rhodecode-enterprise-ce Commit - r1691:519ae2cd

1

# -*- coding: utf-8 -*-

1

# -*- coding: utf-8 -*-

2

3

4

#

4

#

5

# This program is free software: you can redistribute it and/or modify

5

# This program is free software: you can redistribute it and/or modify

6

# it under the terms of the GNU Affero General Public License, version 3

6

# it under the terms of the GNU Affero General Public License, version 3

7

# (only), as published by the Free Software Foundation.

7

# (only), as published by the Free Software Foundation.

8

#

8

#

9

# This program is distributed in the hope that it will be useful,

9

# This program is distributed in the hope that it will be useful,

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

12

# GNU General Public License for more details.

12

# GNU General Public License for more details.

13

#

13

#

14

# You should have received a copy of the GNU Affero General Public License

14

# You should have received a copy of the GNU Affero General Public License

15

# along with this program. If not, see <http://www.gnu.org/licenses/>.

15

# along with this program. If not, see <http://www.gnu.org/licenses/>.

16

#

16

#

17

# This program is dual-licensed. If you wish to learn more about the

17

# This program is dual-licensed. If you wish to learn more about the

18

# RhodeCode Enterprise Edition, including its added features, Support services,

18

# RhodeCode Enterprise Edition, including its added features, Support services,

19

# and proprietary license terms, please see https://rhodecode.com/licenses/

19

# and proprietary license terms, please see https://rhodecode.com/licenses/

20

21

"""

21

"""

22

Users crud controller for pylons

22

Users crud controller for pylons

23

"""

23

"""

24

25

import logging

25

import logging

26

import formencode

26

import formencode

27

28

from formencode import htmlfill

28

from formencode import htmlfill

29

from pylons import request, tmpl_context as c, url, config

29

from pylons import request, tmpl_context as c, url, config

30

from pylons.controllers.util import redirect

30

from pylons.controllers.util import redirect

31

from pylons.i18n.translation import _

31

from pylons.i18n.translation import _

32

33

from rhodecode.authentication.plugins import auth_rhodecode

33

from rhodecode.authentication.plugins import auth_rhodecode

34

from rhodecode.lib.exceptions import (

34

from rhodecode.lib.exceptions import (

35

DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,

35

DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,

36

UserOwnsUserGroupsException, UserCreationError)

36

UserOwnsUserGroupsException, UserCreationError)

37

from rhodecode.lib import helpers as h

37

from rhodecode.lib import helpers as h

38

from rhodecode.lib import auth

38

from rhodecode.lib import auth

39

from rhodecode.lib.auth import (

39

from rhodecode.lib.auth import (

40

LoginRequired, HasPermissionAllDecorator, AuthUser, generate_auth_token)

40

LoginRequired, HasPermissionAllDecorator, AuthUser, generate_auth_token)

41

from rhodecode.lib.base import BaseController, render

41

from rhodecode.lib.base import BaseController, render

42

from rhodecode.model.auth_token import AuthTokenModel

42

from rhodecode.model.auth_token import AuthTokenModel

43

44

from rhodecode.model.db import (

44

from rhodecode.model.db import (

45

PullRequestReviewers, User, UserEmailMap, UserIpMap, RepoGroup)

45

PullRequestReviewers, User, UserEmailMap, UserIpMap, RepoGroup)

46

from rhodecode.model.forms import (

46

from rhodecode.model.forms import (

47

UserForm, UserPermissionsForm, UserIndividualPermissionsForm)

47

UserForm, UserPermissionsForm, UserIndividualPermissionsForm)

48

from rhodecode.model.repo_group import RepoGroupModel

48

from rhodecode.model.repo_group import RepoGroupModel

49

from rhodecode.model.user import UserModel

49

from rhodecode.model.user import UserModel

50

from rhodecode.model.meta import Session

50

from rhodecode.model.meta import Session

51

from rhodecode.model.permission import PermissionModel

51

from rhodecode.model.permission import PermissionModel

52

from rhodecode.lib.utils import action_logger

52

from rhodecode.lib.utils import action_logger

53

from rhodecode.lib.utils2 import datetime_to_time, safe_int, AttributeDict

53

from rhodecode.lib.utils2 import datetime_to_time, safe_int, AttributeDict

54

55

log = logging.getLogger(__name__)

55

log = logging.getLogger(__name__)

56

57

58

class UsersController(BaseController):

58

class UsersController(BaseController):

59

"""REST Controller styled on the Atom Publishing Protocol"""

59

"""REST Controller styled on the Atom Publishing Protocol"""

60

61

@LoginRequired()

61

@LoginRequired()

62

def __before__(self):

62

def __before__(self):

63

super(UsersController, self).__before__()

63

super(UsersController, self).__before__()

64

c.available_permissions = config['available_permissions']

64

c.available_permissions = config['available_permissions']

65

c.allowed_languages = [

65

c.allowed_languages = [

66

('en', 'English (en)'),

66

('en', 'English (en)'),

67

('de', 'German (de)'),

67

('de', 'German (de)'),

68

('fr', 'French (fr)'),

68

('fr', 'French (fr)'),

69

('it', 'Italian (it)'),

69

('it', 'Italian (it)'),

70

('ja', 'Japanese (ja)'),

70

('ja', 'Japanese (ja)'),

71

('pl', 'Polish (pl)'),

71

('pl', 'Polish (pl)'),

72

('pt', 'Portuguese (pt)'),

72

('pt', 'Portuguese (pt)'),

73

('ru', 'Russian (ru)'),

73

('ru', 'Russian (ru)'),

74

('zh', 'Chinese (zh)'),

74

('zh', 'Chinese (zh)'),

75

]

75

]

76

PermissionModel().set_global_permission_choices(c, gettext_translator=_)

76

PermissionModel().set_global_permission_choices(c, gettext_translator=_)

77

78

def _get_personal_repo_group_template_vars(self):

78

def _get_personal_repo_group_template_vars(self):

79

DummyUser = AttributeDict({

79

DummyUser = AttributeDict({

80

'username': '${username}',

80

'username': '${username}',

81

'user_id': '${user_id}',

81

'user_id': '${user_id}',

82

})

82

})

83

c.default_create_repo_group = RepoGroupModel() \

83

c.default_create_repo_group = RepoGroupModel() \

84

.get_default_create_personal_repo_group()

84

.get_default_create_personal_repo_group()

85

c.personal_repo_group_name = RepoGroupModel() \

85

c.personal_repo_group_name = RepoGroupModel() \

86

.get_personal_group_name(DummyUser)

86

.get_personal_group_name(DummyUser)

87

88

@HasPermissionAllDecorator('hg.admin')

88

@HasPermissionAllDecorator('hg.admin')

89

@auth.CSRFRequired()

89

@auth.CSRFRequired()

90

def create(self):

90

def create(self):

91

"""POST /users: Create a new item"""

91

"""POST /users: Create a new item"""

92

c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name

92

c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name

93

user_model = UserModel()

93

user_model = UserModel()

94

user_form = UserForm()()

94

user_form = UserForm()()

95

try:

95

try:

96

form_result = user_form.to_python(dict(request.POST))

96

form_result = user_form.to_python(dict(request.POST))

97

user = user_model.create(form_result)

97

user = user_model.create(form_result)

98

Session().flush()

98

Session().flush()

99

username = form_result['username']

99

username = form_result['username']

100

action_logger(c.rhodecode_user, 'admin_created_user:%s' % username,

100

action_logger(c.rhodecode_user, 'admin_created_user:%s' % username,

101

None, self.ip_addr, self.sa)

101

None, self.ip_addr, self.sa)

102

103

user_link = h.link_to(h.escape(username),

103

user_link = h.link_to(h.escape(username),

104

url('edit_user',

104

url('edit_user',

105

user_id=user.user_id))

105

user_id=user.user_id))

106

h.flash(h.literal(_('Created user %(user_link)s')

106

h.flash(h.literal(_('Created user %(user_link)s')

107

% {'user_link': user_link}), category='success')

107

% {'user_link': user_link}), category='success')

108

Session().commit()

108

Session().commit()

109

except formencode.Invalid as errors:

109

except formencode.Invalid as errors:

110

self._get_personal_repo_group_template_vars()

110

self._get_personal_repo_group_template_vars()

111

return htmlfill.render(

111

return htmlfill.render(

112

render('admin/users/user_add.mako'),

112

render('admin/users/user_add.mako'),

113

defaults=errors.value,

113

defaults=errors.value,

114

errors=errors.error_dict or {},

114

errors=errors.error_dict or {},

115

prefix_error=False,

115

prefix_error=False,

116

encoding="UTF-8",

116

encoding="UTF-8",

117

force_defaults=False)

117

force_defaults=False)

118

except UserCreationError as e:

118

except UserCreationError as e:

119

h.flash(e, 'error')

119

h.flash(e, 'error')

120

except Exception:

120

except Exception:

121

log.exception("Exception creation of user")

121

log.exception("Exception creation of user")

122

h.flash(_('Error occurred during creation of user %s')

122

h.flash(_('Error occurred during creation of user %s')

123

% request.POST.get('username'), category='error')

123

% request.POST.get('username'), category='error')

124

return redirect(h.route_path('users'))

124

return redirect(h.route_path('users'))

125

126

@HasPermissionAllDecorator('hg.admin')

126

@HasPermissionAllDecorator('hg.admin')

127

def new(self):

127

def new(self):

128

"""GET /users/new: Form to create a new item"""

128

"""GET /users/new: Form to create a new item"""

129

# url('new_user')

129

# url('new_user')

130

c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name

130

c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name

131

self._get_personal_repo_group_template_vars()

131

self._get_personal_repo_group_template_vars()

132

return render('admin/users/user_add.mako')

132

return render('admin/users/user_add.mako')

133

134

@HasPermissionAllDecorator('hg.admin')

134

@HasPermissionAllDecorator('hg.admin')

135

@auth.CSRFRequired()

135

@auth.CSRFRequired()

136

def update(self, user_id):

136

def update(self, user_id):

137

"""PUT /users/user_id: Update an existing item"""

137

"""PUT /users/user_id: Update an existing item"""

138

# Forms posted to this method should contain a hidden field:

138

# Forms posted to this method should contain a hidden field:

139

# <input type="hidden" name="_method" value="PUT" />

139

# <input type="hidden" name="_method" value="PUT" />

140

# Or using helpers:

140

# Or using helpers:

141

# h.form(url('update_user', user_id=ID),

141

# h.form(url('update_user', user_id=ID),

142

# method='put')

142

# method='put')

143

# url('user', user_id=ID)

143

# url('user', user_id=ID)

144

user_id = safe_int(user_id)

144

user_id = safe_int(user_id)

145

c.user = User.get_or_404(user_id)

145

c.user = User.get_or_404(user_id)

146

c.active = 'profile'

146

c.active = 'profile'

147

c.extern_type = c.user.extern_type

147

c.extern_type = c.user.extern_type

148

c.extern_name = c.user.extern_name

148

c.extern_name = c.user.extern_name

149

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

149

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

150

available_languages = [x[0] for x in c.allowed_languages]

150

available_languages = [x[0] for x in c.allowed_languages]

151

_form = UserForm(edit=True, available_languages=available_languages,

151

_form = UserForm(edit=True, available_languages=available_languages,

152

old_data={'user_id': user_id,

152

old_data={'user_id': user_id,

153

'email': c.user.email})()

153

'email': c.user.email})()

154

form_result = {}

154

form_result = {}

155

try:

155

try:

156

form_result = _form.to_python(dict(request.POST))

156

form_result = _form.to_python(dict(request.POST))

157

skip_attrs = ['extern_type', 'extern_name']

157

skip_attrs = ['extern_type', 'extern_name']

158

# TODO: plugin should define if username can be updated

158

# TODO: plugin should define if username can be updated

159

if c.extern_type != "rhodecode":

159

if c.extern_type != "rhodecode":

160

# forbid updating username for external accounts

160

# forbid updating username for external accounts

161

skip_attrs.append('username')

161

skip_attrs.append('username')

162

163

UserModel().update_user(user_id, skip_attrs=skip_attrs, **form_result)

163

UserModel().update_user(user_id, skip_attrs=skip_attrs, **form_result)

164

usr = form_result['username']

164

usr = form_result['username']

165

action_logger(c.rhodecode_user, 'admin_updated_user:%s' % usr,

165

action_logger(c.rhodecode_user, 'admin_updated_user:%s' % usr,

166

None, self.ip_addr, self.sa)

166

None, self.ip_addr, self.sa)

167

h.flash(_('User updated successfully'), category='success')

167

h.flash(_('User updated successfully'), category='success')

168

Session().commit()

168

Session().commit()

169

except formencode.Invalid as errors:

169

except formencode.Invalid as errors:

170

defaults = errors.value

170

defaults = errors.value

171

e = errors.error_dict or {}

171

e = errors.error_dict or {}

172

173

return htmlfill.render(

173

return htmlfill.render(

174

render('admin/users/user_edit.mako'),

174

render('admin/users/user_edit.mako'),

175

defaults=defaults,

175

defaults=defaults,

176

errors=e,

176

errors=e,

177

prefix_error=False,

177

prefix_error=False,

178

encoding="UTF-8",

178

encoding="UTF-8",

179

force_defaults=False)

179

force_defaults=False)

180

except UserCreationError as e:

180

except UserCreationError as e:

181

h.flash(e, 'error')

181

h.flash(e, 'error')

182

except Exception:

182

except Exception:

183

log.exception("Exception updating user")

183

log.exception("Exception updating user")

184

h.flash(_('Error occurred during update of user %s')

184

h.flash(_('Error occurred during update of user %s')

185

% form_result.get('username'), category='error')

185

% form_result.get('username'), category='error')

186

return redirect(url('edit_user', user_id=user_id))

186

return redirect(url('edit_user', user_id=user_id))

187

188

@HasPermissionAllDecorator('hg.admin')

188

@HasPermissionAllDecorator('hg.admin')

189

@auth.CSRFRequired()

189

@auth.CSRFRequired()

190

def delete(self, user_id):

190

def delete(self, user_id):

191

"""DELETE /users/user_id: Delete an existing item"""

191

"""DELETE /users/user_id: Delete an existing item"""

192

# Forms posted to this method should contain a hidden field:

192

# Forms posted to this method should contain a hidden field:

193

# <input type="hidden" name="_method" value="DELETE" />

193

# <input type="hidden" name="_method" value="DELETE" />

194

# Or using helpers:

194

# Or using helpers:

195

# h.form(url('delete_user', user_id=ID),

195

# h.form(url('delete_user', user_id=ID),

196

# method='delete')

196

# method='delete')

197

# url('user', user_id=ID)

197

# url('user', user_id=ID)

198

user_id = safe_int(user_id)

198

user_id = safe_int(user_id)

199

c.user = User.get_or_404(user_id)

199

c.user = User.get_or_404(user_id)

200

201

_repos = c.user.repositories

201

_repos = c.user.repositories

202

_repo_groups = c.user.repository_groups

202

_repo_groups = c.user.repository_groups

203

_user_groups = c.user.user_groups

203

_user_groups = c.user.user_groups

204

205

handle_repos = None

205

handle_repos = None

206

handle_repo_groups = None

206

handle_repo_groups = None

207

handle_user_groups = None

207

handle_user_groups = None

208

# dummy call for flash of handle

208

# dummy call for flash of handle

209

set_handle_flash_repos = lambda: None

209

set_handle_flash_repos = lambda: None

210

set_handle_flash_repo_groups = lambda: None

210

set_handle_flash_repo_groups = lambda: None

211

set_handle_flash_user_groups = lambda: None

211

set_handle_flash_user_groups = lambda: None

212

213

if _repos and request.POST.get('user_repos'):

213

if _repos and request.POST.get('user_repos'):

214

do = request.POST['user_repos']

214

do = request.POST['user_repos']

215

if do == 'detach':

215

if do == 'detach':

216

handle_repos = 'detach'

216

handle_repos = 'detach'

217

set_handle_flash_repos = lambda: h.flash(

217

set_handle_flash_repos = lambda: h.flash(

218

_('Detached %s repositories') % len(_repos),

218

_('Detached %s repositories') % len(_repos),

219

category='success')

219

category='success')

220

elif do == 'delete':

220

elif do == 'delete':

221

handle_repos = 'delete'

221

handle_repos = 'delete'

222

set_handle_flash_repos = lambda: h.flash(

222

set_handle_flash_repos = lambda: h.flash(

223

_('Deleted %s repositories') % len(_repos),

223

_('Deleted %s repositories') % len(_repos),

224

category='success')

224

category='success')

225

226

if _repo_groups and request.POST.get('user_repo_groups'):

226

if _repo_groups and request.POST.get('user_repo_groups'):

227

do = request.POST['user_repo_groups']

227

do = request.POST['user_repo_groups']

228

if do == 'detach':

228

if do == 'detach':

229

handle_repo_groups = 'detach'

229

handle_repo_groups = 'detach'

230

set_handle_flash_repo_groups = lambda: h.flash(

230

set_handle_flash_repo_groups = lambda: h.flash(

231

_('Detached %s repository groups') % len(_repo_groups),

231

_('Detached %s repository groups') % len(_repo_groups),

232

category='success')

232

category='success')

233

elif do == 'delete':

233

elif do == 'delete':

234

handle_repo_groups = 'delete'

234

handle_repo_groups = 'delete'

235

set_handle_flash_repo_groups = lambda: h.flash(

235

set_handle_flash_repo_groups = lambda: h.flash(

236

_('Deleted %s repository groups') % len(_repo_groups),

236

_('Deleted %s repository groups') % len(_repo_groups),

237

category='success')

237

category='success')

238

239

if _user_groups and request.POST.get('user_user_groups'):

239

if _user_groups and request.POST.get('user_user_groups'):

240

do = request.POST['user_user_groups']

240

do = request.POST['user_user_groups']

241

if do == 'detach':

241

if do == 'detach':

242

handle_user_groups = 'detach'

242

handle_user_groups = 'detach'

243

set_handle_flash_user_groups = lambda: h.flash(

243

set_handle_flash_user_groups = lambda: h.flash(

244

_('Detached %s user groups') % len(_user_groups),

244

_('Detached %s user groups') % len(_user_groups),

245

category='success')

245

category='success')

246

elif do == 'delete':

246

elif do == 'delete':

247

handle_user_groups = 'delete'

247

handle_user_groups = 'delete'

248

set_handle_flash_user_groups = lambda: h.flash(

248

set_handle_flash_user_groups = lambda: h.flash(

249

_('Deleted %s user groups') % len(_user_groups),

249

_('Deleted %s user groups') % len(_user_groups),

250

category='success')

250

category='success')

251

252

try:

252

try:

253

UserModel().delete(c.user, handle_repos=handle_repos,

253

UserModel().delete(c.user, handle_repos=handle_repos,

254

handle_repo_groups=handle_repo_groups,

254

handle_repo_groups=handle_repo_groups,

255

handle_user_groups=handle_user_groups)

255

handle_user_groups=handle_user_groups)

256

Session().commit()

256

Session().commit()

257

set_handle_flash_repos()

257

set_handle_flash_repos()

258

set_handle_flash_repo_groups()

258

set_handle_flash_repo_groups()

259

set_handle_flash_user_groups()

259

set_handle_flash_user_groups()

260

h.flash(_('Successfully deleted user'), category='success')

260

h.flash(_('Successfully deleted user'), category='success')

261

except (UserOwnsReposException, UserOwnsRepoGroupsException,

261

except (UserOwnsReposException, UserOwnsRepoGroupsException,

262

UserOwnsUserGroupsException, DefaultUserException) as e:

262

UserOwnsUserGroupsException, DefaultUserException) as e:

263

h.flash(e, category='warning')

263

h.flash(e, category='warning')

264

except Exception:

264

except Exception:

265

log.exception("Exception during deletion of user")

265

log.exception("Exception during deletion of user")

266

h.flash(_('An error occurred during deletion of user'),

266

h.flash(_('An error occurred during deletion of user'),

267

category='error')

267

category='error')

268

return redirect(h.route_path('users'))

268

return redirect(h.route_path('users'))

269

270

@HasPermissionAllDecorator('hg.admin')

270

@HasPermissionAllDecorator('hg.admin')

271

@auth.CSRFRequired()

271

@auth.CSRFRequired()

272

def reset_password(self, user_id):

272

def reset_password(self, user_id):

273

"""

273

"""

274

toggle reset password flag for this user

274

toggle reset password flag for this user

275

276

:param user_id:

276

:param user_id:

277

"""

277

"""

278

user_id = safe_int(user_id)

278

user_id = safe_int(user_id)

279

c.user = User.get_or_404(user_id)

279

c.user = User.get_or_404(user_id)

280

try:

280

try:

281

old_value = c.user.user_data.get('force_password_change')

281

old_value = c.user.user_data.get('force_password_change')

282

c.user.update_userdata(force_password_change=not old_value)

282

c.user.update_userdata(force_password_change=not old_value)

283

Session().commit()

283

Session().commit()

284

if old_value:

284

if old_value:

285

msg = _('Force password change disabled for user')

285

msg = _('Force password change disabled for user')

286

else:

286

else:

287

msg = _('Force password change enabled for user')

287

msg = _('Force password change enabled for user')

288

h.flash(msg, category='success')

288

h.flash(msg, category='success')

289

except Exception:

289

except Exception:

290

log.exception("Exception during password reset for user")

290

log.exception("Exception during password reset for user")

291

h.flash(_('An error occurred during password reset for user'),

291

h.flash(_('An error occurred during password reset for user'),

292

category='error')

292

category='error')

293

294

return redirect(url('edit_user_advanced', user_id=user_id))

294

return redirect(url('edit_user_advanced', user_id=user_id))

295

296

@HasPermissionAllDecorator('hg.admin')

296

@HasPermissionAllDecorator('hg.admin')

297

@auth.CSRFRequired()

297

@auth.CSRFRequired()

298

def create_personal_repo_group(self, user_id):

298

def create_personal_repo_group(self, user_id):

299

"""

299

"""

300

Create personal repository group for this user

300

Create personal repository group for this user

301

302

:param user_id:

302

:param user_id:

303

"""

303

"""

304

from rhodecode.model.repo_group import RepoGroupModel

304

from rhodecode.model.repo_group import RepoGroupModel

305

306

user_id = safe_int(user_id)

306

user_id = safe_int(user_id)

307

c.user = User.get_or_404(user_id)

307

c.user = User.get_or_404(user_id)

308

personal_repo_group = RepoGroup.get_user_personal_repo_group(

308

personal_repo_group = RepoGroup.get_user_personal_repo_group(

309

c.user.user_id)

309

c.user.user_id)

310

if personal_repo_group:

310

if personal_repo_group:

311

return redirect(url('edit_user_advanced', user_id=user_id))

311

return redirect(url('edit_user_advanced', user_id=user_id))

312

313

personal_repo_group_name = RepoGroupModel().get_personal_group_name(

313

personal_repo_group_name = RepoGroupModel().get_personal_group_name(

314

c.user)

314

c.user)

315

named_personal_group = RepoGroup.get_by_group_name(

315

named_personal_group = RepoGroup.get_by_group_name(

316

personal_repo_group_name)

316

personal_repo_group_name)

317

try:

317

try:

318

319

if named_personal_group and named_personal_group.user_id == c.user.user_id:

319

if named_personal_group and named_personal_group.user_id == c.user.user_id:

320

# migrate the same named group, and mark it as personal

320

# migrate the same named group, and mark it as personal

321

named_personal_group.personal = True

321

named_personal_group.personal = True

322

Session().add(named_personal_group)

322

Session().add(named_personal_group)

323

Session().commit()

323

Session().commit()

324

msg = _('Linked repository group `%s` as personal' % (

324

msg = _('Linked repository group `%s` as personal' % (

325

personal_repo_group_name,))

325

personal_repo_group_name,))

326

h.flash(msg, category='success')

326

h.flash(msg, category='success')

327

elif not named_personal_group:

327

elif not named_personal_group:

328

RepoGroupModel().create_personal_repo_group(c.user)

328

RepoGroupModel().create_personal_repo_group(c.user)

329

330

msg = _('Created repository group `%s`' % (

330

msg = _('Created repository group `%s`' % (

331

personal_repo_group_name,))

331

personal_repo_group_name,))

332

h.flash(msg, category='success')

332

h.flash(msg, category='success')

333

else:

333

else:

334

msg = _('Repository group `%s` is already taken' % (

334

msg = _('Repository group `%s` is already taken' % (

335

personal_repo_group_name,))

335

personal_repo_group_name,))

336

h.flash(msg, category='warning')

336

h.flash(msg, category='warning')

337

except Exception:

337

except Exception:

338

log.exception("Exception during repository group creation")

338

log.exception("Exception during repository group creation")

339

msg = _(

339

msg = _(

340

'An error occurred during repository group creation for user')

340

'An error occurred during repository group creation for user')

341

h.flash(msg, category='error')

341

h.flash(msg, category='error')

342

Session().rollback()

342

Session().rollback()

343

344

return redirect(url('edit_user_advanced', user_id=user_id))

344

return redirect(url('edit_user_advanced', user_id=user_id))

345

346

@HasPermissionAllDecorator('hg.admin')

346

@HasPermissionAllDecorator('hg.admin')

347

def show(self, user_id):

347

def show(self, user_id):

348

"""GET /users/user_id: Show a specific item"""

348

"""GET /users/user_id: Show a specific item"""

349

# url('user', user_id=ID)

349

# url('user', user_id=ID)

350

User.get_or_404(-1)

350

User.get_or_404(-1)

351

352

@HasPermissionAllDecorator('hg.admin')

352

@HasPermissionAllDecorator('hg.admin')

353

def edit(self, user_id):

353

def edit(self, user_id):

354

"""GET /users/user_id/edit: Form to edit an existing item"""

354

"""GET /users/user_id/edit: Form to edit an existing item"""

355

# url('edit_user', user_id=ID)

355

# url('edit_user', user_id=ID)

356

user_id = safe_int(user_id)

356

user_id = safe_int(user_id)

357

c.user = User.get_or_404(user_id)

357

c.user = User.get_or_404(user_id)

358

if c.user.username == User.DEFAULT_USER:

358

if c.user.username == User.DEFAULT_USER:

359

h.flash(_("You can't edit this user"), category='warning')

359

h.flash(_("You can't edit this user"), category='warning')

360

return redirect(h.route_path('users'))

360

return redirect(h.route_path('users'))

361

362

c.active = 'profile'

362

c.active = 'profile'

363

c.extern_type = c.user.extern_type

363

c.extern_type = c.user.extern_type

364

c.extern_name = c.user.extern_name

364

c.extern_name = c.user.extern_name

365

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

365

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

366

367

defaults = c.user.get_dict()

367

defaults = c.user.get_dict()

368

defaults.update({'language': c.user.user_data.get('language')})

368

defaults.update({'language': c.user.user_data.get('language')})

369

return htmlfill.render(

369

return htmlfill.render(

370

render('admin/users/user_edit.mako'),

370

render('admin/users/user_edit.mako'),

371

defaults=defaults,

371

defaults=defaults,

372

encoding="UTF-8",

372

encoding="UTF-8",

373

force_defaults=False)

373

force_defaults=False)

374

375

@HasPermissionAllDecorator('hg.admin')

375

@HasPermissionAllDecorator('hg.admin')

376

def edit_advanced(self, user_id):

376

def edit_advanced(self, user_id):

377

user_id = safe_int(user_id)

377

user_id = safe_int(user_id)

378

user = c.user = User.get_or_404(user_id)

378

user = c.user = User.get_or_404(user_id)

379

if user.username == User.DEFAULT_USER:

379

if user.username == User.DEFAULT_USER:

380

h.flash(_("You can't edit this user"), category='warning')

380

h.flash(_("You can't edit this user"), category='warning')

381

return redirect(h.route_path('users'))

381

return redirect(h.route_path('users'))

382

383

c.active = 'advanced'

383

c.active = 'advanced'

384

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

384

c.personal_repo_group = RepoGroup.get_user_personal_repo_group(user_id)

385

c.personal_repo_group = c.perm_user.personal_repo_group

386

c.personal_repo_group_name = RepoGroupModel()\

385

c.personal_repo_group_name = RepoGroupModel()\

387

.get_personal_group_name(user)

386

.get_personal_group_name(user)

388

c.first_admin = User.get_first_super_admin()

387

c.first_admin = User.get_first_super_admin()

389

defaults = user.get_dict()

388

defaults = user.get_dict()

390

389

391

# Interim workaround if the user participated on any pull requests as a

390

# Interim workaround if the user participated on any pull requests as a

392

# reviewer.

391

# reviewer.

393

has_review = bool(PullRequestReviewers.query().filter(

392

has_review = bool(PullRequestReviewers.query().filter(

394

PullRequestReviewers.user_id == user_id).first())

393

PullRequestReviewers.user_id == user_id).first())

395

c.can_delete_user = not has_review

394

c.can_delete_user = not has_review

396

c.can_delete_user_message = _(

395

c.can_delete_user_message = _(

397

'The user participates as reviewer in pull requests and '

396

'The user participates as reviewer in pull requests and '

398

'cannot be deleted. You can set the user to '

397

'cannot be deleted. You can set the user to '

399

'"inactive" instead of deleting it.') if has_review else ''

398

'"inactive" instead of deleting it.') if has_review else ''

400

399

401

return htmlfill.render(

400

return htmlfill.render(

402

render('admin/users/user_edit.mako'),

401

render('admin/users/user_edit.mako'),

403

defaults=defaults,

402

defaults=defaults,

404

encoding="UTF-8",

403

encoding="UTF-8",

405

force_defaults=False)

404

force_defaults=False)

406

405

407

@HasPermissionAllDecorator('hg.admin')

406

@HasPermissionAllDecorator('hg.admin')

408

def edit_global_perms(self, user_id):

407

def edit_global_perms(self, user_id):

409

user_id = safe_int(user_id)

408

user_id = safe_int(user_id)

410

c.user = User.get_or_404(user_id)

409

c.user = User.get_or_404(user_id)

411

if c.user.username == User.DEFAULT_USER:

410

if c.user.username == User.DEFAULT_USER:

412

h.flash(_("You can't edit this user"), category='warning')

411

h.flash(_("You can't edit this user"), category='warning')

413

return redirect(h.route_path('users'))

412

return redirect(h.route_path('users'))

414

413

415

c.active = 'global_perms'

414

c.active = 'global_perms'

416

415

417

c.default_user = User.get_default_user()

416

c.default_user = User.get_default_user()

418

defaults = c.user.get_dict()

417

defaults = c.user.get_dict()

419

defaults.update(c.default_user.get_default_perms(suffix='_inherited'))

418

defaults.update(c.default_user.get_default_perms(suffix='_inherited'))

420

defaults.update(c.default_user.get_default_perms())

419

defaults.update(c.default_user.get_default_perms())

421

defaults.update(c.user.get_default_perms())

420

defaults.update(c.user.get_default_perms())

422

421

423

return htmlfill.render(

422

return htmlfill.render(

424

render('admin/users/user_edit.mako'),

423

render('admin/users/user_edit.mako'),

425

defaults=defaults,

424

defaults=defaults,

426

encoding="UTF-8",

425

encoding="UTF-8",

427

force_defaults=False)

426

force_defaults=False)

428

427

429

@HasPermissionAllDecorator('hg.admin')

428

@HasPermissionAllDecorator('hg.admin')

430

@auth.CSRFRequired()

429

@auth.CSRFRequired()

431

def update_global_perms(self, user_id):

430

def update_global_perms(self, user_id):

432

"""PUT /users_perm/user_id: Update an existing item"""

431

"""PUT /users_perm/user_id: Update an existing item"""

433

# url('user_perm', user_id=ID, method='put')

432

# url('user_perm', user_id=ID, method='put')

434

user_id = safe_int(user_id)

433

user_id = safe_int(user_id)

435

user = User.get_or_404(user_id)

434

user = User.get_or_404(user_id)

436

c.active = 'global_perms'

435

c.active = 'global_perms'

437

try:

436

try:

438

# first stage that verifies the checkbox

437

# first stage that verifies the checkbox

439

_form = UserIndividualPermissionsForm()

438

_form = UserIndividualPermissionsForm()

440

form_result = _form.to_python(dict(request.POST))

439

form_result = _form.to_python(dict(request.POST))

441

inherit_perms = form_result['inherit_default_permissions']

440

inherit_perms = form_result['inherit_default_permissions']

442

user.inherit_default_permissions = inherit_perms

441

user.inherit_default_permissions = inherit_perms

443

Session().add(user)

442

Session().add(user)

444

443

445

if not inherit_perms:

444

if not inherit_perms:

446

# only update the individual ones if we un check the flag

445

# only update the individual ones if we un check the flag

447

_form = UserPermissionsForm(

446

_form = UserPermissionsForm(

448

[x[0] for x in c.repo_create_choices],

447

[x[0] for x in c.repo_create_choices],

449

[x[0] for x in c.repo_create_on_write_choices],

448

[x[0] for x in c.repo_create_on_write_choices],

450

[x[0] for x in c.repo_group_create_choices],

449

[x[0] for x in c.repo_group_create_choices],

451

[x[0] for x in c.user_group_create_choices],

450

[x[0] for x in c.user_group_create_choices],

452

[x[0] for x in c.fork_choices],

451

[x[0] for x in c.fork_choices],

453

[x[0] for x in c.inherit_default_permission_choices])()

452

[x[0] for x in c.inherit_default_permission_choices])()

454

453

455

form_result = _form.to_python(dict(request.POST))

454

form_result = _form.to_python(dict(request.POST))

456

form_result.update({'perm_user_id': user.user_id})

455

form_result.update({'perm_user_id': user.user_id})

457

456

458

PermissionModel().update_user_permissions(form_result)

457

PermissionModel().update_user_permissions(form_result)

459

458

460

Session().commit()

459

Session().commit()

461

h.flash(_('User global permissions updated successfully'),

460

h.flash(_('User global permissions updated successfully'),

462

category='success')

461

category='success')

463

462

464

Session().commit()

463

Session().commit()

465

except formencode.Invalid as errors:

464

except formencode.Invalid as errors:

466

defaults = errors.value

465

defaults = errors.value

467

c.user = user

466

c.user = user

468

return htmlfill.render(

467

return htmlfill.render(

469

render('admin/users/user_edit.mako'),

468

render('admin/users/user_edit.mako'),

470

defaults=defaults,

469

defaults=defaults,

471

errors=errors.error_dict or {},

470

errors=errors.error_dict or {},

472

prefix_error=False,

471

prefix_error=False,

473

encoding="UTF-8",

472

encoding="UTF-8",

474

force_defaults=False)

473

force_defaults=False)

475

except Exception:

474

except Exception:

476

log.exception("Exception during permissions saving")

475

log.exception("Exception during permissions saving")

477

h.flash(_('An error occurred during permissions saving'),

476

h.flash(_('An error occurred during permissions saving'),

478

category='error')

477

category='error')

479

return redirect(url('edit_user_global_perms', user_id=user_id))

478

return redirect(url('edit_user_global_perms', user_id=user_id))

480

479

481

@HasPermissionAllDecorator('hg.admin')

480

@HasPermissionAllDecorator('hg.admin')

482

def edit_perms_summary(self, user_id):

481

def edit_perms_summary(self, user_id):

483

user_id = safe_int(user_id)

482

user_id = safe_int(user_id)

484

c.user = User.get_or_404(user_id)

483

c.user = User.get_or_404(user_id)

485

if c.user.username == User.DEFAULT_USER:

484

if c.user.username == User.DEFAULT_USER:

486

h.flash(_("You can't edit this user"), category='warning')

485

h.flash(_("You can't edit this user"), category='warning')

487

return redirect(h.route_path('users'))

486

return redirect(h.route_path('users'))

488

487

489

c.active = 'perms_summary'

488

c.active = 'perms_summary'

490

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

489

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

491

490

492

return render('admin/users/user_edit.mako')

491

return render('admin/users/user_edit.mako')

493

492

494

@HasPermissionAllDecorator('hg.admin')

493

@HasPermissionAllDecorator('hg.admin')

495

def edit_emails(self, user_id):

494

def edit_emails(self, user_id):

496

user_id = safe_int(user_id)

495

user_id = safe_int(user_id)

497

c.user = User.get_or_404(user_id)

496

c.user = User.get_or_404(user_id)

498

if c.user.username == User.DEFAULT_USER:

497

if c.user.username == User.DEFAULT_USER:

499

h.flash(_("You can't edit this user"), category='warning')

498

h.flash(_("You can't edit this user"), category='warning')

500

return redirect(h.route_path('users'))

499

return redirect(h.route_path('users'))

501

500

502

c.active = 'emails'

501

c.active = 'emails'

503

c.user_email_map = UserEmailMap.query() \

502

c.user_email_map = UserEmailMap.query() \

504

.filter(UserEmailMap.user == c.user).all()

503

.filter(UserEmailMap.user == c.user).all()

505

504

506

defaults = c.user.get_dict()

505

defaults = c.user.get_dict()

507

return htmlfill.render(

506

return htmlfill.render(

508

render('admin/users/user_edit.mako'),

507

render('admin/users/user_edit.mako'),

509

defaults=defaults,

508

defaults=defaults,

510

encoding="UTF-8",

509

encoding="UTF-8",

511

force_defaults=False)

510

force_defaults=False)

512

511

513

@HasPermissionAllDecorator('hg.admin')

512

@HasPermissionAllDecorator('hg.admin')

514

@auth.CSRFRequired()

513

@auth.CSRFRequired()

515

def add_email(self, user_id):

514

def add_email(self, user_id):

516

"""POST /user_emails:Add an existing item"""

515

"""POST /user_emails:Add an existing item"""

517

# url('user_emails', user_id=ID, method='put')

516

# url('user_emails', user_id=ID, method='put')

518

user_id = safe_int(user_id)

517

user_id = safe_int(user_id)

519

c.user = User.get_or_404(user_id)

518

c.user = User.get_or_404(user_id)

520

519

521

email = request.POST.get('new_email')

520

email = request.POST.get('new_email')

522

user_model = UserModel()

521

user_model = UserModel()

523

522

524

try:

523

try:

525

user_model.add_extra_email(user_id, email)

524

user_model.add_extra_email(user_id, email)

526

Session().commit()

525

Session().commit()

527

h.flash(_("Added new email address `%s` for user account") % email,

526

h.flash(_("Added new email address `%s` for user account") % email,

528

category='success')

527

category='success')

529

except formencode.Invalid as error:

528

except formencode.Invalid as error:

530

msg = error.error_dict['email']

529

msg = error.error_dict['email']

531

h.flash(msg, category='error')

530

h.flash(msg, category='error')

532

except Exception:

531

except Exception:

533

log.exception("Exception during email saving")

532

log.exception("Exception during email saving")

534

h.flash(_('An error occurred during email saving'),

533

h.flash(_('An error occurred during email saving'),

535

category='error')

534

category='error')

536

return redirect(url('edit_user_emails', user_id=user_id))

535

return redirect(url('edit_user_emails', user_id=user_id))

537

536

538

@HasPermissionAllDecorator('hg.admin')

537

@HasPermissionAllDecorator('hg.admin')

539

@auth.CSRFRequired()

538

@auth.CSRFRequired()

540

def delete_email(self, user_id):

539

def delete_email(self, user_id):

541

"""DELETE /user_emails_delete/user_id: Delete an existing item"""

540

"""DELETE /user_emails_delete/user_id: Delete an existing item"""

542

# url('user_emails_delete', user_id=ID, method='delete')

541

# url('user_emails_delete', user_id=ID, method='delete')

543

user_id = safe_int(user_id)

542

user_id = safe_int(user_id)

544

c.user = User.get_or_404(user_id)

543

c.user = User.get_or_404(user_id)

545

email_id = request.POST.get('del_email_id')

544

email_id = request.POST.get('del_email_id')

546

user_model = UserModel()

545

user_model = UserModel()

547

user_model.delete_extra_email(user_id, email_id)

546

user_model.delete_extra_email(user_id, email_id)

548

Session().commit()

547

Session().commit()

549

h.flash(_("Removed email address from user account"), category='success')

548

h.flash(_("Removed email address from user account"), category='success')

550

return redirect(url('edit_user_emails', user_id=user_id))

549

return redirect(url('edit_user_emails', user_id=user_id))

551

550

552

@HasPermissionAllDecorator('hg.admin')

551

@HasPermissionAllDecorator('hg.admin')

553

def edit_ips(self, user_id):

552

def edit_ips(self, user_id):

554

user_id = safe_int(user_id)

553

user_id = safe_int(user_id)

555

c.user = User.get_or_404(user_id)

554

c.user = User.get_or_404(user_id)

556

if c.user.username == User.DEFAULT_USER:

555

if c.user.username == User.DEFAULT_USER:

557

h.flash(_("You can't edit this user"), category='warning')

556

h.flash(_("You can't edit this user"), category='warning')

558

return redirect(h.route_path('users'))

557

return redirect(h.route_path('users'))

559

558

560

c.active = 'ips'

559

c.active = 'ips'

561

c.user_ip_map = UserIpMap.query() \

560

c.user_ip_map = UserIpMap.query() \

562

.filter(UserIpMap.user == c.user).all()

561

.filter(UserIpMap.user == c.user).all()

563

562

564

c.inherit_default_ips = c.user.inherit_default_permissions

563

c.inherit_default_ips = c.user.inherit_default_permissions

565

c.default_user_ip_map = UserIpMap.query() \

564

c.default_user_ip_map = UserIpMap.query() \

566

.filter(UserIpMap.user == User.get_default_user()).all()

565

.filter(UserIpMap.user == User.get_default_user()).all()

567

566

568

defaults = c.user.get_dict()

567

defaults = c.user.get_dict()

569

return htmlfill.render(

568

return htmlfill.render(

570

render('admin/users/user_edit.mako'),

569

render('admin/users/user_edit.mako'),

571

defaults=defaults,

570

defaults=defaults,

572

encoding="UTF-8",

571

encoding="UTF-8",

573

force_defaults=False)

572

force_defaults=False)

574

573

575

@HasPermissionAllDecorator('hg.admin')

574

@HasPermissionAllDecorator('hg.admin')

576

@auth.CSRFRequired()

575

@auth.CSRFRequired()

577

def add_ip(self, user_id):

576

def add_ip(self, user_id):

578

"""POST /user_ips:Add an existing item"""

577

"""POST /user_ips:Add an existing item"""

579

# url('user_ips', user_id=ID, method='put')

578

# url('user_ips', user_id=ID, method='put')

580

579

581

user_id = safe_int(user_id)

580

user_id = safe_int(user_id)

582

c.user = User.get_or_404(user_id)

581

c.user = User.get_or_404(user_id)

583

user_model = UserModel()

582

user_model = UserModel()

584

try:

583

try:

585

ip_list = user_model.parse_ip_range(request.POST.get('new_ip'))

584

ip_list = user_model.parse_ip_range(request.POST.get('new_ip'))

586

except Exception as e:

585

except Exception as e:

587

ip_list = []

586

ip_list = []

588

log.exception("Exception during ip saving")

587

log.exception("Exception during ip saving")

589

h.flash(_('An error occurred during ip saving:%s' % (e,)),

588

h.flash(_('An error occurred during ip saving:%s' % (e,)),

590

category='error')

589

category='error')

591

590

592

desc = request.POST.get('description')

591

desc = request.POST.get('description')

593

added = []

592

added = []

594

for ip in ip_list:

593

for ip in ip_list:

595

try:

594

try:

596

user_model.add_extra_ip(user_id, ip, desc)

595

user_model.add_extra_ip(user_id, ip, desc)

597

Session().commit()

596

Session().commit()

598

added.append(ip)

597

added.append(ip)

599

except formencode.Invalid as error:

598

except formencode.Invalid as error:

600

msg = error.error_dict['ip']

599

msg = error.error_dict['ip']

601

h.flash(msg, category='error')

600

h.flash(msg, category='error')

602

except Exception:

601

except Exception:

603

log.exception("Exception during ip saving")

602

log.exception("Exception during ip saving")

604

h.flash(_('An error occurred during ip saving'),

603

h.flash(_('An error occurred during ip saving'),

605

category='error')

604

category='error')

606

if added:

605

if added:

607

h.flash(

606

h.flash(

608

_("Added ips %s to user whitelist") % (', '.join(ip_list), ),

607

_("Added ips %s to user whitelist") % (', '.join(ip_list), ),

609

category='success')

608

category='success')

610

if 'default_user' in request.POST:

609

if 'default_user' in request.POST:

611

return redirect(url('admin_permissions_ips'))

610

return redirect(url('admin_permissions_ips'))

612

return redirect(url('edit_user_ips', user_id=user_id))

611

return redirect(url('edit_user_ips', user_id=user_id))

613

612

614

@HasPermissionAllDecorator('hg.admin')

613

@HasPermissionAllDecorator('hg.admin')

615

@auth.CSRFRequired()

614

@auth.CSRFRequired()

616

def delete_ip(self, user_id):

615

def delete_ip(self, user_id):

617

"""DELETE /user_ips_delete/user_id: Delete an existing item"""

616

"""DELETE /user_ips_delete/user_id: Delete an existing item"""

618

# url('user_ips_delete', user_id=ID, method='delete')

617

# url('user_ips_delete', user_id=ID, method='delete')

619

user_id = safe_int(user_id)

618

user_id = safe_int(user_id)

620

c.user = User.get_or_404(user_id)

619

c.user = User.get_or_404(user_id)

621

620

622

ip_id = request.POST.get('del_ip_id')

621

ip_id = request.POST.get('del_ip_id')

623

user_model = UserModel()

622

user_model = UserModel()

624

user_model.delete_extra_ip(user_id, ip_id)

623

user_model.delete_extra_ip(user_id, ip_id)

625

Session().commit()

624

Session().commit()

626

h.flash(_("Removed ip address from user whitelist"), category='success')

625

h.flash(_("Removed ip address from user whitelist"), category='success')

627

626

628

if 'default_user' in request.POST:

627

if 'default_user' in request.POST:

629

return redirect(url('admin_permissions_ips'))

628

return redirect(url('admin_permissions_ips'))

630

return redirect(url('edit_user_ips', user_id=user_id))

629

return redirect(url('edit_user_ips', user_id=user_id))

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Users crud controller for pylons
             """
             import logging
             import formencode
             from formencode import htmlfill
             from pylons import request, tmpl_context as c, url, config
             from pylons.controllers.util import redirect
             from pylons.i18n.translation import _
             from rhodecode.authentication.plugins import auth_rhodecode
             from rhodecode.lib.exceptions import (
                 DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,
                 UserOwnsUserGroupsException, UserCreationError)
             from rhodecode.lib import helpers as h
             from rhodecode.lib import auth
             from rhodecode.lib.auth import (
                 LoginRequired, HasPermissionAllDecorator, AuthUser, generate_auth_token)
             from rhodecode.lib.base import BaseController, render
             from rhodecode.model.auth_token import AuthTokenModel
             from rhodecode.model.db import (
                 PullRequestReviewers, User, UserEmailMap, UserIpMap, RepoGroup)
             from rhodecode.model.forms import (
                 UserForm, UserPermissionsForm, UserIndividualPermissionsForm)
             from rhodecode.model.repo_group import RepoGroupModel
             from rhodecode.model.user import UserModel
             from rhodecode.model.meta import Session
             from rhodecode.model.permission import PermissionModel
             from rhodecode.lib.utils import action_logger
             from rhodecode.lib.utils2 import datetime_to_time, safe_int, AttributeDict
             log = logging.getLogger(__name__)
             class UsersController(BaseController):
                 """REST Controller styled on the Atom Publishing Protocol"""
                 @LoginRequired()
                 def __before__(self):
                     super(UsersController, self).__before__()
                     c.available_permissions = config['available_permissions']
                     c.allowed_languages = [
                         ('en', 'English (en)'),
                         ('de', 'German (de)'),
                         ('fr', 'French (fr)'),
                         ('it', 'Italian (it)'),
                         ('ja', 'Japanese (ja)'),
                         ('pl', 'Polish (pl)'),
                         ('pt', 'Portuguese (pt)'),
                         ('ru', 'Russian (ru)'),
                         ('zh', 'Chinese (zh)'),
                     ]
                     PermissionModel().set_global_permission_choices(c, gettext_translator=_)
                 def _get_personal_repo_group_template_vars(self):
                     DummyUser = AttributeDict({
                         'username': '${username}',
                         'user_id': '${user_id}',
                     })
                     c.default_create_repo_group = RepoGroupModel() \
                         .get_default_create_personal_repo_group()
                     c.personal_repo_group_name = RepoGroupModel() \
                         .get_personal_group_name(DummyUser)
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def create(self):
                     """POST /users: Create a new item"""
                     c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
                     user_model = UserModel()
                     user_form = UserForm()()
                     try:
                         form_result = user_form.to_python(dict(request.POST))
                         user = user_model.create(form_result)
                         Session().flush()
                         username = form_result['username']
                         action_logger(c.rhodecode_user, 'admin_created_user:%s' % username,
                                       None, self.ip_addr, self.sa)
                         user_link = h.link_to(h.escape(username),
                                               url('edit_user',
                                                   user_id=user.user_id))
                         h.flash(h.literal(_('Created user %(user_link)s')
                                           % {'user_link': user_link}), category='success')
                         Session().commit()
                     except formencode.Invalid as errors:
                         self._get_personal_repo_group_template_vars()
                         return htmlfill.render(
                             render('admin/users/user_add.mako'),
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False)
                     except UserCreationError as e:
                         h.flash(e, 'error')
                     except Exception:
                         log.exception("Exception creation of user")
                         h.flash(_('Error occurred during creation of user %s')
                                 % request.POST.get('username'), category='error')
                     return redirect(h.route_path('users'))
                 @HasPermissionAllDecorator('hg.admin')
                 def new(self):
                     """GET /users/new: Form to create a new item"""
                     # url('new_user')
                     c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
                     self._get_personal_repo_group_template_vars()
                     return render('admin/users/user_add.mako')
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def update(self, user_id):
                     """PUT /users/user_id: Update an existing item"""
                     # Forms posted to this method should contain a hidden field:
                     # <input type="hidden" name="_method" value="PUT" />
                     # Or using helpers:
                     #    h.form(url('update_user', user_id=ID),
                     #           method='put')
                     # url('user', user_id=ID)
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     c.active = 'profile'
                     c.extern_type = c.user.extern_type
                     c.extern_name = c.user.extern_name
                     c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
                     available_languages = [x[0] for x in c.allowed_languages]
                     _form = UserForm(edit=True, available_languages=available_languages,
                                      old_data={'user_id': user_id,
                                                'email': c.user.email})()
                     form_result = {}
                     try:
                         form_result = _form.to_python(dict(request.POST))
                         skip_attrs = ['extern_type', 'extern_name']
                         # TODO: plugin should define if username can be updated
                         if c.extern_type != "rhodecode":
                             # forbid updating username for external accounts
                             skip_attrs.append('username')
                         UserModel().update_user(user_id, skip_attrs=skip_attrs, **form_result)
                         usr = form_result['username']
                         action_logger(c.rhodecode_user, 'admin_updated_user:%s' % usr,
                                       None, self.ip_addr, self.sa)
                         h.flash(_('User updated successfully'), category='success')
                         Session().commit()
                     except formencode.Invalid as errors:
                         defaults = errors.value
                         e = errors.error_dict or {}
                         return htmlfill.render(
                             render('admin/users/user_edit.mako'),
                             defaults=defaults,
                             errors=e,
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False)
                     except UserCreationError as e:
                         h.flash(e, 'error')
                     except Exception:
                         log.exception("Exception updating user")
                         h.flash(_('Error occurred during update of user %s')
                                 % form_result.get('username'), category='error')
                     return redirect(url('edit_user', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def delete(self, user_id):
                     """DELETE /users/user_id: Delete an existing item"""
                     # Forms posted to this method should contain a hidden field:
                     # <input type="hidden" name="_method" value="DELETE" />
                     # Or using helpers:
                     #    h.form(url('delete_user', user_id=ID),
                     #           method='delete')
                     # url('user', user_id=ID)
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     _repos = c.user.repositories
                     _repo_groups = c.user.repository_groups
                     _user_groups = c.user.user_groups
                     handle_repos = None
                     handle_repo_groups = None
                     handle_user_groups = None
                     # dummy call for flash of handle
                     set_handle_flash_repos = lambda: None
                     set_handle_flash_repo_groups = lambda: None
                     set_handle_flash_user_groups = lambda: None
                     if _repos and request.POST.get('user_repos'):
                         do = request.POST['user_repos']
                         if do == 'detach':
                             handle_repos = 'detach'
                             set_handle_flash_repos = lambda: h.flash(
                                 _('Detached %s repositories') % len(_repos),
                                 category='success')
                         elif do == 'delete':
                             handle_repos = 'delete'
                             set_handle_flash_repos = lambda: h.flash(
                                 _('Deleted %s repositories') % len(_repos),
                                 category='success')
                     if _repo_groups and request.POST.get('user_repo_groups'):
                         do = request.POST['user_repo_groups']
                         if do == 'detach':
                             handle_repo_groups = 'detach'
                             set_handle_flash_repo_groups = lambda: h.flash(
                                 _('Detached %s repository groups') % len(_repo_groups),
                                 category='success')
                         elif do == 'delete':
                             handle_repo_groups = 'delete'
                             set_handle_flash_repo_groups = lambda: h.flash(
                                 _('Deleted %s repository groups') % len(_repo_groups),
                                 category='success')
                     if _user_groups and request.POST.get('user_user_groups'):
                         do = request.POST['user_user_groups']
                         if do == 'detach':
                             handle_user_groups = 'detach'
                             set_handle_flash_user_groups = lambda: h.flash(
                                 _('Detached %s user groups') % len(_user_groups),
                                 category='success')
                         elif do == 'delete':
                             handle_user_groups = 'delete'
                             set_handle_flash_user_groups = lambda: h.flash(
                                 _('Deleted %s user groups') % len(_user_groups),
                                 category='success')
                     try:
                         UserModel().delete(c.user, handle_repos=handle_repos,
                                            handle_repo_groups=handle_repo_groups,
                                            handle_user_groups=handle_user_groups)
                         Session().commit()
                         set_handle_flash_repos()
                         set_handle_flash_repo_groups()
                         set_handle_flash_user_groups()
                         h.flash(_('Successfully deleted user'), category='success')
                     except (UserOwnsReposException, UserOwnsRepoGroupsException,
                             UserOwnsUserGroupsException, DefaultUserException) as e:
                         h.flash(e, category='warning')
                     except Exception:
                         log.exception("Exception during deletion of user")
                         h.flash(_('An error occurred during deletion of user'),
                                 category='error')
                     return redirect(h.route_path('users'))
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def reset_password(self, user_id):
                     """
                     toggle reset password flag for this user
                     :param user_id:
                     """
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     try:
                         old_value = c.user.user_data.get('force_password_change')
                         c.user.update_userdata(force_password_change=not old_value)
                         Session().commit()
                         if old_value:
                             msg = _('Force password change disabled for user')
                         else:
                             msg = _('Force password change enabled for user')
                         h.flash(msg, category='success')
                     except Exception:
                         log.exception("Exception during password reset for user")
                         h.flash(_('An error occurred during password reset for user'),
                                 category='error')
                     return redirect(url('edit_user_advanced', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def create_personal_repo_group(self, user_id):
                     """
                     Create personal repository group for this user
                     :param user_id:
                     """
                     from rhodecode.model.repo_group import RepoGroupModel
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     personal_repo_group = RepoGroup.get_user_personal_repo_group(
                         c.user.user_id)
                     if personal_repo_group:
                         return redirect(url('edit_user_advanced', user_id=user_id))
                     personal_repo_group_name = RepoGroupModel().get_personal_group_name(
                         c.user)
                     named_personal_group = RepoGroup.get_by_group_name(
                         personal_repo_group_name)
                     try:
                         if named_personal_group and named_personal_group.user_id == c.user.user_id:
                             # migrate the same named group, and mark it as personal
                             named_personal_group.personal = True
                             Session().add(named_personal_group)
                             Session().commit()
                             msg = _('Linked repository group `%s` as personal' % (
                                 personal_repo_group_name,))
                             h.flash(msg, category='success')
                         elif not named_personal_group:
                             RepoGroupModel().create_personal_repo_group(c.user)
                             msg = _('Created repository group `%s`' % (
                                 personal_repo_group_name,))
                             h.flash(msg, category='success')
                         else:
                             msg = _('Repository group `%s` is already taken' % (
                                 personal_repo_group_name,))
                             h.flash(msg, category='warning')
                     except Exception:
                         log.exception("Exception during repository group creation")
                         msg = _(
                             'An error occurred during repository group creation for user')
                         h.flash(msg, category='error')
                         Session().rollback()
                     return redirect(url('edit_user_advanced', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 def show(self, user_id):
                     """GET /users/user_id: Show a specific item"""
                     # url('user', user_id=ID)
                     User.get_or_404(-1)
                 @HasPermissionAllDecorator('hg.admin')
                 def edit(self, user_id):
                     """GET /users/user_id/edit: Form to edit an existing item"""
                     # url('edit_user', user_id=ID)
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(h.route_path('users'))
                     c.active = 'profile'
                     c.extern_type = c.user.extern_type
                     c.extern_name = c.user.extern_name
                     c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
                     defaults = c.user.get_dict()
                     defaults.update({'language': c.user.user_data.get('language')})
                     return htmlfill.render(
                         render('admin/users/user_edit.mako'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False)
                 @HasPermissionAllDecorator('hg.admin')
                 def edit_advanced(self, user_id):
                     user_id = safe_int(user_id)
                     user = c.user = User.get_or_404(user_id)
                     if user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(h.route_path('users'))
                     c.active = 'advanced'
-                    c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
+                    c.personal_repo_group = RepoGroup.get_user_personal_repo_group(user_id)
-                    c.personal_repo_group = c.perm_user.personal_repo_group
                     c.personal_repo_group_name = RepoGroupModel()\
                         .get_personal_group_name(user)
                     c.first_admin = User.get_first_super_admin()
                     defaults = user.get_dict()
                     # Interim workaround if the user participated on any pull requests as a
                     # reviewer.
                     has_review = bool(PullRequestReviewers.query().filter(
                         PullRequestReviewers.user_id == user_id).first())
                     c.can_delete_user = not has_review
                     c.can_delete_user_message = _(
                         'The user participates as reviewer in pull requests and '
                         'cannot be deleted. You can set the user to '
                         '"inactive" instead of deleting it.') if has_review else ''
                     return htmlfill.render(
                         render('admin/users/user_edit.mako'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False)
                 @HasPermissionAllDecorator('hg.admin')
                 def edit_global_perms(self, user_id):
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(h.route_path('users'))
                     c.active = 'global_perms'
                     c.default_user = User.get_default_user()
                     defaults = c.user.get_dict()
                     defaults.update(c.default_user.get_default_perms(suffix='_inherited'))
                     defaults.update(c.default_user.get_default_perms())
                     defaults.update(c.user.get_default_perms())
                     return htmlfill.render(
                         render('admin/users/user_edit.mako'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False)
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def update_global_perms(self, user_id):
                     """PUT /users_perm/user_id: Update an existing item"""
                     # url('user_perm', user_id=ID, method='put')
                     user_id = safe_int(user_id)
                     user = User.get_or_404(user_id)
                     c.active = 'global_perms'
                     try:
                         # first stage that verifies the checkbox
                         _form = UserIndividualPermissionsForm()
                         form_result = _form.to_python(dict(request.POST))
                         inherit_perms = form_result['inherit_default_permissions']
                         user.inherit_default_permissions = inherit_perms
                         Session().add(user)
                         if not inherit_perms:
                             # only update the individual ones if we un check the flag
                             _form = UserPermissionsForm(
                                 [x[0] for x in c.repo_create_choices],
                                 [x[0] for x in c.repo_create_on_write_choices],
                                 [x[0] for x in c.repo_group_create_choices],
                                 [x[0] for x in c.user_group_create_choices],
                                 [x[0] for x in c.fork_choices],
                                 [x[0] for x in c.inherit_default_permission_choices])()
                             form_result = _form.to_python(dict(request.POST))
                             form_result.update({'perm_user_id': user.user_id})
                             PermissionModel().update_user_permissions(form_result)
                         Session().commit()
                         h.flash(_('User global permissions updated successfully'),
                                 category='success')
                         Session().commit()
                     except formencode.Invalid as errors:
                         defaults = errors.value
                         c.user = user
                         return htmlfill.render(
                             render('admin/users/user_edit.mako'),
                             defaults=defaults,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False)
                     except Exception:
                         log.exception("Exception during permissions saving")
                         h.flash(_('An error occurred during permissions saving'),
                                 category='error')
                     return redirect(url('edit_user_global_perms', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 def edit_perms_summary(self, user_id):
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(h.route_path('users'))
                     c.active = 'perms_summary'
                     c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
                     return render('admin/users/user_edit.mako')
                 @HasPermissionAllDecorator('hg.admin')
                 def edit_emails(self, user_id):
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(h.route_path('users'))
                     c.active = 'emails'
                     c.user_email_map = UserEmailMap.query() \
                         .filter(UserEmailMap.user == c.user).all()
                     defaults = c.user.get_dict()
                     return htmlfill.render(
                         render('admin/users/user_edit.mako'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False)
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def add_email(self, user_id):
                     """POST /user_emails:Add an existing item"""
                     # url('user_emails', user_id=ID, method='put')
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     email = request.POST.get('new_email')
                     user_model = UserModel()
                     try:
                         user_model.add_extra_email(user_id, email)
                         Session().commit()
                         h.flash(_("Added new email address `%s` for user account") % email,
                                 category='success')
                     except formencode.Invalid as error:
                         msg = error.error_dict['email']
                         h.flash(msg, category='error')
                     except Exception:
                         log.exception("Exception during email saving")
                         h.flash(_('An error occurred during email saving'),
                                 category='error')
                     return redirect(url('edit_user_emails', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def delete_email(self, user_id):
                     """DELETE /user_emails_delete/user_id: Delete an existing item"""
                     # url('user_emails_delete', user_id=ID, method='delete')
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     email_id = request.POST.get('del_email_id')
                     user_model = UserModel()
                     user_model.delete_extra_email(user_id, email_id)
                     Session().commit()
                     h.flash(_("Removed email address from user account"), category='success')
                     return redirect(url('edit_user_emails', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 def edit_ips(self, user_id):
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(h.route_path('users'))
                     c.active = 'ips'
                     c.user_ip_map = UserIpMap.query() \
                         .filter(UserIpMap.user == c.user).all()
                     c.inherit_default_ips = c.user.inherit_default_permissions
                     c.default_user_ip_map = UserIpMap.query() \
                         .filter(UserIpMap.user == User.get_default_user()).all()
                     defaults = c.user.get_dict()
                     return htmlfill.render(
                         render('admin/users/user_edit.mako'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False)
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def add_ip(self, user_id):
                     """POST /user_ips:Add an existing item"""
                     # url('user_ips', user_id=ID, method='put')
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     user_model = UserModel()
                     try:
                         ip_list = user_model.parse_ip_range(request.POST.get('new_ip'))
                     except Exception as e:
                         ip_list = []
                         log.exception("Exception during ip saving")
                         h.flash(_('An error occurred during ip saving:%s' % (e,)),
                                 category='error')
                     desc = request.POST.get('description')
                     added = []
                     for ip in ip_list:
                         try:
                             user_model.add_extra_ip(user_id, ip, desc)
                             Session().commit()
                             added.append(ip)
                         except formencode.Invalid as error:
                             msg = error.error_dict['ip']
                             h.flash(msg, category='error')
                         except Exception:
                             log.exception("Exception during ip saving")
                             h.flash(_('An error occurred during ip saving'),
                                     category='error')
                     if added:
                         h.flash(
                             _("Added ips %s to user whitelist") % (', '.join(ip_list), ),
                             category='success')
                     if 'default_user' in request.POST:
                         return redirect(url('admin_permissions_ips'))
                     return redirect(url('edit_user_ips', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def delete_ip(self, user_id):
                     """DELETE /user_ips_delete/user_id: Delete an existing item"""
                     # url('user_ips_delete', user_id=ID, method='delete')
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     ip_id = request.POST.get('del_ip_id')
                     user_model = UserModel()
                     user_model.delete_extra_ip(user_id, ip_id)
                     Session().commit()
                     h.flash(_("Removed ip address from user whitelist"), category='success')
                     if 'default_user' in request.POST:
                         return redirect(url('admin_permissions_ips'))
                     return redirect(url('edit_user_ips', user_id=user_id))