rhodecode-enterprise-ce Commit - r1956:a7a935de

core: no longer rely on webob exception inside get_or_404 function....

marcink -

r1956:a7a935de default

parent child

The requested changes are too big and content was truncated. Show full diff

rhodecode/apps/_base/__init__.py

0 +1 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import time
             import logging
             from pyramid.httpexceptions import HTTPFound
             from rhodecode.lib import helpers as h
             from rhodecode.lib.utils2 import StrictAttributeDict, safe_int, datetime_to_time
             from rhodecode.lib.vcs.exceptions import RepositoryRequirementError
             from rhodecode.model import repo
             from rhodecode.model import repo_group
             from rhodecode.model.db import User
             from rhodecode.model.scm import ScmModel
             log = logging.getLogger(__name__)
             ADMIN_PREFIX = '/_admin'
             STATIC_FILE_PREFIX = '/_static'
             URL_NAME_REQUIREMENTS = {
                 # group name can have a slash in them, but they must not end with a slash
                 'group_name': r'.*?[^/]',
                 'repo_group_name': r'.*?[^/]',
                 # repo names can have a slash in them, but they must not end with a slash
                 'repo_name': r'.*?[^/]',
                 # file path eats up everything at the end
                 'f_path': r'.*',
                 # reference types
                 'source_ref_type': '(branch|book|tag|rev|\%\(source_ref_type\)s)',
                 'target_ref_type': '(branch|book|tag|rev|\%\(target_ref_type\)s)',
             }
             def add_route_with_slash(config,name, pattern, **kw):
                 config.add_route(name, pattern, **kw)
                 if not pattern.endswith('/'):
                     config.add_route(name + '_slash', pattern + '/', **kw)
             def add_route_requirements(route_path, requirements=URL_NAME_REQUIREMENTS):
                 """
                 Adds regex requirements to pyramid routes using a mapping dict
                 e.g::
                     add_route_requirements('{repo_name}/settings')
                 """
                 for key, regex in requirements.items():
                     route_path = route_path.replace('{%s}' % key, '{%s:%s}' % (key, regex))
                 return route_path
             def get_format_ref_id(repo):
                 """Returns a `repo` specific reference formatter function"""
                 if h.is_svn(repo):
                     return _format_ref_id_svn
                 else:
                     return _format_ref_id
             def _format_ref_id(name, raw_id):
                 """Default formatting of a given reference `name`"""
                 return name
             def _format_ref_id_svn(name, raw_id):
                 """Special way of formatting a reference for Subversion including path"""
                 return '%s@%s' % (name, raw_id)
             class TemplateArgs(StrictAttributeDict):
                 pass
             class BaseAppView(object):
                 def __init__(self, context, request):
                     self.request = request
                     self.context = context
                     self.session = request.session
                     self._rhodecode_user = request.user  # auth user
                     self._rhodecode_db_user = self._rhodecode_user.get_instance()
                     self._maybe_needs_password_change(
                         request.matched_route.name, self._rhodecode_db_user)
                 def _maybe_needs_password_change(self, view_name, user_obj):
                     log.debug('Checking if user %s needs password change on view %s',
                               user_obj, view_name)
                     skip_user_views = [
                         'logout', 'login',
                         'my_account_password', 'my_account_password_update'
                     ]
                     if not user_obj:
                         return
                     if user_obj.username == User.DEFAULT_USER:
                         return
                     now = time.time()
                     should_change = user_obj.user_data.get('force_password_change')
                     change_after = safe_int(should_change) or 0
                     if should_change and now > change_after:
                         log.debug('User %s requires password change', user_obj)
                         h.flash('You are required to change your password', 'warning',
                                 ignore_duplicate=True)
                         if view_name not in skip_user_views:
                             raise HTTPFound(
                                 self.request.route_path('my_account_password'))
                 def _get_local_tmpl_context(self, include_app_defaults=False):
                     c = TemplateArgs()
                     c.auth_user = self.request.user
                     # TODO(marcink): migrate the usage of c.rhodecode_user to c.auth_user
                     c.rhodecode_user = self.request.user
                     if include_app_defaults:
                         # NOTE(marcink): after full pyramid migration include_app_defaults
                         # should be turned on by default
                         from rhodecode.lib.base import attach_context_attributes
                         attach_context_attributes(c, self.request, self.request.user.user_id)
                     return c
                 def _register_global_c(self, tmpl_args):
                     """
                     Registers attributes to pylons global `c`
                     """
                     # TODO(marcink): remove once pyramid migration is finished
                     from pylons import tmpl_context as c
                     try:
                         for k, v in tmpl_args.items():
                             setattr(c, k, v)
                     except TypeError:
                         log.exception('Failed to register pylons C')
                         pass
                 def _get_template_context(self, tmpl_args):
                     self._register_global_c(tmpl_args)
                     local_tmpl_args = {
                         'defaults': {},
                         'errors': {},
                         # register a fake 'c' to be used in templates instead of global
                         # pylons c, after migration to pyramid we should rename it to 'c'
                         # make sure we replace usage of _c in templates too
                         '_c': tmpl_args
                     }
                     local_tmpl_args.update(tmpl_args)
                     return local_tmpl_args
                 def load_default_context(self):
                     """
                     example:
                     def load_default_context(self):
                         c = self._get_local_tmpl_context()
                         c.custom_var = 'foobar'
                         self._register_global_c(c)
                         return c
                     """
                     raise NotImplementedError('Needs implementation in view class')
             class RepoAppView(BaseAppView):
                 def __init__(self, context, request):
                     super(RepoAppView, self).__init__(context, request)
                     self.db_repo = request.db_repo
                     self.db_repo_name = self.db_repo.repo_name
                     self.db_repo_pull_requests = ScmModel().get_pull_requests(self.db_repo)
                 def _handle_missing_requirements(self, error):
                     log.error(
                         'Requirements are missing for repository %s: %s',
                         self.db_repo_name, error.message)
                 def _get_local_tmpl_context(self, include_app_defaults=False):
                     c = super(RepoAppView, self)._get_local_tmpl_context(
                         include_app_defaults=include_app_defaults)
                     # register common vars for this type of view
                     c.rhodecode_db_repo = self.db_repo
                     c.repo_name = self.db_repo_name
                     c.repository_pull_requests = self.db_repo_pull_requests
                     c.repository_requirements_missing = False
                     try:
                         self.rhodecode_vcs_repo = self.db_repo.scm_instance()
                     except RepositoryRequirementError as e:
                         c.repository_requirements_missing = True
                         self._handle_missing_requirements(e)
                     return c
                 def _get_f_path(self, matchdict, default=None):
                     f_path = matchdict.get('f_path')
                     if f_path:
                         # fix for multiple initial slashes that causes errors for GIT
                         return f_path.lstrip('/')
                     return default
             class DataGridAppView(object):
                 """
                 Common class to have re-usable grid rendering components
                 """
                 def _extract_ordering(self, request, column_map=None):
                     column_map = column_map or {}
                     column_index = safe_int(request.GET.get('order[0][column]'))
                     order_dir = request.GET.get(
                         'order[0][dir]', 'desc')
                     order_by = request.GET.get(
                         'columns[%s][data][sort]' % column_index, 'name_raw')
                     # translate datatable to DB columns
                     order_by = column_map.get(order_by) or order_by
                     search_q = request.GET.get('search[value]')
                     return search_q, order_by, order_dir
                 def _extract_chunk(self, request):
                     start = safe_int(request.GET.get('start'), 0)
                     length = safe_int(request.GET.get('length'), 25)
                     draw = safe_int(request.GET.get('draw'))
                     return draw, start, length
             class BaseReferencesView(RepoAppView):
                 """
                 Base for reference view for branches, tags and bookmarks.
                 """
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     # TODO(marcink): remove repo_info and use c.rhodecode_db_repo instead
                     c.repo_info = self.db_repo
                     self._register_global_c(c)
                     return c
                 def load_refs_context(self, ref_items, partials_template):
                     _render = self.request.get_partial_renderer(partials_template)
                     pre_load = ["author", "date", "message"]
                     is_svn = h.is_svn(self.rhodecode_vcs_repo)
                     is_hg = h.is_hg(self.rhodecode_vcs_repo)
                     format_ref_id = get_format_ref_id(self.rhodecode_vcs_repo)
                     closed_refs = {}
                     if is_hg:
                         closed_refs = self.rhodecode_vcs_repo.branches_closed
                     data = []
                     for ref_name, commit_id in ref_items:
                         commit = self.rhodecode_vcs_repo.get_commit(
                             commit_id=commit_id, pre_load=pre_load)
                         closed = ref_name in closed_refs
                         # TODO: johbo: Unify generation of reference links
                         use_commit_id = '/' in ref_name or is_svn
                         if use_commit_id:
                             files_url = h.route_path(
                                 'repo_files',
                                 repo_name=self.db_repo_name,
                                 f_path=ref_name if is_svn else '',
                                 commit_id=commit_id)
                         else:
                             files_url = h.route_path(
                                 'repo_files',
                                 repo_name=self.db_repo_name,
                                 f_path=ref_name if is_svn else '',
                                 commit_id=ref_name,
                                 _query=dict(at=ref_name))
                         data.append({
                             "name": _render('name', ref_name, files_url, closed),
                             "name_raw": ref_name,
                             "date": _render('date', commit.date),
                             "date_raw": datetime_to_time(commit.date),
                             "author": _render('author', commit.author),
                             "commit": _render(
                                 'commit', commit.message, commit.raw_id, commit.idx),
                             "commit_raw": commit.idx,
                             "compare": _render(
                                 'compare', format_ref_id(ref_name, commit.raw_id)),
                         })
                     return data
             class RepoRoutePredicate(object):
                 def __init__(self, val, config):
                     self.val = val
                 def text(self):
                     return 'repo_route = %s' % self.val
                 phash = text
                 def __call__(self, info, request):
                     if hasattr(request, 'vcs_call'):
                         # skip vcs calls
                         return
                     repo_name = info['match']['repo_name']
                     repo_model = repo.RepoModel()
                     by_name_match = repo_model.get_by_repo_name(repo_name, cache=True)
                     if by_name_match:
                         # register this as request object we can re-use later
                         request.db_repo = by_name_match
                         return True
                     by_id_match = repo_model.get_repo_by_id(repo_name)
                     if by_id_match:
                         request.db_repo = by_id_match
                         return True
                     return False
             class RepoTypeRoutePredicate(object):
                 def __init__(self, val, config):
                     self.val = val or ['hg', 'git', 'svn']
                 def text(self):
                     return 'repo_accepted_type = %s' % self.val
                 phash = text
                 def __call__(self, info, request):
                     if hasattr(request, 'vcs_call'):
                         # skip vcs calls
                         return
                     rhodecode_db_repo = request.db_repo
                     log.debug(
                         '%s checking repo type for %s in %s',
                         self.__class__.__name__, rhodecode_db_repo.repo_type, self.val)
                     if rhodecode_db_repo.repo_type in self.val:
                         return True
                     else:
                         log.warning('Current view is not supported for repo type:%s',
                                     rhodecode_db_repo.repo_type)
                         #
                         # h.flash(h.literal(
                         #     _('Action not supported for %s.' % rhodecode_repo.alias)),
                         #     category='warning')
                         # return redirect(
                         #     route_path('repo_summary', repo_name=cls.rhodecode_db_repo.repo_name))
                         return False
             class RepoGroupRoutePredicate(object):
                 def __init__(self, val, config):
                     self.val = val
                 def text(self):
                     return 'repo_group_route = %s' % self.val
                 phash = text
                 def __call__(self, info, request):
                     if hasattr(request, 'vcs_call'):
                         # skip vcs calls
                         return
                     repo_group_name = info['match']['repo_group_name']
                     repo_group_model = repo_group.RepoGroupModel()
                     by_name_match = repo_group_model.get_by_group_name(
                         repo_group_name, cache=True)
                     if by_name_match:
                         # register this as request object we can re-use later
                         request.db_repo_group = by_name_match
                         return True
                     return False
             def includeme(config):
                 config.add_route_predicate(
                     'repo_route', RepoRoutePredicate)
                 config.add_route_predicate(
                     'repo_accepted_types', RepoTypeRoutePredicate)
                 config.add_route_predicate(
                     'repo_group_route', RepoGroupRoutePredicate)

rhodecode/apps/admin/views/main_views.py

0 +1 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2017  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             from pyramid.httpexceptions import HTTPFound
             from pyramid.view import view_config
             from rhodecode.apps._base import BaseAppView
             from rhodecode.lib import helpers as h
             from rhodecode.lib.auth import (LoginRequired, HasPermissionAllDecorator)
             from rhodecode.model.db import PullRequest
             log = logging.getLogger(__name__)
             class AdminMainView(BaseAppView):
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_home', request_method='GET')
                 def admin_main(self):
                     # redirect _admin to audit logs...
                     raise HTTPFound(h.route_path('admin_audit_logs'))
                 @LoginRequired()
                 @view_config(route_name='pull_requests_global_0', request_method='GET')
                 @view_config(route_name='pull_requests_global_1', request_method='GET')
                 @view_config(route_name='pull_requests_global', request_method='GET')
                 def pull_requests(self):
                     """
                     Global redirect for Pull Requests
                     :param pull_request_id: id of pull requests in the system
                     """
                     pull_request_id = self.request.matchdict.get('pull_request_id')
-                    pull_request = PullRequest.get_or_404(pull_request_id, pyramid_exc=True)
+                    pull_request = PullRequest.get_or_404(pull_request_id)
                     repo_name = pull_request.target_repo.repo_name
                     raise HTTPFound(
                         h.route_path('pullrequest_show', repo_name=repo_name,
                                      pull_request_id=pull_request_id))

rhodecode/apps/admin/views/users.py

0 +13 -13

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import datetime
             import formencode
             from pyramid.httpexceptions import HTTPFound
             from pyramid.view import view_config
             from sqlalchemy.sql.functions import coalesce
             from rhodecode.apps._base import BaseAppView, DataGridAppView
             from rhodecode.lib import audit_logger
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.auth import (
                 LoginRequired, HasPermissionAllDecorator, CSRFRequired)
             from rhodecode.lib import helpers as h
             from rhodecode.lib.utils2 import safe_int, safe_unicode
             from rhodecode.model.auth_token import AuthTokenModel
             from rhodecode.model.user import UserModel
             from rhodecode.model.user_group import UserGroupModel
             from rhodecode.model.db import User, or_, UserIpMap, UserEmailMap, UserApiKeys
             from rhodecode.model.meta import Session
             log = logging.getLogger(__name__)
             class AdminUsersView(BaseAppView, DataGridAppView):
                 ALLOW_SCOPED_TOKENS = False
                 """
                 This view has alternative version inside EE, if modified please take a look
                 in there as well.
                 """
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     c.allow_scoped_tokens = self.ALLOW_SCOPED_TOKENS
                     self._register_global_c(c)
                     return c
                 def _redirect_for_default_user(self, username):
                     _ = self.request.translate
                     if username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         # TODO(marcink): redirect to 'users' admin panel once this
                         # is a pyramid view
                         raise HTTPFound('/')
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='users', request_method='GET',
                     renderer='rhodecode:templates/admin/users/users.mako')
                 def users_list(self):
                     c = self.load_default_context()
                     return self._get_template_context(c)
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     # renderer defined below
                     route_name='users_data', request_method='GET',
                     renderer='json_ext', xhr=True)
                 def users_list_data(self):
                     draw, start, limit = self._extract_chunk(self.request)
                     search_q, order_by, order_dir = self._extract_ordering(self.request)
                     _render = self.request.get_partial_renderer(
                         'data_table/_dt_elements.mako')
                     def user_actions(user_id, username):
                         return _render("user_actions", user_id, username)
                     users_data_total_count = User.query()\
                         .filter(User.username != User.DEFAULT_USER) \
                         .count()
                     # json generate
                     base_q = User.query().filter(User.username != User.DEFAULT_USER)
                     if search_q:
                         like_expression = u'%{}%'.format(safe_unicode(search_q))
                         base_q = base_q.filter(or_(
                             User.username.ilike(like_expression),
                             User._email.ilike(like_expression),
                             User.name.ilike(like_expression),
                             User.lastname.ilike(like_expression),
                         ))
                     users_data_total_filtered_count = base_q.count()
                     sort_col = getattr(User, order_by, None)
                     if sort_col:
                         if order_dir == 'asc':
                             # handle null values properly to order by NULL last
                             if order_by in ['last_activity']:
                                 sort_col = coalesce(sort_col, datetime.date.max)
                             sort_col = sort_col.asc()
                         else:
                             # handle null values properly to order by NULL last
                             if order_by in ['last_activity']:
                                 sort_col = coalesce(sort_col, datetime.date.min)
                             sort_col = sort_col.desc()
                     base_q = base_q.order_by(sort_col)
                     base_q = base_q.offset(start).limit(limit)
                     users_list = base_q.all()
                     users_data = []
                     for user in users_list:
                         users_data.append({
                             "username": h.gravatar_with_user(self.request, user.username),
                             "email": user.email,
                             "first_name": user.first_name,
                             "last_name": user.last_name,
                             "last_login": h.format_date(user.last_login),
                             "last_activity": h.format_date(user.last_activity),
                             "active": h.bool2icon(user.active),
                             "active_raw": user.active,
                             "admin": h.bool2icon(user.admin),
                             "extern_type": user.extern_type,
                             "extern_name": user.extern_name,
                             "action": user_actions(user.user_id, user.username),
                         })
                     data = ({
                         'draw': draw,
                         'data': users_data,
                         'recordsTotal': users_data_total_count,
                         'recordsFiltered': users_data_total_filtered_count,
                     })
                     return data
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_auth_tokens', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def auth_tokens(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
-                    c.user = User.get_or_404(user_id, pyramid_exc=True)
+                    c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     c.active = 'auth_tokens'
                     c.lifetime_values = [
                         (str(-1), _('forever')),
                         (str(5), _('5 minutes')),
                         (str(60), _('1 hour')),
                         (str(60 * 24), _('1 day')),
                         (str(60 * 24 * 30), _('1 month')),
                     ]
                     c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]
                     c.role_values = [
                         (x, AuthTokenModel.cls._get_role_name(x))
                         for x in AuthTokenModel.cls.ROLES]
                     c.role_options = [(c.role_values, _("Role"))]
                     c.user_auth_tokens = AuthTokenModel().get_auth_tokens(
                         c.user.user_id, show_expired=True)
                     return self._get_template_context(c)
                 def maybe_attach_token_scope(self, token):
                     # implemented in EE edition
                     pass
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_auth_tokens_add', request_method='POST')
                 def auth_tokens_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
-                    c.user = User.get_or_404(user_id, pyramid_exc=True)
+                    c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     user_data = c.user.get_api_data()
                     lifetime = safe_int(self.request.POST.get('lifetime'), -1)
                     description = self.request.POST.get('description')
                     role = self.request.POST.get('role')
                     token = AuthTokenModel().create(
                         c.user.user_id, description, lifetime, role)
                     token_data = token.get_api_data()
                     self.maybe_attach_token_scope(token)
                     audit_logger.store_web(
                         'user.edit.token.add', action_data={
                             'data': {'token': token_data, 'user': user_data}},
                         user=self._rhodecode_user, )
                     Session().commit()
                     h.flash(_("Auth token successfully created"), category='success')
                     return HTTPFound(h.route_path('edit_user_auth_tokens', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_auth_tokens_delete', request_method='POST')
                 def auth_tokens_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
-                    c.user = User.get_or_404(user_id, pyramid_exc=True)
+                    c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     user_data = c.user.get_api_data()
                     del_auth_token = self.request.POST.get('del_auth_token')
                     if del_auth_token:
-                        token = UserApiKeys.get_or_404(del_auth_token, pyramid_exc=True)
+                        token = UserApiKeys.get_or_404(del_auth_token)
                         token_data = token.get_api_data()
                         AuthTokenModel().delete(del_auth_token, c.user.user_id)
                         audit_logger.store_web(
                             'user.edit.token.delete', action_data={
                                 'data': {'token': token_data, 'user': user_data}},
                             user=self._rhodecode_user,)
                         Session().commit()
                         h.flash(_("Auth token successfully deleted"), category='success')
                     return HTTPFound(h.route_path('edit_user_auth_tokens', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_emails', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def emails(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
-                    c.user = User.get_or_404(user_id, pyramid_exc=True)
+                    c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     c.active = 'emails'
                     c.user_email_map = UserEmailMap.query() \
                         .filter(UserEmailMap.user == c.user).all()
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_emails_add', request_method='POST')
                 def emails_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
-                    c.user = User.get_or_404(user_id, pyramid_exc=True)
+                    c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     email = self.request.POST.get('new_email')
                     user_data = c.user.get_api_data()
                     try:
                         UserModel().add_extra_email(c.user.user_id, email)
                         audit_logger.store_web(
                             'user.edit.email.add', action_data={'email': email, 'user': user_data},
                             user=self._rhodecode_user)
                         Session().commit()
                         h.flash(_("Added new email address `%s` for user account") % email,
                                 category='success')
                     except formencode.Invalid as error:
                         h.flash(h.escape(error.error_dict['email']), category='error')
                     except Exception:
                         log.exception("Exception during email saving")
                         h.flash(_('An error occurred during email saving'),
                                 category='error')
                     raise HTTPFound(h.route_path('edit_user_emails', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_emails_delete', request_method='POST')
                 def emails_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
-                    c.user = User.get_or_404(user_id, pyramid_exc=True)
+                    c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     email_id = self.request.POST.get('del_email_id')
                     user_model = UserModel()
                     email = UserEmailMap.query().get(email_id).email
                     user_data = c.user.get_api_data()
                     user_model.delete_extra_email(c.user.user_id, email_id)
                     audit_logger.store_web(
                         'user.edit.email.delete', action_data={'email': email, 'user': user_data},
                         user=self._rhodecode_user)
                     Session().commit()
                     h.flash(_("Removed email address from user account"),
                             category='success')
                     raise HTTPFound(h.route_path('edit_user_emails', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_ips', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def ips(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
-                    c.user = User.get_or_404(user_id, pyramid_exc=True)
+                    c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     c.active = 'ips'
                     c.user_ip_map = UserIpMap.query() \
                         .filter(UserIpMap.user == c.user).all()
                     c.inherit_default_ips = c.user.inherit_default_permissions
                     c.default_user_ip_map = UserIpMap.query() \
                         .filter(UserIpMap.user == User.get_default_user()).all()
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_ips_add', request_method='POST')
                 def ips_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
-                    c.user = User.get_or_404(user_id, pyramid_exc=True)
+                    c.user = User.get_or_404(user_id)
                     # NOTE(marcink): this view is allowed for default users, as we can
                     # edit their IP white list
                     user_model = UserModel()
                     desc = self.request.POST.get('description')
                     try:
                         ip_list = user_model.parse_ip_range(
                             self.request.POST.get('new_ip'))
                     except Exception as e:
                         ip_list = []
                         log.exception("Exception during ip saving")
                         h.flash(_('An error occurred during ip saving:%s' % (e,)),
                                 category='error')
                     added = []
                     user_data = c.user.get_api_data()
                     for ip in ip_list:
                         try:
                             user_model.add_extra_ip(c.user.user_id, ip, desc)
                             audit_logger.store_web(
                                 'user.edit.ip.add', action_data={'ip': ip, 'user': user_data},
                                 user=self._rhodecode_user)
                             Session().commit()
                             added.append(ip)
                         except formencode.Invalid as error:
                             msg = error.error_dict['ip']
                             h.flash(msg, category='error')
                         except Exception:
                             log.exception("Exception during ip saving")
                             h.flash(_('An error occurred during ip saving'),
                                     category='error')
                     if added:
                         h.flash(
                             _("Added ips %s to user whitelist") % (', '.join(ip_list), ),
                             category='success')
                     if 'default_user' in self.request.POST:
                         # case for editing global IP list we do it for 'DEFAULT' user
                         raise HTTPFound(h.route_path('admin_permissions_ips'))
                     raise HTTPFound(h.route_path('edit_user_ips', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_ips_delete', request_method='POST')
                 def ips_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
-                    c.user = User.get_or_404(user_id, pyramid_exc=True)
+                    c.user = User.get_or_404(user_id)
                     # NOTE(marcink): this view is allowed for default users, as we can
                     # edit their IP white list
                     ip_id = self.request.POST.get('del_ip_id')
                     user_model = UserModel()
                     user_data = c.user.get_api_data()
                     ip = UserIpMap.query().get(ip_id).ip_addr
                     user_model.delete_extra_ip(c.user.user_id, ip_id)
                     audit_logger.store_web(
                         'user.edit.ip.delete', action_data={'ip': ip, 'user': user_data},
                         user=self._rhodecode_user)
                     Session().commit()
                     h.flash(_("Removed ip address from user whitelist"), category='success')
                     if 'default_user' in self.request.POST:
                         # case for editing global IP list we do it for 'DEFAULT' user
                         raise HTTPFound(h.route_path('admin_permissions_ips'))
                     raise HTTPFound(h.route_path('edit_user_ips', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_groups_management', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def groups_management(self):
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
-                    c.user = User.get_or_404(user_id, pyramid_exc=True)
+                    c.user = User.get_or_404(user_id)
                     c.data = c.user.group_member
                     self._redirect_for_default_user(c.user.username)
                     groups = [UserGroupModel.get_user_groups_as_dict(group.users_group)
                               for group in c.user.group_member]
                     c.groups = json.dumps(groups)
                     c.active = 'groups'
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_groups_management_updates', request_method='POST')
                 def groups_management_updates(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
-                    c.user = User.get_or_404(user_id, pyramid_exc=True)
+                    c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     users_groups = set(self.request.POST.getall('users_group_id'))
                     users_groups_model = []
                     for ugid in users_groups:
                         users_groups_model.append(UserGroupModel().get_group(safe_int(ugid)))
                     user_group_model = UserGroupModel()
                     user_group_model.change_groups(c.user, users_groups_model)
                     Session().commit()
                     c.active = 'user_groups_management'
                     h.flash(_("Groups successfully changed"), category='success')
                     return HTTPFound(h.route_path(
                         'edit_user_groups_management', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_audit_logs', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_audit_logs(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
-                    c.user = User.get_or_404(user_id, pyramid_exc=True)
+                    c.user = User.get_or_404(user_id)
                     self._redirect_for_default_user(c.user.username)
                     c.active = 'audit'
                     p = safe_int(self.request.GET.get('page', 1), 1)
                     filter_term = self.request.GET.get('filter')
                     user_log = UserModel().get_user_log(c.user, filter_term)
                     def url_generator(**kw):
                         if filter_term:
                             kw['filter'] = filter_term
                         return self.request.current_route_path(_query=kw)
                     c.audit_logs = h.Page(
                         user_log, page=p, items_per_page=10, url=url_generator)
                     c.filter_term = filter_term
                     return self._get_template_context(c)

rhodecode/apps/my_account/views/my_account.py

0 +2 -2

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import datetime
             import formencode
             from pyramid.httpexceptions import HTTPFound
             from pyramid.view import view_config
             from pyramid.renderers import render
             from pyramid.response import Response
             from rhodecode.apps._base import BaseAppView, DataGridAppView
             from rhodecode import forms
             from rhodecode.lib import helpers as h
             from rhodecode.lib import audit_logger
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.auth import LoginRequired, NotAnonymous, CSRFRequired
             from rhodecode.lib.channelstream import channelstream_request, \
                 ChannelstreamException
             from rhodecode.lib.utils2 import safe_int, md5, str2bool
             from rhodecode.model.auth_token import AuthTokenModel
             from rhodecode.model.comment import CommentsModel
             from rhodecode.model.db import (
                 Repository, UserEmailMap, UserApiKeys, UserFollowing, joinedload,
                 PullRequest)
             from rhodecode.model.forms import UserForm
             from rhodecode.model.meta import Session
             from rhodecode.model.pull_request import PullRequestModel
             from rhodecode.model.scm import RepoList
             from rhodecode.model.user import UserModel
             from rhodecode.model.repo import RepoModel
             from rhodecode.model.validation_schema.schemas import user_schema
             log = logging.getLogger(__name__)
             class MyAccountView(BaseAppView, DataGridAppView):
                 ALLOW_SCOPED_TOKENS = False
                 """
                 This view has alternative version inside EE, if modified please take a look
                 in there as well.
                 """
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     c.user = c.auth_user.get_instance()
                     c.allow_scoped_tokens = self.ALLOW_SCOPED_TOKENS
                     self._register_global_c(c)
                     return c
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_profile', request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_profile(self):
                     c = self.load_default_context()
                     c.active = 'profile'
                     return self._get_template_context(c)
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_password', request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_password(self):
                     c = self.load_default_context()
                     c.active = 'password'
                     c.extern_type = c.user.extern_type
                     schema = user_schema.ChangePasswordSchema().bind(
                         username=c.user.username)
                     form = forms.Form(
                         schema,
                         action=h.route_path('my_account_password_update'),
                         buttons=(forms.buttons.save, forms.buttons.reset))
                     c.form = form
                     return self._get_template_context(c)
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 @view_config(
                     route_name='my_account_password_update', request_method='POST',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_password_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'password'
                     c.extern_type = c.user.extern_type
                     schema = user_schema.ChangePasswordSchema().bind(
                         username=c.user.username)
                     form = forms.Form(
                         schema, buttons=(forms.buttons.save, forms.buttons.reset))
                     if c.extern_type != 'rhodecode':
                         raise HTTPFound(self.request.route_path('my_account_password'))
                     controls = self.request.POST.items()
                     try:
                         valid_data = form.validate(controls)
                         UserModel().update_user(c.user.user_id, **valid_data)
                         c.user.update_userdata(force_password_change=False)
                         Session().commit()
                     except forms.ValidationFailure as e:
                         c.form = e
                         return self._get_template_context(c)
                     except Exception:
                         log.exception("Exception updating password")
                         h.flash(_('Error occurred during update of user password'),
                                 category='error')
                     else:
                         instance = c.auth_user.get_instance()
                         self.session.setdefault('rhodecode_user', {}).update(
                             {'password': md5(instance.password)})
                         self.session.save()
                         h.flash(_("Successfully updated password"), category='success')
                     raise HTTPFound(self.request.route_path('my_account_password'))
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_auth_tokens', request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_auth_tokens(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'auth_tokens'
                     c.lifetime_values = [
                         (str(-1), _('forever')),
                         (str(5), _('5 minutes')),
                         (str(60), _('1 hour')),
                         (str(60 * 24), _('1 day')),
                         (str(60 * 24 * 30), _('1 month')),
                     ]
                     c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]
                     c.role_values = [
                         (x, AuthTokenModel.cls._get_role_name(x))
                         for x in AuthTokenModel.cls.ROLES]
                     c.role_options = [(c.role_values, _("Role"))]
                     c.user_auth_tokens = AuthTokenModel().get_auth_tokens(
                         c.user.user_id, show_expired=True)
                     return self._get_template_context(c)
                 def maybe_attach_token_scope(self, token):
                     # implemented in EE edition
                     pass
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 @view_config(
                     route_name='my_account_auth_tokens_add', request_method='POST',)
                 def my_account_auth_tokens_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     lifetime = safe_int(self.request.POST.get('lifetime'), -1)
                     description = self.request.POST.get('description')
                     role = self.request.POST.get('role')
                     token = AuthTokenModel().create(
                         c.user.user_id, description, lifetime, role)
                     token_data = token.get_api_data()
                     self.maybe_attach_token_scope(token)
                     audit_logger.store_web(
                         'user.edit.token.add', action_data={
                             'data': {'token': token_data, 'user': 'self'}},
                         user=self._rhodecode_user, )
                     Session().commit()
                     h.flash(_("Auth token successfully created"), category='success')
                     return HTTPFound(h.route_path('my_account_auth_tokens'))
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 @view_config(
                     route_name='my_account_auth_tokens_delete', request_method='POST')
                 def my_account_auth_tokens_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     del_auth_token = self.request.POST.get('del_auth_token')
                     if del_auth_token:
-                        token = UserApiKeys.get_or_404(del_auth_token, pyramid_exc=True)
+                        token = UserApiKeys.get_or_404(del_auth_token)
                         token_data = token.get_api_data()
                         AuthTokenModel().delete(del_auth_token, c.user.user_id)
                         audit_logger.store_web(
                             'user.edit.token.delete', action_data={
                                 'data': {'token': token_data, 'user': 'self'}},
                             user=self._rhodecode_user,)
                         Session().commit()
                         h.flash(_("Auth token successfully deleted"), category='success')
                     return HTTPFound(h.route_path('my_account_auth_tokens'))
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_emails', request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_emails(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'emails'
                     c.user_email_map = UserEmailMap.query()\
                         .filter(UserEmailMap.user == c.user).all()
                     return self._get_template_context(c)
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 @view_config(
                     route_name='my_account_emails_add', request_method='POST')
                 def my_account_emails_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     email = self.request.POST.get('new_email')
                     try:
                         UserModel().add_extra_email(c.user.user_id, email)
                         audit_logger.store_web(
                             'user.edit.email.add', action_data={
                                 'data': {'email': email, 'user': 'self'}},
                             user=self._rhodecode_user,)
                         Session().commit()
                         h.flash(_("Added new email address `%s` for user account") % email,
                                 category='success')
                     except formencode.Invalid as error:
                         h.flash(h.escape(error.error_dict['email']), category='error')
                     except Exception:
                         log.exception("Exception in my_account_emails")
                         h.flash(_('An error occurred during email saving'),
                                 category='error')
                     return HTTPFound(h.route_path('my_account_emails'))
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 @view_config(
                     route_name='my_account_emails_delete', request_method='POST')
                 def my_account_emails_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     del_email_id = self.request.POST.get('del_email_id')
                     if del_email_id:
-                        email = UserEmailMap.get_or_404(del_email_id, pyramid_exc=True).email
+                        email = UserEmailMap.get_or_404(del_email_id).email
                         UserModel().delete_extra_email(c.user.user_id, del_email_id)
                         audit_logger.store_web(
                             'user.edit.email.delete', action_data={
                                 'data': {'email': email, 'user': 'self'}},
                             user=self._rhodecode_user,)
                         Session().commit()
                         h.flash(_("Email successfully deleted"),
                                 category='success')
                     return HTTPFound(h.route_path('my_account_emails'))
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 @view_config(
                     route_name='my_account_notifications_test_channelstream',
                     request_method='POST', renderer='json_ext')
                 def my_account_notifications_test_channelstream(self):
                     message = 'Test message sent via Channelstream by user: {}, on {}'.format(
                         self._rhodecode_user.username, datetime.datetime.now())
                     payload = {
                         # 'channel': 'broadcast',
                         'type': 'message',
                         'timestamp': datetime.datetime.utcnow(),
                         'user': 'system',
                         'pm_users': [self._rhodecode_user.username],
                         'message': {
                             'message': message,
                             'level': 'info',
                             'topic': '/notifications'
                         }
                     }
                     registry = self.request.registry
                     rhodecode_plugins = getattr(registry, 'rhodecode_plugins', {})
                     channelstream_config = rhodecode_plugins.get('channelstream', {})
                     try:
                         channelstream_request(channelstream_config, [payload], '/message')
                     except ChannelstreamException as e:
                         log.exception('Failed to send channelstream data')
                         return {"response": 'ERROR: {}'.format(e.__class__.__name__)}
                     return {"response": 'Channelstream data sent. '
                                         'You should see a new live message now.'}
                 def _load_my_repos_data(self, watched=False):
                     if watched:
                         admin = False
                         follows_repos = Session().query(UserFollowing)\
                             .filter(UserFollowing.user_id == self._rhodecode_user.user_id)\
                             .options(joinedload(UserFollowing.follows_repository))\
                             .all()
                         repo_list = [x.follows_repository for x in follows_repos]
                     else:
                         admin = True
                         repo_list = Repository.get_all_repos(
                             user_id=self._rhodecode_user.user_id)
                         repo_list = RepoList(repo_list, perm_set=[
                             'repository.read', 'repository.write', 'repository.admin'])
                     repos_data = RepoModel().get_repos_as_dict(
                         repo_list=repo_list, admin=admin)
                     # json used to render the grid
                     return json.dumps(repos_data)
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_repos', request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_repos(self):
                     c = self.load_default_context()
                     c.active = 'repos'
                     # json used to render the grid
                     c.data = self._load_my_repos_data()
                     return self._get_template_context(c)
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_watched', request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_watched(self):
                     c = self.load_default_context()
                     c.active = 'watched'
                     # json used to render the grid
                     c.data = self._load_my_repos_data(watched=True)
                     return self._get_template_context(c)
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_perms', request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_perms(self):
                     c = self.load_default_context()
                     c.active = 'perms'
                     c.perm_user = c.auth_user
                     return self._get_template_context(c)
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_notifications', request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_notifications(self):
                     c = self.load_default_context()
                     c.active = 'notifications'
                     return self._get_template_context(c)
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 @view_config(
                     route_name='my_account_notifications_toggle_visibility',
                     request_method='POST', renderer='json_ext')
                 def my_notifications_toggle_visibility(self):
                     user = self._rhodecode_db_user
                     new_status = not user.user_data.get('notification_status', True)
                     user.update_userdata(notification_status=new_status)
                     Session().commit()
                     return user.user_data['notification_status']
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_edit',
                     request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_edit(self):
                     c = self.load_default_context()
                     c.active = 'profile_edit'
                     c.perm_user = c.auth_user
                     c.extern_type = c.user.extern_type
                     c.extern_name = c.user.extern_name
                     defaults = c.user.get_dict()
                     data = render('rhodecode:templates/admin/my_account/my_account.mako',
                                   self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 @view_config(
                     route_name='my_account_update',
                     request_method='POST',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'profile_edit'
                     c.perm_user = c.auth_user
                     c.extern_type = c.user.extern_type
                     c.extern_name = c.user.extern_name
                     _form = UserForm(edit=True,
                                      old_data={'user_id': self._rhodecode_user.user_id,
                                                'email': self._rhodecode_user.email})()
                     form_result = {}
                     try:
                         post_data = dict(self.request.POST)
                         post_data['new_password'] = ''
                         post_data['password_confirmation'] = ''
                         form_result = _form.to_python(post_data)
                         # skip updating those attrs for my account
                         skip_attrs = ['admin', 'active', 'extern_type', 'extern_name',
                                       'new_password', 'password_confirmation']
                         # TODO: plugin should define if username can be updated
                         if c.extern_type != "rhodecode":
                             # forbid updating username for external accounts
                             skip_attrs.append('username')
                         UserModel().update_user(
                             self._rhodecode_user.user_id, skip_attrs=skip_attrs,
                             **form_result)
                         h.flash(_('Your account was updated successfully'),
                                 category='success')
                         Session().commit()
                     except formencode.Invalid as errors:
                         data = render(
                             'rhodecode:templates/admin/my_account/my_account.mako',
                             self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False)
                         return Response(html)
                     except Exception:
                         log.exception("Exception updating user")
                         h.flash(_('Error occurred during update of user %s')
                                 % form_result.get('username'), category='error')
                         raise HTTPFound(h.route_path('my_account_profile'))
                     raise HTTPFound(h.route_path('my_account_profile'))
                 def _get_pull_requests_list(self, statuses):
                     draw, start, limit = self._extract_chunk(self.request)
                     search_q, order_by, order_dir = self._extract_ordering(self.request)
                     _render = self.request.get_partial_renderer(
                         'data_table/_dt_elements.mako')
                     pull_requests = PullRequestModel().get_im_participating_in(
                         user_id=self._rhodecode_user.user_id,
                         statuses=statuses,
                         offset=start, length=limit, order_by=order_by,
                         order_dir=order_dir)
                     pull_requests_total_count = PullRequestModel().count_im_participating_in(
                         user_id=self._rhodecode_user.user_id, statuses=statuses)
                     data = []
                     comments_model = CommentsModel()
                     for pr in pull_requests:
                         repo_id = pr.target_repo_id
                         comments = comments_model.get_all_comments(
                             repo_id, pull_request=pr)
                         owned = pr.user_id == self._rhodecode_user.user_id
                         data.append({
                             'target_repo': _render('pullrequest_target_repo',
                                                    pr.target_repo.repo_name),
                             'name': _render('pullrequest_name',
                                             pr.pull_request_id, pr.target_repo.repo_name,
                                             short=True),
                             'name_raw': pr.pull_request_id,
                             'status': _render('pullrequest_status',
                                               pr.calculated_review_status()),
                             'title': _render(
                                 'pullrequest_title', pr.title, pr.description),
                             'description': h.escape(pr.description),
                             'updated_on': _render('pullrequest_updated_on',
                                                   h.datetime_to_time(pr.updated_on)),
                             'updated_on_raw': h.datetime_to_time(pr.updated_on),
                             'created_on': _render('pullrequest_updated_on',
                                                   h.datetime_to_time(pr.created_on)),
                             'created_on_raw': h.datetime_to_time(pr.created_on),
                             'author': _render('pullrequest_author',
                                               pr.author.full_contact, ),
                             'author_raw': pr.author.full_name,
                             'comments': _render('pullrequest_comments', len(comments)),
                             'comments_raw': len(comments),
                             'closed': pr.is_closed(),
                             'owned': owned
                         })
                     # json used to render the grid
                     data = ({
                         'draw': draw,
                         'data': data,
                         'recordsTotal': pull_requests_total_count,
                         'recordsFiltered': pull_requests_total_count,
                     })
                     return data
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_pullrequests',
                     request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_pullrequests(self):
                     c = self.load_default_context()
                     c.active = 'pullrequests'
                     req_get = self.request.GET
                     c.closed = str2bool(req_get.get('pr_show_closed'))
                     return self._get_template_context(c)
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_pullrequests_data',
                     request_method='GET', renderer='json_ext')
                 def my_account_pullrequests_data(self):
                     req_get = self.request.GET
                     closed = str2bool(req_get.get('closed'))
                     statuses = [PullRequest.STATUS_NEW, PullRequest.STATUS_OPEN]
                     if closed:
                         statuses += [PullRequest.STATUS_CLOSED]
                     data = self._get_pull_requests_list(statuses=statuses)
                     return data

rhodecode/apps/repository/views/repo_commits.py

0 +1 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import collections
             from pyramid.httpexceptions import HTTPNotFound, HTTPBadRequest, HTTPFound
             from pyramid.view import view_config
             from pyramid.renderers import render
             from pyramid.response import Response
             from rhodecode.apps._base import RepoAppView
             from rhodecode.lib import diffs, codeblocks
             from rhodecode.lib.auth import (
                 LoginRequired, HasRepoPermissionAnyDecorator, NotAnonymous, CSRFRequired)
             from rhodecode.lib.compat import OrderedDict
             from rhodecode.lib.exceptions import StatusChangeOnClosedPullRequestError
             import rhodecode.lib.helpers as h
             from rhodecode.lib.utils2 import safe_unicode, safe_int
             from rhodecode.lib.vcs.backends.base import EmptyCommit
             from rhodecode.lib.vcs.exceptions import (
                 RepositoryError, CommitDoesNotExistError, NodeDoesNotExistError)
             from rhodecode.model.db import ChangesetComment, ChangesetStatus
             from rhodecode.model.changeset_status import ChangesetStatusModel
             from rhodecode.model.comment import CommentsModel
             from rhodecode.model.meta import Session
             log = logging.getLogger(__name__)
             def _update_with_GET(params, request):
                 for k in ['diff1', 'diff2', 'diff']:
                     params[k] += request.GET.getall(k)
             def get_ignore_ws(fid, request):
                 ig_ws_global = request.GET.get('ignorews')
                 ig_ws = filter(lambda k: k.startswith('WS'), request.GET.getall(fid))
                 if ig_ws:
                     try:
                         return int(ig_ws[0].split(':')[-1])
                     except Exception:
                         pass
                 return ig_ws_global
             def _ignorews_url(request, fileid=None):
                 _ = request.translate
                 fileid = str(fileid) if fileid else None
                 params = collections.defaultdict(list)
                 _update_with_GET(params, request)
                 label = _('Show whitespace')
                 tooltiplbl = _('Show whitespace for all diffs')
                 ig_ws = get_ignore_ws(fileid, request)
                 ln_ctx = get_line_ctx(fileid, request)
                 if ig_ws is None:
                     params['ignorews'] += [1]
                     label = _('Ignore whitespace')
                     tooltiplbl = _('Ignore whitespace for all diffs')
                 ctx_key = 'context'
                 ctx_val = ln_ctx
                 # if we have passed in ln_ctx pass it along to our params
                 if ln_ctx:
                     params[ctx_key] += [ctx_val]
                 if fileid:
                     params['anchor'] = 'a_' + fileid
                 return h.link_to(label, request.current_route_path(_query=params),
                                  title=tooltiplbl, class_='tooltip')
             def get_line_ctx(fid, request):
                 ln_ctx_global = request.GET.get('context')
                 if fid:
                     ln_ctx = filter(lambda k: k.startswith('C'), request.GET.getall(fid))
                 else:
                     _ln_ctx = filter(lambda k: k.startswith('C'), request.GET)
                     ln_ctx = request.GET.get(_ln_ctx[0]) if _ln_ctx else ln_ctx_global
                     if ln_ctx:
                         ln_ctx = [ln_ctx]
                 if ln_ctx:
                     retval = ln_ctx[0].split(':')[-1]
                 else:
                     retval = ln_ctx_global
                 try:
                     return int(retval)
                 except Exception:
                     return 3
             def _context_url(request, fileid=None):
                 """
                 Generates a url for context lines.
                 :param fileid:
                 """
                 _ = request.translate
                 fileid = str(fileid) if fileid else None
                 ig_ws = get_ignore_ws(fileid, request)
                 ln_ctx = (get_line_ctx(fileid, request) or 3) * 2
                 params = collections.defaultdict(list)
                 _update_with_GET(params, request)
                 if ln_ctx > 0:
                     params['context'] += [ln_ctx]
                 if ig_ws:
                     ig_ws_key = 'ignorews'
                     ig_ws_val = 1
                     params[ig_ws_key] += [ig_ws_val]
                 lbl = _('Increase context')
                 tooltiplbl = _('Increase context for all diffs')
                 if fileid:
                     params['anchor'] = 'a_' + fileid
                 return h.link_to(lbl, request.current_route_path(_query=params),
                                  title=tooltiplbl, class_='tooltip')
             class RepoCommitsView(RepoAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context(include_app_defaults=True)
                     # TODO(marcink): remove repo_info and use c.rhodecode_db_repo instead
                     c.repo_info = self.db_repo
                     c.rhodecode_repo = self.rhodecode_vcs_repo
                     self._register_global_c(c)
                     return c
                 def _commit(self, commit_id_range, method):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.ignorews_url = _ignorews_url
                     c.context_url = _context_url
                     c.fulldiff = self.request.GET.get('fulldiff')
                     # fetch global flags of ignore ws or context lines
                     context_lcl = get_line_ctx('', self.request)
                     ign_whitespace_lcl = get_ignore_ws('', self.request)
                     # diff_limit will cut off the whole diff if the limit is applied
                     # otherwise it will just hide the big files from the front-end
                     diff_limit = c.visual.cut_off_limit_diff
                     file_limit = c.visual.cut_off_limit_file
                     # get ranges of commit ids if preset
                     commit_range = commit_id_range.split('...')[:2]
                     try:
                         pre_load = ['affected_files', 'author', 'branch', 'date',
                                     'message', 'parents']
                         if len(commit_range) == 2:
                             commits = self.rhodecode_vcs_repo.get_commits(
                                 start_id=commit_range[0], end_id=commit_range[1],
                                 pre_load=pre_load)
                             commits = list(commits)
                         else:
                             commits = [self.rhodecode_vcs_repo.get_commit(
                                 commit_id=commit_id_range, pre_load=pre_load)]
                         c.commit_ranges = commits
                         if not c.commit_ranges:
                             raise RepositoryError(
                                 'The commit range returned an empty result')
                     except CommitDoesNotExistError:
                         msg = _('No such commit exists for this repository')
                         h.flash(msg, category='error')
                         raise HTTPNotFound()
                     except Exception:
                         log.exception("General failure")
                         raise HTTPNotFound()
                     c.changes = OrderedDict()
                     c.lines_added = 0
                     c.lines_deleted = 0
                     # auto collapse if we have more than limit
                     collapse_limit = diffs.DiffProcessor._collapse_commits_over
                     c.collapse_all_commits = len(c.commit_ranges) > collapse_limit
                     c.commit_statuses = ChangesetStatus.STATUSES
                     c.inline_comments = []
                     c.files = []
                     c.statuses = []
                     c.comments = []
                     c.unresolved_comments = []
                     if len(c.commit_ranges) == 1:
                         commit = c.commit_ranges[0]
                         c.comments = CommentsModel().get_comments(
                             self.db_repo.repo_id,
                             revision=commit.raw_id)
                         c.statuses.append(ChangesetStatusModel().get_status(
                             self.db_repo.repo_id, commit.raw_id))
                         # comments from PR
                         statuses = ChangesetStatusModel().get_statuses(
                             self.db_repo.repo_id, commit.raw_id,
                             with_revisions=True)
                         prs = set(st.pull_request for st in statuses
                                   if st.pull_request is not None)
                         # from associated statuses, check the pull requests, and
                         # show comments from them
                         for pr in prs:
                             c.comments.extend(pr.comments)
                         c.unresolved_comments = CommentsModel()\
                             .get_commit_unresolved_todos(commit.raw_id)
                     diff = None
                     # Iterate over ranges (default commit view is always one commit)
                     for commit in c.commit_ranges:
                         c.changes[commit.raw_id] = []
                         commit2 = commit
                         commit1 = commit.parents[0] if commit.parents else EmptyCommit()
                         _diff = self.rhodecode_vcs_repo.get_diff(
                             commit1, commit2,
                             ignore_whitespace=ign_whitespace_lcl, context=context_lcl)
                         diff_processor = diffs.DiffProcessor(
                             _diff, format='newdiff', diff_limit=diff_limit,
                             file_limit=file_limit, show_full_diff=c.fulldiff)
                         commit_changes = OrderedDict()
                         if method == 'show':
                             _parsed = diff_processor.prepare()
                             c.limited_diff = isinstance(_parsed, diffs.LimitedDiffContainer)
                             _parsed = diff_processor.prepare()
                             def _node_getter(commit):
                                 def get_node(fname):
                                     try:
                                         return commit.get_node(fname)
                                     except NodeDoesNotExistError:
                                         return None
                                 return get_node
                             inline_comments = CommentsModel().get_inline_comments(
                                 self.db_repo.repo_id, revision=commit.raw_id)
                             c.inline_cnt = CommentsModel().get_inline_comments_count(
                                 inline_comments)
                             diffset = codeblocks.DiffSet(
                                 repo_name=self.db_repo_name,
                                 source_node_getter=_node_getter(commit1),
                                 target_node_getter=_node_getter(commit2),
                                 comments=inline_comments)
                             diffset = diffset.render_patchset(
                                 _parsed, commit1.raw_id, commit2.raw_id)
                             c.changes[commit.raw_id] = diffset
                         else:
                             # downloads/raw we only need RAW diff nothing else
                             diff = diff_processor.as_raw()
                             c.changes[commit.raw_id] = [None, None, None, None, diff, None, None]
                     # sort comments by how they were generated
                     c.comments = sorted(c.comments, key=lambda x: x.comment_id)
                     if len(c.commit_ranges) == 1:
                         c.commit = c.commit_ranges[0]
                         c.parent_tmpl = ''.join(
                             '# Parent  %s\n' % x.raw_id for x in c.commit.parents)
                     if method == 'download':
                         response = Response(diff)
                         response.content_type = 'text/plain'
                         response.content_disposition = (
                             'attachment; filename=%s.diff' % commit_id_range[:12])
                         return response
                     elif method == 'patch':
                         c.diff = safe_unicode(diff)
                         patch = render(
                             'rhodecode:templates/changeset/patch_changeset.mako',
                             self._get_template_context(c), self.request)
                         response = Response(patch)
                         response.content_type = 'text/plain'
                         return response
                     elif method == 'raw':
                         response = Response(diff)
                         response.content_type = 'text/plain'
                         return response
                     elif method == 'show':
                         if len(c.commit_ranges) == 1:
                             html = render(
                                 'rhodecode:templates/changeset/changeset.mako',
                                 self._get_template_context(c), self.request)
                             return Response(html)
                         else:
                             c.ancestor = None
                             c.target_repo = self.db_repo
                             html = render(
                                 'rhodecode:templates/changeset/changeset_range.mako',
                                 self._get_template_context(c), self.request)
                             return Response(html)
                     raise HTTPBadRequest()
                 @LoginRequired()
                 @HasRepoPermissionAnyDecorator(
                     'repository.read', 'repository.write', 'repository.admin')
                 @view_config(
                     route_name='repo_commit', request_method='GET',
                     renderer=None)
                 def repo_commit_show(self):
                     commit_id = self.request.matchdict['commit_id']
                     return self._commit(commit_id, method='show')
                 @LoginRequired()
                 @HasRepoPermissionAnyDecorator(
                     'repository.read', 'repository.write', 'repository.admin')
                 @view_config(
                     route_name='repo_commit_raw', request_method='GET',
                     renderer=None)
                 @view_config(
                     route_name='repo_commit_raw_deprecated', request_method='GET',
                     renderer=None)
                 def repo_commit_raw(self):
                     commit_id = self.request.matchdict['commit_id']
                     return self._commit(commit_id, method='raw')
                 @LoginRequired()
                 @HasRepoPermissionAnyDecorator(
                     'repository.read', 'repository.write', 'repository.admin')
                 @view_config(
                     route_name='repo_commit_patch', request_method='GET',
                     renderer=None)
                 def repo_commit_patch(self):
                     commit_id = self.request.matchdict['commit_id']
                     return self._commit(commit_id, method='patch')
                 @LoginRequired()
                 @HasRepoPermissionAnyDecorator(
                     'repository.read', 'repository.write', 'repository.admin')
                 @view_config(
                     route_name='repo_commit_download', request_method='GET',
                     renderer=None)
                 def repo_commit_download(self):
                     commit_id = self.request.matchdict['commit_id']
                     return self._commit(commit_id, method='download')
                 @LoginRequired()
                 @NotAnonymous()
                 @HasRepoPermissionAnyDecorator(
                     'repository.read', 'repository.write', 'repository.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='repo_commit_comment_create', request_method='POST',
                     renderer='json_ext')
                 def repo_commit_comment_create(self):
                     _ = self.request.translate
                     commit_id = self.request.matchdict['commit_id']
                     c = self.load_default_context()
                     status = self.request.POST.get('changeset_status', None)
                     text = self.request.POST.get('text')
                     comment_type = self.request.POST.get('comment_type')
                     resolves_comment_id = self.request.POST.get('resolves_comment_id', None)
                     if status:
                         text = text or (_('Status change %(transition_icon)s %(status)s')
                                         % {'transition_icon': '>',
                                            'status': ChangesetStatus.get_status_lbl(status)})
                     multi_commit_ids = []
                     for _commit_id in self.request.POST.get('commit_ids', '').split(','):
                         if _commit_id not in ['', None, EmptyCommit.raw_id]:
                             if _commit_id not in multi_commit_ids:
                                 multi_commit_ids.append(_commit_id)
                     commit_ids = multi_commit_ids or [commit_id]
                     comment = None
                     for current_id in filter(None, commit_ids):
                         comment = CommentsModel().create(
                             text=text,
                             repo=self.db_repo.repo_id,
                             user=self._rhodecode_db_user.user_id,
                             commit_id=current_id,
                             f_path=self.request.POST.get('f_path'),
                             line_no=self.request.POST.get('line'),
                             status_change=(ChangesetStatus.get_status_lbl(status)
                                            if status else None),
                             status_change_type=status,
                             comment_type=comment_type,
                             resolves_comment_id=resolves_comment_id
                         )
                         # get status if set !
                         if status:
                             # if latest status was from pull request and it's closed
                             # disallow changing status !
                             # dont_allow_on_closed_pull_request = True !
                             try:
                                 ChangesetStatusModel().set_status(
                                     self.db_repo.repo_id,
                                     status,
                                     self._rhodecode_db_user.user_id,
                                     comment,
                                     revision=current_id,
                                     dont_allow_on_closed_pull_request=True
                                 )
                             except StatusChangeOnClosedPullRequestError:
                                 msg = _('Changing the status of a commit associated with '
                                         'a closed pull request is not allowed')
                                 log.exception(msg)
                                 h.flash(msg, category='warning')
                                 raise HTTPFound(h.route_path(
                                     'repo_commit', repo_name=self.db_repo_name,
                                     commit_id=current_id))
                     # finalize, commit and redirect
                     Session().commit()
                     data = {
                         'target_id': h.safeid(h.safe_unicode(
                             self.request.POST.get('f_path'))),
                     }
                     if comment:
                         c.co = comment
                         rendered_comment = render(
                             'rhodecode:templates/changeset/changeset_comment_block.mako',
                             self._get_template_context(c), self.request)
                         data.update(comment.get_dict())
                         data.update({'rendered_text': rendered_comment})
                     return data
                 @LoginRequired()
                 @NotAnonymous()
                 @HasRepoPermissionAnyDecorator(
                     'repository.read', 'repository.write', 'repository.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='repo_commit_comment_preview', request_method='POST',
                     renderer='string', xhr=True)
                 def repo_commit_comment_preview(self):
                     # Technically a CSRF token is not needed as no state changes with this
                     # call. However, as this is a POST is better to have it, so automated
                     # tools don't flag it as potential CSRF.
                     # Post is required because the payload could be bigger than the maximum
                     # allowed by GET.
                     text = self.request.POST.get('text')
                     renderer = self.request.POST.get('renderer') or 'rst'
                     if text:
                         return h.render(text, renderer=renderer, mentions=True)
                     return ''
                 @LoginRequired()
                 @NotAnonymous()
                 @HasRepoPermissionAnyDecorator(
                     'repository.read', 'repository.write', 'repository.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='repo_commit_comment_delete', request_method='POST',
                     renderer='json_ext')
                 def repo_commit_comment_delete(self):
                     commit_id = self.request.matchdict['commit_id']
                     comment_id = self.request.matchdict['comment_id']
-                    comment = ChangesetComment.get_or_404(safe_int(comment_id))
+                    comment = ChangesetComment.get_or_404(comment_id)
                     if not comment:
                         log.debug('Comment with id:%s not found, skipping', comment_id)
                         # comment already deleted in another call probably
                         return True
                     is_repo_admin = h.HasRepoPermissionAny('repository.admin')(self.db_repo_name)
                     super_admin = h.HasPermissionAny('hg.admin')()
                     comment_owner = (comment.author.user_id == self._rhodecode_db_user.user_id)
                     is_repo_comment = comment.repo.repo_name == self.db_repo_name
                     comment_repo_admin = is_repo_admin and is_repo_comment
                     if super_admin or comment_owner or comment_repo_admin:
                         CommentsModel().delete(comment=comment, user=self._rhodecode_db_user)
                         Session().commit()
                         return True
                     else:
                         log.warning('No permissions for user %s to delete comment_id: %s',
                                     self._rhodecode_db_user, comment_id)
                         raise HTTPNotFound()
                 @LoginRequired()
                 @HasRepoPermissionAnyDecorator(
                     'repository.read', 'repository.write', 'repository.admin')
                 @view_config(
                     route_name='repo_commit_data', request_method='GET',
                     renderer='json_ext', xhr=True)
                 def repo_commit_data(self):
                     commit_id = self.request.matchdict['commit_id']
                     self.load_default_context()
                     try:
                         return self.rhodecode_vcs_repo.get_commit(commit_id=commit_id)
                     except CommitDoesNotExistError as e:
                         return EmptyCommit(message=str(e))
                 @LoginRequired()
                 @HasRepoPermissionAnyDecorator(
                     'repository.read', 'repository.write', 'repository.admin')
                 @view_config(
                     route_name='repo_commit_children', request_method='GET',
                     renderer='json_ext', xhr=True)
                 def repo_commit_children(self):
                     commit_id = self.request.matchdict['commit_id']
                     self.load_default_context()
                     commit = self.rhodecode_vcs_repo.get_commit(commit_id=commit_id)
                     result = {"results": commit.children}
                     return result
                 @LoginRequired()
                 @HasRepoPermissionAnyDecorator(
                     'repository.read', 'repository.write', 'repository.admin')
                 @view_config(
                     route_name='repo_commit_parents', request_method='GET',
                     renderer='json_ext')
                 def repo_commit_parents(self):
                     commit_id = self.request.matchdict['commit_id']
                     self.load_default_context()
                     commit = self.rhodecode_vcs_repo.get_commit(commit_id=commit_id)
                     result = {"results": commit.parents}
                     return result

rhodecode/controllers/pullrequests.py

0 +1 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2012-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             pull requests controller for rhodecode for initializing pull requests
             """
             import peppercorn
             import formencode
             import logging
             import collections
             from webob.exc import HTTPNotFound, HTTPForbidden, HTTPBadRequest
             from pylons import request, tmpl_context as c, url
             from pylons.controllers.util import redirect
             from pylons.i18n.translation import _
             from pyramid.threadlocal import get_current_registry
             from pyramid.httpexceptions import HTTPFound
             from sqlalchemy.sql import func
             from sqlalchemy.sql.expression import or_
             from rhodecode import events
             from rhodecode.lib import auth, diffs, helpers as h, codeblocks
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.base import (
                 BaseRepoController, render, vcs_operation_context)
             from rhodecode.lib.auth import (
                 LoginRequired, HasRepoPermissionAnyDecorator, NotAnonymous,
                 HasAcceptedRepoType, XHRRequired)
             from rhodecode.lib.channelstream import channelstream_request
             from rhodecode.lib.utils import jsonify
             from rhodecode.lib.utils2 import (
                 safe_int, safe_str, str2bool, safe_unicode)
             from rhodecode.lib.vcs.backends.base import (
                 EmptyCommit, UpdateFailureReason, EmptyRepository)
             from rhodecode.lib.vcs.exceptions import (
                 EmptyRepositoryError, CommitDoesNotExistError, RepositoryRequirementError,
                 NodeDoesNotExistError)
             from rhodecode.model.changeset_status import ChangesetStatusModel
             from rhodecode.model.comment import CommentsModel
             from rhodecode.model.db import (PullRequest, ChangesetStatus, ChangesetComment,
                 Repository, PullRequestVersion)
             from rhodecode.model.forms import PullRequestForm
             from rhodecode.model.meta import Session
             from rhodecode.model.pull_request import PullRequestModel, MergeCheck
             log = logging.getLogger(__name__)
             class PullrequestsController(BaseRepoController):
                 def __before__(self):
                     super(PullrequestsController, self).__before__()
                     c.REVIEW_STATUS_APPROVED = ChangesetStatus.STATUS_APPROVED
                     c.REVIEW_STATUS_REJECTED = ChangesetStatus.STATUS_REJECTED
                 @LoginRequired()
                 @NotAnonymous()
                 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                                'repository.admin')
                 @HasAcceptedRepoType('git', 'hg')
                 def index(self):
                     source_repo = c.rhodecode_db_repo
                     try:
                         source_repo.scm_instance().get_commit()
                     except EmptyRepositoryError:
                         h.flash(h.literal(_('There are no commits yet')),
                                 category='warning')
                         redirect(h.route_path('repo_summary', repo_name=source_repo.repo_name))
                     commit_id = request.GET.get('commit')
                     branch_ref = request.GET.get('branch')
                     bookmark_ref = request.GET.get('bookmark')
                     try:
                         source_repo_data = PullRequestModel().generate_repo_data(
                             source_repo, commit_id=commit_id,
                             branch=branch_ref, bookmark=bookmark_ref)
                     except CommitDoesNotExistError as e:
                         log.exception(e)
                         h.flash(_('Commit does not exist'), 'error')
                         redirect(url('pullrequest_home', repo_name=source_repo.repo_name))
                     default_target_repo = source_repo
                     if source_repo.parent:
                         parent_vcs_obj = source_repo.parent.scm_instance()
                         if parent_vcs_obj and not parent_vcs_obj.is_empty():
                             # change default if we have a parent repo
                             default_target_repo = source_repo.parent
                     target_repo_data = PullRequestModel().generate_repo_data(
                         default_target_repo)
                     selected_source_ref = source_repo_data['refs']['selected_ref']
                     title_source_ref = selected_source_ref.split(':', 2)[1]
                     c.default_title = PullRequestModel().generate_pullrequest_title(
                         source=source_repo.repo_name,
                         source_ref=title_source_ref,
                         target=default_target_repo.repo_name
                     )
                     c.default_repo_data = {
                         'source_repo_name': source_repo.repo_name,
                         'source_refs_json': json.dumps(source_repo_data),
                         'target_repo_name': default_target_repo.repo_name,
                         'target_refs_json': json.dumps(target_repo_data),
                     }
                     c.default_source_ref = selected_source_ref
                     return render('/pullrequests/pullrequest.mako')
                 @LoginRequired()
                 @NotAnonymous()
                 @XHRRequired()
                 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                                'repository.admin')
                 @jsonify
                 def get_repo_refs(self, repo_name, target_repo_name):
                     repo = Repository.get_by_repo_name(target_repo_name)
                     if not repo:
                         raise HTTPNotFound
                     return PullRequestModel().generate_repo_data(repo)
                 @LoginRequired()
                 @NotAnonymous()
                 @XHRRequired()
                 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                                'repository.admin')
                 @jsonify
                 def get_repo_destinations(self, repo_name):
                     repo = Repository.get_by_repo_name(repo_name)
                     if not repo:
                         raise HTTPNotFound
                     filter_query = request.GET.get('query')
                     query = Repository.query() \
                         .order_by(func.length(Repository.repo_name)) \
                         .filter(or_(
                         Repository.repo_name == repo.repo_name,
                         Repository.fork_id == repo.repo_id))
                     if filter_query:
                         ilike_expression = u'%{}%'.format(safe_unicode(filter_query))
                         query = query.filter(
                             Repository.repo_name.ilike(ilike_expression))
                     add_parent = False
                     if repo.parent:
                         if filter_query in repo.parent.repo_name:
                             parent_vcs_obj = repo.parent.scm_instance()
                             if parent_vcs_obj and not parent_vcs_obj.is_empty():
                                 add_parent = True
                     limit = 20 - 1 if add_parent else 20
                     all_repos = query.limit(limit).all()
                     if add_parent:
                         all_repos += [repo.parent]
                     repos = []
                     for obj in self.scm_model.get_repos(all_repos):
                         repos.append({
                             'id': obj['name'],
                             'text': obj['name'],
                             'type': 'repo',
                             'obj': obj['dbrepo']
                         })
                     data = {
                         'more': False,
                         'results': [{
                             'text': _('Repositories'),
                             'children': repos
                         }] if repos else []
                     }
                     return data
                 @LoginRequired()
                 @NotAnonymous()
                 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                                'repository.admin')
                 @HasAcceptedRepoType('git', 'hg')
                 @auth.CSRFRequired()
                 def create(self, repo_name):
                     repo = Repository.get_by_repo_name(repo_name)
                     if not repo:
                         raise HTTPNotFound
                     controls = peppercorn.parse(request.POST.items())
                     try:
                         _form = PullRequestForm(repo.repo_id)().to_python(controls)
                     except formencode.Invalid as errors:
                         if errors.error_dict.get('revisions'):
                             msg = 'Revisions: %s' % errors.error_dict['revisions']
                         elif errors.error_dict.get('pullrequest_title'):
                             msg = _('Pull request requires a title with min. 3 chars')
                         else:
                             msg = _('Error creating pull request: {}').format(errors)
                         log.exception(msg)
                         h.flash(msg, 'error')
                         # would rather just go back to form ...
                         return redirect(url('pullrequest_home', repo_name=repo_name))
                     source_repo = _form['source_repo']
                     source_ref = _form['source_ref']
                     target_repo = _form['target_repo']
                     target_ref = _form['target_ref']
                     commit_ids = _form['revisions'][::-1]
                     # find the ancestor for this pr
                     source_db_repo = Repository.get_by_repo_name(_form['source_repo'])
                     target_db_repo = Repository.get_by_repo_name(_form['target_repo'])
                     source_scm = source_db_repo.scm_instance()
                     target_scm = target_db_repo.scm_instance()
                     source_commit = source_scm.get_commit(source_ref.split(':')[-1])
                     target_commit = target_scm.get_commit(target_ref.split(':')[-1])
                     ancestor = source_scm.get_common_ancestor(
                         source_commit.raw_id, target_commit.raw_id, target_scm)
                     target_ref_type, target_ref_name, __ = _form['target_ref'].split(':')
                     target_ref = ':'.join((target_ref_type, target_ref_name, ancestor))
                     pullrequest_title = _form['pullrequest_title']
                     title_source_ref = source_ref.split(':', 2)[1]
                     if not pullrequest_title:
                         pullrequest_title = PullRequestModel().generate_pullrequest_title(
                             source=source_repo,
                             source_ref=title_source_ref,
                             target=target_repo
                         )
                     description = _form['pullrequest_desc']
                     get_default_reviewers_data, validate_default_reviewers = \
                         PullRequestModel().get_reviewer_functions()
                     # recalculate reviewers logic, to make sure we can validate this
                     reviewer_rules = get_default_reviewers_data(
                         c.rhodecode_user.get_instance(), source_db_repo,
                         source_commit, target_db_repo, target_commit)
                     given_reviewers = _form['review_members']
                     reviewers = validate_default_reviewers(given_reviewers, reviewer_rules)
                     try:
                         pull_request = PullRequestModel().create(
                             c.rhodecode_user.user_id, source_repo, source_ref, target_repo,
                             target_ref, commit_ids, reviewers, pullrequest_title,
                             description, reviewer_rules
                         )
                         Session().commit()
                         h.flash(_('Successfully opened new pull request'),
                                 category='success')
                     except Exception as e:
                         msg = _('Error occurred during creation of this pull request.')
                         log.exception(msg)
                         h.flash(msg, category='error')
                         return redirect(url('pullrequest_home', repo_name=repo_name))
                     raise HTTPFound(
                         h.route_path('pullrequest_show', repo_name=target_repo,
                                      pull_request_id=pull_request.pull_request_id))
                 @LoginRequired()
                 @NotAnonymous()
                 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                                'repository.admin')
                 @auth.CSRFRequired()
                 @jsonify
                 def update(self, repo_name, pull_request_id):
                     pull_request_id = safe_int(pull_request_id)
                     pull_request = PullRequest.get_or_404(pull_request_id)
                     # only owner or admin can update it
                     allowed_to_update = PullRequestModel().check_user_update(
                         pull_request, c.rhodecode_user)
                     if allowed_to_update:
                         controls = peppercorn.parse(request.POST.items())
                         if 'review_members' in controls:
                             self._update_reviewers(
                                 pull_request_id, controls['review_members'],
                                 pull_request.reviewer_data)
                         elif str2bool(request.POST.get('update_commits', 'false')):
                             self._update_commits(pull_request)
                         elif str2bool(request.POST.get('edit_pull_request', 'false')):
                             self._edit_pull_request(pull_request)
                         else:
                             raise HTTPBadRequest()
                         return True
                     raise HTTPForbidden()
                 def _edit_pull_request(self, pull_request):
                     try:
                         PullRequestModel().edit(
                             pull_request, request.POST.get('title'),
                             request.POST.get('description'), c.rhodecode_user)
                     except ValueError:
                         msg = _(u'Cannot update closed pull requests.')
                         h.flash(msg, category='error')
                         return
                     else:
                         Session().commit()
                     msg = _(u'Pull request title & description updated.')
                     h.flash(msg, category='success')
                     return
                 def _update_commits(self, pull_request):
                     resp = PullRequestModel().update_commits(pull_request)
                     if resp.executed:
                         if resp.target_changed and resp.source_changed:
                             changed = 'target and source repositories'
                         elif resp.target_changed and not resp.source_changed:
                             changed = 'target repository'
                         elif not resp.target_changed and resp.source_changed:
                             changed = 'source repository'
                         else:
                             changed = 'nothing'
                         msg = _(
                             u'Pull request updated to "{source_commit_id}" with '
                             u'{count_added} added, {count_removed} removed commits. '
                             u'Source of changes: {change_source}')
                         msg = msg.format(
                             source_commit_id=pull_request.source_ref_parts.commit_id,
                             count_added=len(resp.changes.added),
                             count_removed=len(resp.changes.removed),
                             change_source=changed)
                         h.flash(msg, category='success')
                         registry = get_current_registry()
                         rhodecode_plugins = getattr(registry, 'rhodecode_plugins', {})
                         channelstream_config = rhodecode_plugins.get('channelstream', {})
                         if channelstream_config.get('enabled'):
                             message = msg + (
                                 ' - <a onclick="window.location.reload()">'
                                 '<strong>{}</strong></a>'.format(_('Reload page')))
                             channel = '/repo${}$/pr/{}'.format(
                                 pull_request.target_repo.repo_name,
                                 pull_request.pull_request_id
                             )
                             payload = {
                                 'type': 'message',
                                 'user': 'system',
                                 'exclude_users': [request.user.username],
                                 'channel': channel,
                                 'message': {
                                     'message': message,
                                     'level': 'success',
                                     'topic': '/notifications'
                                 }
                             }
                             channelstream_request(
                                 channelstream_config, [payload], '/message',
                                 raise_exc=False)
                     else:
                         msg = PullRequestModel.UPDATE_STATUS_MESSAGES[resp.reason]
                         warning_reasons = [
                             UpdateFailureReason.NO_CHANGE,
                             UpdateFailureReason.WRONG_REF_TYPE,
                         ]
                         category = 'warning' if resp.reason in warning_reasons else 'error'
                         h.flash(msg, category=category)
                 @auth.CSRFRequired()
                 @LoginRequired()
                 @NotAnonymous()
                 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                                'repository.admin')
                 def merge(self, repo_name, pull_request_id):
                     """
                     POST /{repo_name}/pull-request/{pull_request_id}
                     Merge will perform a server-side merge of the specified
                     pull request, if the pull request is approved and mergeable.
                     After successful merging, the pull request is automatically
                     closed, with a relevant comment.
                     """
                     pull_request_id = safe_int(pull_request_id)
                     pull_request = PullRequest.get_or_404(pull_request_id)
                     user = c.rhodecode_user
                     check = MergeCheck.validate(pull_request, user)
                     merge_possible = not check.failed
                     for err_type, error_msg in check.errors:
                         h.flash(error_msg, category=err_type)
                     if merge_possible:
                         log.debug("Pre-conditions checked, trying to merge.")
                         extras = vcs_operation_context(
                             request.environ, repo_name=pull_request.target_repo.repo_name,
                             username=user.username, action='push',
                             scm=pull_request.target_repo.repo_type)
                         self._merge_pull_request(pull_request, user, extras)
                     raise HTTPFound(
                         h.route_path('pullrequest_show',
                                      repo_name=pull_request.target_repo.repo_name,
                                      pull_request_id=pull_request.pull_request_id))
                 def _merge_pull_request(self, pull_request, user, extras):
                     merge_resp = PullRequestModel().merge(
                         pull_request, user, extras=extras)
                     if merge_resp.executed:
                         log.debug("The merge was successful, closing the pull request.")
                         PullRequestModel().close_pull_request(
                             pull_request.pull_request_id, user)
                         Session().commit()
                         msg = _('Pull request was successfully merged and closed.')
                         h.flash(msg, category='success')
                     else:
                         log.debug(
                             "The merge was not successful. Merge response: %s",
                             merge_resp)
                         msg = PullRequestModel().merge_status_message(
                             merge_resp.failure_reason)
                         h.flash(msg, category='error')
                 def _update_reviewers(self, pull_request_id, review_members, reviewer_rules):
                     get_default_reviewers_data, validate_default_reviewers = \
                         PullRequestModel().get_reviewer_functions()
                     try:
                         reviewers = validate_default_reviewers(review_members, reviewer_rules)
                     except ValueError as e:
                         log.error('Reviewers Validation: {}'.format(e))
                         h.flash(e, category='error')
                         return
                     PullRequestModel().update_reviewers(
                         pull_request_id, reviewers, c.rhodecode_user)
                     h.flash(_('Pull request reviewers updated.'), category='success')
                     Session().commit()
                 @LoginRequired()
                 @NotAnonymous()
                 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                                'repository.admin')
                 @auth.CSRFRequired()
                 @jsonify
                 def delete(self, repo_name, pull_request_id):
                     pull_request_id = safe_int(pull_request_id)
                     pull_request = PullRequest.get_or_404(pull_request_id)
                     pr_closed = pull_request.is_closed()
                     allowed_to_delete = PullRequestModel().check_user_delete(
                         pull_request, c.rhodecode_user) and not pr_closed
                     # only owner can delete it !
                     if allowed_to_delete:
                         PullRequestModel().delete(pull_request, c.rhodecode_user)
                         Session().commit()
                         h.flash(_('Successfully deleted pull request'),
                                 category='success')
                         return redirect(url('my_account_pullrequests'))
                     h.flash(_('Your are not allowed to delete this pull request'),
                             category='error')
                     raise HTTPForbidden()
                 def _get_pr_version(self, pull_request_id, version=None):
                     pull_request_id = safe_int(pull_request_id)
                     at_version = None
                     if version and version == 'latest':
                         pull_request_ver = PullRequest.get(pull_request_id)
                         pull_request_obj = pull_request_ver
                         _org_pull_request_obj = pull_request_obj
                         at_version = 'latest'
                     elif version:
                         pull_request_ver = PullRequestVersion.get_or_404(version)
                         pull_request_obj = pull_request_ver
                         _org_pull_request_obj = pull_request_ver.pull_request
                         at_version = pull_request_ver.pull_request_version_id
                     else:
                         _org_pull_request_obj = pull_request_obj = PullRequest.get_or_404(
                             pull_request_id)
                     pull_request_display_obj = PullRequest.get_pr_display_object(
                         pull_request_obj, _org_pull_request_obj)
                     return _org_pull_request_obj, pull_request_obj, \
                            pull_request_display_obj, at_version
                 def _get_diffset(
                         self, source_repo, source_ref_id, target_ref_id, target_commit,
                         source_commit, diff_limit, file_limit, display_inline_comments):
                     vcs_diff = PullRequestModel().get_diff(
                         source_repo, source_ref_id, target_ref_id)
                     diff_processor = diffs.DiffProcessor(
                         vcs_diff, format='newdiff', diff_limit=diff_limit,
                         file_limit=file_limit, show_full_diff=c.fulldiff)
                     _parsed = diff_processor.prepare()
                     def _node_getter(commit):
                         def get_node(fname):
                             try:
                                 return commit.get_node(fname)
                             except NodeDoesNotExistError:
                                 return None
                         return get_node
                     diffset = codeblocks.DiffSet(
                         repo_name=c.repo_name,
                         source_repo_name=c.source_repo.repo_name,
                         source_node_getter=_node_getter(target_commit),
                         target_node_getter=_node_getter(source_commit),
                         comments=display_inline_comments
                     )
                     diffset = diffset.render_patchset(
                         _parsed, target_commit.raw_id, source_commit.raw_id)
                     return diffset
                 @LoginRequired()
                 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                                'repository.admin')
                 def show(self, repo_name, pull_request_id):
                     pull_request_id = safe_int(pull_request_id)
                     version = request.GET.get('version')
                     from_version = request.GET.get('from_version') or version
                     merge_checks = request.GET.get('merge_checks')
                     c.fulldiff = str2bool(request.GET.get('fulldiff'))
                     (pull_request_latest,
                      pull_request_at_ver,
                      pull_request_display_obj,
                      at_version) = self._get_pr_version(
                         pull_request_id, version=version)
                     pr_closed = pull_request_latest.is_closed()
                     if pr_closed and (version or from_version):
                         # not allow to browse versions
                         return redirect(h.url('pullrequest_show', repo_name=repo_name,
                                               pull_request_id=pull_request_id))
                     versions = pull_request_display_obj.versions()
                     c.at_version = at_version
                     c.at_version_num = (at_version
                                         if at_version and at_version != 'latest'
                                         else None)
                     c.at_version_pos = ChangesetComment.get_index_from_version(
                         c.at_version_num, versions)
                     (prev_pull_request_latest,
                      prev_pull_request_at_ver,
                      prev_pull_request_display_obj,
                      prev_at_version) = self._get_pr_version(
                         pull_request_id, version=from_version)
                     c.from_version = prev_at_version
                     c.from_version_num = (prev_at_version
                                           if prev_at_version and prev_at_version != 'latest'
                                           else None)
                     c.from_version_pos = ChangesetComment.get_index_from_version(
                         c.from_version_num, versions)
                     # define if we're in COMPARE mode or VIEW at version mode
                     compare = at_version != prev_at_version
                     # pull_requests repo_name we opened it against
                     # ie. target_repo must match
                     if repo_name != pull_request_at_ver.target_repo.repo_name:
                         raise HTTPNotFound
                     c.shadow_clone_url = PullRequestModel().get_shadow_clone_url(
                         pull_request_at_ver)
                     c.pull_request = pull_request_display_obj
                     c.pull_request_latest = pull_request_latest
                     if compare or (at_version and not at_version == 'latest'):
                         c.allowed_to_change_status = False
                         c.allowed_to_update = False
                         c.allowed_to_merge = False
                         c.allowed_to_delete = False
                         c.allowed_to_comment = False
                         c.allowed_to_close = False
                     else:
                         can_change_status = PullRequestModel().check_user_change_status(
                             pull_request_at_ver, c.rhodecode_user)
                         c.allowed_to_change_status = can_change_status and not pr_closed
                         c.allowed_to_update = PullRequestModel().check_user_update(
                             pull_request_latest, c.rhodecode_user) and not pr_closed
                         c.allowed_to_merge = PullRequestModel().check_user_merge(
                             pull_request_latest, c.rhodecode_user) and not pr_closed
                         c.allowed_to_delete = PullRequestModel().check_user_delete(
                             pull_request_latest, c.rhodecode_user) and not pr_closed
                         c.allowed_to_comment = not pr_closed
                         c.allowed_to_close = c.allowed_to_merge and not pr_closed
                     c.forbid_adding_reviewers = False
                     c.forbid_author_to_review = False
                     c.forbid_commit_author_to_review = False
                     if pull_request_latest.reviewer_data and \
                                     'rules' in pull_request_latest.reviewer_data:
                         rules = pull_request_latest.reviewer_data['rules'] or {}
                         try:
                             c.forbid_adding_reviewers = rules.get(
                                 'forbid_adding_reviewers')
                             c.forbid_author_to_review = rules.get(
                                 'forbid_author_to_review')
                             c.forbid_commit_author_to_review = rules.get(
                                 'forbid_commit_author_to_review')
                         except Exception:
                             pass
                     # check merge capabilities
                     _merge_check = MergeCheck.validate(
                         pull_request_latest, user=c.rhodecode_user)
                     c.pr_merge_errors = _merge_check.error_details
                     c.pr_merge_possible = not _merge_check.failed
                     c.pr_merge_message = _merge_check.merge_msg
                     c.pull_request_review_status = _merge_check.review_status
                     if merge_checks:
                         return render('/pullrequests/pullrequest_merge_checks.mako')
                     comments_model = CommentsModel()
                     # reviewers and statuses
                     c.pull_request_reviewers = pull_request_at_ver.reviewers_statuses()
                     allowed_reviewers = [x[0].user_id for x in c.pull_request_reviewers]
                     # GENERAL COMMENTS with versions #
                     q = comments_model._all_general_comments_of_pull_request(pull_request_latest)
                     q = q.order_by(ChangesetComment.comment_id.asc())
                     general_comments = q
                     # pick comments we want to render at current version
                     c.comment_versions = comments_model.aggregate_comments(
                         general_comments, versions, c.at_version_num)
                     c.comments = c.comment_versions[c.at_version_num]['until']
                     # INLINE COMMENTS with versions  #
                     q = comments_model._all_inline_comments_of_pull_request(pull_request_latest)
                     q = q.order_by(ChangesetComment.comment_id.asc())
                     inline_comments = q
                     c.inline_versions = comments_model.aggregate_comments(
                         inline_comments, versions, c.at_version_num, inline=True)
                     # inject latest version
                     latest_ver = PullRequest.get_pr_display_object(
                         pull_request_latest, pull_request_latest)
                     c.versions = versions + [latest_ver]
                     # if we use version, then do not show later comments
                     # than current version
                     display_inline_comments = collections.defaultdict(
                         lambda: collections.defaultdict(list))
                     for co in inline_comments:
                         if c.at_version_num:
                             # pick comments that are at least UPTO given version, so we
                             # don't render comments for higher version
                             should_render = co.pull_request_version_id and \
                                             co.pull_request_version_id <= c.at_version_num
                         else:
                             # showing all, for 'latest'
                             should_render = True
                         if should_render:
                             display_inline_comments[co.f_path][co.line_no].append(co)
                     # load diff data into template context, if we use compare mode then
                     # diff is calculated based on changes between versions of PR
                     source_repo = pull_request_at_ver.source_repo
                     source_ref_id = pull_request_at_ver.source_ref_parts.commit_id
                     target_repo = pull_request_at_ver.target_repo
                     target_ref_id = pull_request_at_ver.target_ref_parts.commit_id
                     if compare:
                         # in compare switch the diff base to latest commit from prev version
                         target_ref_id = prev_pull_request_display_obj.revisions[0]
                     # despite opening commits for bookmarks/branches/tags, we always
                     # convert this to rev to prevent changes after bookmark or branch change
                     c.source_ref_type = 'rev'
                     c.source_ref = source_ref_id
                     c.target_ref_type = 'rev'
                     c.target_ref = target_ref_id
                     c.source_repo = source_repo
                     c.target_repo = target_repo
                     # diff_limit is the old behavior, will cut off the whole diff
                     # if the limit is applied  otherwise will just hide the
                     # big files from the front-end
                     diff_limit = self.cut_off_limit_diff
                     file_limit = self.cut_off_limit_file
                     c.commit_ranges = []
                     source_commit = EmptyCommit()
                     target_commit = EmptyCommit()
                     c.missing_requirements = False
                     source_scm = source_repo.scm_instance()
                     target_scm = target_repo.scm_instance()
                     # try first shadow repo, fallback to regular repo
                     try:
                         commits_source_repo = pull_request_latest.get_shadow_repo()
                     except Exception:
                         log.debug('Failed to get shadow repo', exc_info=True)
                         commits_source_repo = source_scm
                     c.commits_source_repo = commits_source_repo
                     commit_cache = {}
                     try:
                         pre_load = ["author", "branch", "date", "message"]
                         show_revs = pull_request_at_ver.revisions
                         for rev in show_revs:
                             comm = commits_source_repo.get_commit(
                                 commit_id=rev, pre_load=pre_load)
                             c.commit_ranges.append(comm)
                             commit_cache[comm.raw_id] = comm
                         # Order here matters, we first need to get target, and then
                         # the source
                         target_commit = commits_source_repo.get_commit(
                             commit_id=safe_str(target_ref_id))
                         source_commit = commits_source_repo.get_commit(
                             commit_id=safe_str(source_ref_id))
                     except CommitDoesNotExistError:
                         log.warning(
                             'Failed to get commit from `{}` repo'.format(
                                 commits_source_repo), exc_info=True)
                     except RepositoryRequirementError:
                         log.warning(
                             'Failed to get all required data from repo', exc_info=True)
                         c.missing_requirements = True
                     c.ancestor = None  # set it to None, to hide it from PR view
                     try:
                         ancestor_id = source_scm.get_common_ancestor(
                             source_commit.raw_id, target_commit.raw_id, target_scm)
                         c.ancestor_commit = source_scm.get_commit(ancestor_id)
                     except Exception:
                         c.ancestor_commit = None
                     c.statuses = source_repo.statuses(
                         [x.raw_id for x in c.commit_ranges])
                     # auto collapse if we have more than limit
                     collapse_limit = diffs.DiffProcessor._collapse_commits_over
                     c.collapse_all_commits = len(c.commit_ranges) > collapse_limit
                     c.compare_mode = compare
                     c.missing_commits = False
                     if (c.missing_requirements or isinstance(source_commit, EmptyCommit)
                         or source_commit == target_commit):
                         c.missing_commits = True
                     else:
                         c.diffset = self._get_diffset(
                             commits_source_repo, source_ref_id, target_ref_id,
                             target_commit, source_commit,
                             diff_limit, file_limit, display_inline_comments)
                         c.limited_diff = c.diffset.limited_diff
                         # calculate removed files that are bound to comments
                         comment_deleted_files = [
                             fname for fname in display_inline_comments
                             if fname not in c.diffset.file_stats]
                         c.deleted_files_comments = collections.defaultdict(dict)
                         for fname, per_line_comments in display_inline_comments.items():
                             if fname in comment_deleted_files:
                                 c.deleted_files_comments[fname]['stats'] = 0
                                 c.deleted_files_comments[fname]['comments'] = list()
                                 for lno, comments in per_line_comments.items():
                                     c.deleted_files_comments[fname]['comments'].extend(
                                         comments)
                     # this is a hack to properly display links, when creating PR, the
                     # compare view and others uses different notation, and
                     # compare_commits.mako renders links based on the target_repo.
                     # We need to swap that here to generate it properly on the html side
                     c.target_repo = c.source_repo
                     c.commit_statuses = ChangesetStatus.STATUSES
                     c.show_version_changes = not pr_closed
                     if c.show_version_changes:
                         cur_obj = pull_request_at_ver
                         prev_obj = prev_pull_request_at_ver
                         old_commit_ids = prev_obj.revisions
                         new_commit_ids = cur_obj.revisions
                         commit_changes = PullRequestModel()._calculate_commit_id_changes(
                             old_commit_ids, new_commit_ids)
                         c.commit_changes_summary = commit_changes
                         # calculate the diff for commits between versions
                         c.commit_changes = []
                         mark = lambda cs, fw: list(
                             h.itertools.izip_longest([], cs, fillvalue=fw))
                         for c_type, raw_id in mark(commit_changes.added, 'a') \
                                             + mark(commit_changes.removed, 'r') \
                                             + mark(commit_changes.common, 'c'):
                             if raw_id in commit_cache:
                                 commit = commit_cache[raw_id]
                             else:
                                 try:
                                     commit = commits_source_repo.get_commit(raw_id)
                                 except CommitDoesNotExistError:
                                     # in case we fail extracting still use "dummy" commit
                                     # for display in commit diff
                                     commit = h.AttributeDict(
                                         {'raw_id': raw_id,
                                          'message': 'EMPTY or MISSING COMMIT'})
                             c.commit_changes.append([c_type, commit])
                         # current user review statuses for each version
                         c.review_versions = {}
                         if c.rhodecode_user.user_id in allowed_reviewers:
                             for co in general_comments:
                                 if co.author.user_id == c.rhodecode_user.user_id:
                                     # each comment has a status change
                                     status = co.status_change
                                     if status:
                                         _ver_pr = status[0].comment.pull_request_version_id
                                         c.review_versions[_ver_pr] = status[0]
                     return render('/pullrequests/pullrequest_show.mako')
                 @LoginRequired()
                 @NotAnonymous()
                 @HasRepoPermissionAnyDecorator(
                     'repository.read', 'repository.write', 'repository.admin')
                 @auth.CSRFRequired()
                 @jsonify
                 def comment(self, repo_name, pull_request_id):
                     pull_request_id = safe_int(pull_request_id)
                     pull_request = PullRequest.get_or_404(pull_request_id)
                     if pull_request.is_closed():
                         log.debug('comment: forbidden because pull request is closed')
                         raise HTTPForbidden()
                     status = request.POST.get('changeset_status', None)
                     text = request.POST.get('text')
                     comment_type = request.POST.get('comment_type')
                     resolves_comment_id = request.POST.get('resolves_comment_id', None)
                     close_pull_request = request.POST.get('close_pull_request')
                     # the logic here should work like following, if we submit close
                     # pr comment, use `close_pull_request_with_comment` function
                     # else handle regular comment logic
                     user = c.rhodecode_user
                     repo = c.rhodecode_db_repo
                     if close_pull_request:
                         # only owner or admin or person with write permissions
                         allowed_to_close = PullRequestModel().check_user_update(
                             pull_request, c.rhodecode_user)
                         if not allowed_to_close:
                             log.debug('comment: forbidden because not allowed to close '
                                       'pull request %s', pull_request_id)
                             raise HTTPForbidden()
                         comment, status = PullRequestModel().close_pull_request_with_comment(
                             pull_request, user, repo, message=text)
                         Session().flush()
                         events.trigger(
                             events.PullRequestCommentEvent(pull_request, comment))
                     else:
                         # regular comment case, could be inline, or one with status.
                         # for that one we check also permissions
                         allowed_to_change_status = PullRequestModel().check_user_change_status(
                             pull_request, c.rhodecode_user)
                         if status and allowed_to_change_status:
                             message = (_('Status change %(transition_icon)s %(status)s')
                                        % {'transition_icon': '>',
                                           'status': ChangesetStatus.get_status_lbl(status)})
                             text = text or message
                         comment = CommentsModel().create(
                             text=text,
                             repo=c.rhodecode_db_repo.repo_id,
                             user=c.rhodecode_user.user_id,
                             pull_request=pull_request_id,
                             f_path=request.POST.get('f_path'),
                             line_no=request.POST.get('line'),
                             status_change=(ChangesetStatus.get_status_lbl(status)
                                            if status and allowed_to_change_status else None),
                             status_change_type=(status
                                                 if status and allowed_to_change_status else None),
                             comment_type=comment_type,
                             resolves_comment_id=resolves_comment_id
                         )
                         if allowed_to_change_status:
                             # calculate old status before we change it
                             old_calculated_status = pull_request.calculated_review_status()
                             # get status if set !
                             if status:
                                 ChangesetStatusModel().set_status(
                                     c.rhodecode_db_repo.repo_id,
                                     status,
                                     c.rhodecode_user.user_id,
                                     comment,
                                     pull_request=pull_request_id
                                 )
                             Session().flush()
                             events.trigger(
                                 events.PullRequestCommentEvent(pull_request, comment))
                             # we now calculate the status of pull request, and based on that
                             # calculation we set the commits status
                             calculated_status = pull_request.calculated_review_status()
                             if old_calculated_status != calculated_status:
                                 PullRequestModel()._trigger_pull_request_hook(
                                     pull_request, c.rhodecode_user, 'review_status_change')
                     Session().commit()
                     if not request.is_xhr:
                         raise HTTPFound(
                             h.route_path('pullrequest_show',
                                          repo_name=repo_name,
                                          pull_request_id=pull_request_id))
                     data = {
                         'target_id': h.safeid(h.safe_unicode(request.POST.get('f_path'))),
                     }
                     if comment:
                         c.co = comment
                         rendered_comment = render('changeset/changeset_comment_block.mako')
                         data.update(comment.get_dict())
                         data.update({'rendered_text': rendered_comment})
                     return data
                 @LoginRequired()
                 @NotAnonymous()
                 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                                'repository.admin')
                 @auth.CSRFRequired()
                 @jsonify
                 def delete_comment(self, repo_name, comment_id):
-                    comment = ChangesetComment.get_or_404(safe_int(comment_id))
+                    comment = ChangesetComment.get_or_404(comment_id)
                     if not comment:
                         log.debug('Comment with id:%s not found, skipping', comment_id)
                         # comment already deleted in another call probably
                         return True
                     if comment.pull_request.is_closed():
                         # don't allow deleting comments on closed pull request
                         raise HTTPForbidden()
                     is_repo_admin = h.HasRepoPermissionAny('repository.admin')(c.repo_name)
                     super_admin = h.HasPermissionAny('hg.admin')()
                     comment_owner = comment.author.user_id == c.rhodecode_user.user_id
                     is_repo_comment = comment.repo.repo_name == c.repo_name
                     comment_repo_admin = is_repo_admin and is_repo_comment
                     if super_admin or comment_owner or comment_repo_admin:
                         old_calculated_status = comment.pull_request.calculated_review_status()
                         CommentsModel().delete(comment=comment, user=c.rhodecode_user)
                         Session().commit()
                         calculated_status = comment.pull_request.calculated_review_status()
                         if old_calculated_status != calculated_status:
                             PullRequestModel()._trigger_pull_request_hook(
                                 comment.pull_request, c.rhodecode_user, 'review_status_change')
                         return True
                     else:
                         log.warning('No permissions for user %s to delete comment_id: %s',
                                     c.rhodecode_user, comment_id)
                         raise HTTPNotFound()

rhodecode/model/db.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages