', 'This user owns %s artifacts.', len(c.user.artifacts)) % len(c.user.artifacts)}
                                 </td>
                                 <td>
                                     <input type="radio" id="user_artifacts_1" name="user_artifacts" value="detach" checked="checked" ${'disabled=1' if len(c.user.artifacts) == 0 else ''}/> <label for="user_artifacts_1">${_('Detach Artifacts')}</label>
                                 </td>
                                 <td>
                                     <input type="radio" id="user_artifacts_2" name="user_artifacts" value="delete" ${'disabled=1' if len(c.user.artifacts) == 0 else ''}/> <label for="user_artifacts_2">${_('Delete Artifacts')}</label>
                                 </td>
                             </tr>
                         </table>
                         <div style="margin: 0 0 20px 0" class="fake-space"></div>
                         <div class="pull-left">
                             % if len(c.user.repositories) > 0 or len(c.user.repository_groups) > 0 or len(c.user.user_groups) > 0:
                             % endif
                             <span style="padding: 0 5px 0 0">${_('New owner for detached objects')}:</span>
-                            <div class="pull-right">${base.gravatar_with_user(c.first_admin.email, 16)}</div>
+                            <div class="pull-right">${base.gravatar_with_user(c.detach_user.email, 16, tooltip=True)}</div>
+                            <input type="hidden" name="detach_user_id" value="${c.detach_user.user_id}">
                         </div>
                         <div style="clear: both">
                         <div>
                         <p class="help-block">
                             ${_("When selecting the detach option, the depending objects owned by this user will be assigned to the above user.")}
                             <br/>
                             ${_("The delete option will delete the user and all his owned objects!")}
                         </p>
                         </div>
                         % if c.can_delete_user_message:
                         <p class="pre-formatting">${c.can_delete_user_message}</p>
                         % endif
                         </div>
                         <div style="margin: 0 0 20px 0" class="fake-space"></div>
                         <div class="field">
-                            <button class="btn btn-small btn-danger" type="submit"
+                            <input class="btn btn-small btn-danger" id="remove_user" name="remove_user"
-                                    onclick="return confirm('${_('Confirm to delete this user: %s') % c.user.username}');"
+                                   onclick="submitConfirm(event, this, _gettext('Confirm to delete this user'), _gettext('Confirm Delete'), '${c.user.username}')"
-                                    ${"disabled" if not c.can_delete_user else ""}>
+                                   ${("disabled=1" if not c.can_delete_user else "")}
-                                ${_('Delete this user')}
+                                   type="submit" value="${_('Delete this user')}"
-                            </button>
                         </div>
                     ${h.end_form()}
                 </div>
             </div>

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages