rhodecode-enterprise-ce Commit - r231:b3a11d63

1

# -*- coding: utf-8 -*-

1

# -*- coding: utf-8 -*-

2

3

4

#

4

#

5

# This program is free software: you can redistribute it and/or modify

5

# This program is free software: you can redistribute it and/or modify

6

# it under the terms of the GNU Affero General Public License, version 3

6

# it under the terms of the GNU Affero General Public License, version 3

7

# (only), as published by the Free Software Foundation.

7

# (only), as published by the Free Software Foundation.

8

#

8

#

9

# This program is distributed in the hope that it will be useful,

9

# This program is distributed in the hope that it will be useful,

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

12

# GNU General Public License for more details.

12

# GNU General Public License for more details.

13

#

13

#

14

# You should have received a copy of the GNU Affero General Public License

14

# You should have received a copy of the GNU Affero General Public License

15

# along with this program. If not, see <http://www.gnu.org/licenses/>.

15

# along with this program. If not, see <http://www.gnu.org/licenses/>.

16

#

16

#

17

# This program is dual-licensed. If you wish to learn more about the

17

# This program is dual-licensed. If you wish to learn more about the

18

# RhodeCode Enterprise Edition, including its added features, Support services,

18

# RhodeCode Enterprise Edition, including its added features, Support services,

19

# and proprietary license terms, please see https://rhodecode.com/licenses/

19

# and proprietary license terms, please see https://rhodecode.com/licenses/

20

21

"""

21

"""

22

Users crud controller for pylons

22

Users crud controller for pylons

23

"""

23

"""

24

25

import logging

25

import logging

26

import formencode

26

import formencode

27

28

from formencode import htmlfill

28

from formencode import htmlfill

29

from pylons import request, tmpl_context as c, url, config

29

from pylons import request, tmpl_context as c, url, config

30

from pylons.controllers.util import redirect

30

from pylons.controllers.util import redirect

31

from pylons.i18n.translation import _

31

from pylons.i18n.translation import _

32

33

from rhodecode.authentication.plugins import auth_rhodecode

33

from rhodecode.authentication.plugins import auth_rhodecode

34

from rhodecode.lib.exceptions import (

34

from rhodecode.lib.exceptions import (

35

DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,

35

DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,

36

UserOwnsUserGroupsException, UserCreationError)

36

UserOwnsUserGroupsException, UserCreationError)

37

from rhodecode.lib import helpers as h

37

from rhodecode.lib import helpers as h

38

from rhodecode.lib import auth

38

from rhodecode.lib import auth

39

from rhodecode.lib.auth import (

39

from rhodecode.lib.auth import (

40

LoginRequired, HasPermissionAllDecorator, AuthUser, generate_auth_token)

40

LoginRequired, HasPermissionAllDecorator, AuthUser, generate_auth_token)

41

from rhodecode.lib.base import BaseController, render

41

from rhodecode.lib.base import BaseController, render

42

from rhodecode.model.auth_token import AuthTokenModel

42

from rhodecode.model.auth_token import AuthTokenModel

43

44

from rhodecode.model.db import (

44

from rhodecode.model.db import (

45

PullRequestReviewers, User, UserEmailMap, UserIpMap, RepoGroup)

45

PullRequestReviewers, User, UserEmailMap, UserIpMap, RepoGroup)

46

from rhodecode.model.forms import (

46

from rhodecode.model.forms import (

47

UserForm, UserPermissionsForm, UserIndividualPermissionsForm)

47

UserForm, UserPermissionsForm, UserIndividualPermissionsForm)

48

from rhodecode.model.user import UserModel

48

from rhodecode.model.user import UserModel

49

from rhodecode.model.meta import Session

49

from rhodecode.model.meta import Session

50

from rhodecode.model.permission import PermissionModel

50

from rhodecode.model.permission import PermissionModel

51

from rhodecode.lib.utils import action_logger

51

from rhodecode.lib.utils import action_logger

52

from rhodecode.lib.ext_json import json

52

from rhodecode.lib.ext_json import json

53

from rhodecode.lib.utils2 import datetime_to_time, safe_int

53

from rhodecode.lib.utils2 import datetime_to_time, safe_int

54

55

log = logging.getLogger(__name__)

55

log = logging.getLogger(__name__)

56

57

58

class UsersController(BaseController):

58

class UsersController(BaseController):

59

"""REST Controller styled on the Atom Publishing Protocol"""

59

"""REST Controller styled on the Atom Publishing Protocol"""

60

61

@LoginRequired()

61

@LoginRequired()

62

def __before__(self):

62

def __before__(self):

63

super(UsersController, self).__before__()

63

super(UsersController, self).__before__()

64

c.available_permissions = config['available_permissions']

64

c.available_permissions = config['available_permissions']

65

c.allowed_languages = [

65

c.allowed_languages = [

66

('en', 'English (en)'),

66

('en', 'English (en)'),

67

('de', 'German (de)'),

67

('de', 'German (de)'),

68

('fr', 'French (fr)'),

68

('fr', 'French (fr)'),

69

('it', 'Italian (it)'),

69

('it', 'Italian (it)'),

70

('ja', 'Japanese (ja)'),

70

('ja', 'Japanese (ja)'),

71

('pl', 'Polish (pl)'),

71

('pl', 'Polish (pl)'),

72

('pt', 'Portuguese (pt)'),

72

('pt', 'Portuguese (pt)'),

73

('ru', 'Russian (ru)'),

73

('ru', 'Russian (ru)'),

74

('zh', 'Chinese (zh)'),

74

('zh', 'Chinese (zh)'),

75

]

75

]

76

PermissionModel().set_global_permission_choices(c, translator=_)

76

PermissionModel().set_global_permission_choices(c, translator=_)

77

78

@HasPermissionAllDecorator('hg.admin')

78

@HasPermissionAllDecorator('hg.admin')

79

def index(self):

79

def index(self):

80

"""GET /users: All items in the collection"""

80

"""GET /users: All items in the collection"""

81

# url('users')

81

# url('users')

82

83

from rhodecode.lib.utils import PartialRenderer

83

from rhodecode.lib.utils import PartialRenderer

84

_render = PartialRenderer('data_table/_dt_elements.html')

84

_render = PartialRenderer('data_table/_dt_elements.html')

85

86

def grav_tmpl(user_email, size):

86

def grav_tmpl(user_email, size):

87

return _render("user_gravatar", user_email, size)

87

return _render("user_gravatar", user_email, size)

88

89

def username(user_id, username):

89

def username(user_id, username):

90

return _render("user_name", user_id, username)

90

return _render("user_name", user_id, username)

91

92

def user_actions(user_id, username):

92

def user_actions(user_id, username):

93

return _render("user_actions", user_id, username)

93

return _render("user_actions", user_id, username)

94

95

# json generate

95

# json generate

96

c.users_list = User.query()\

96

c.users_list = User.query()\

97

.filter(User.username != User.DEFAULT_USER) \

97

.filter(User.username != User.DEFAULT_USER) \

98

.all()

98

.all()

99

100

users_data = []

100

users_data = []

101

for user in c.users_list:

101

for user in c.users_list:

102

users_data.append({

102

users_data.append({

103

"gravatar": grav_tmpl(user.email, 20),

103

"gravatar": grav_tmpl(user.email, 20),

104

"username": h.link_to(

104

"username": h.link_to(

105

user.username, h.url('user_profile', username=user.username)),

105

user.username, h.url('user_profile', username=user.username)),

106

"username_raw": user.username,

106

"username_raw": user.username,

107

"email": user.email,

107

"email": user.email,

108

"first_name": h.escape(user.name),

108

"first_name": h.escape(user.name),

109

"last_name": h.escape(user.lastname),

109

"last_name": h.escape(user.lastname),

110

"last_login": h.format_date(user.last_login),

110

"last_login": h.format_date(user.last_login),

111

"last_login_raw": datetime_to_time(user.last_login),

111

"last_login_raw": datetime_to_time(user.last_login),

112

"last_activity": h.format_date(

112

"last_activity": h.format_date(

113

h.time_to_datetime(user.user_data.get('last_activity', 0))),

113

h.time_to_datetime(user.user_data.get('last_activity', 0))),

114

"last_activity_raw": user.user_data.get('last_activity', 0),

114

"last_activity_raw": user.user_data.get('last_activity', 0),

115

"active": h.bool2icon(user.active),

115

"active": h.bool2icon(user.active),

116

"active_raw": user.active,

116

"active_raw": user.active,

117

"admin": h.bool2icon(user.admin),

117

"admin": h.bool2icon(user.admin),

118

"admin_raw": user.admin,

118

"admin_raw": user.admin,

119

"extern_type": user.extern_type,

119

"extern_type": user.extern_type,

120

"extern_name": user.extern_name,

120

"extern_name": user.extern_name,

121

"action": user_actions(user.user_id, user.username),

121

"action": user_actions(user.user_id, user.username),

122

})

122

})

123

124

125

c.data = json.dumps(users_data)

125

c.data = json.dumps(users_data)

126

return render('admin/users/users.html')

126

return render('admin/users/users.html')

127

128

@HasPermissionAllDecorator('hg.admin')

128

@HasPermissionAllDecorator('hg.admin')

129

@auth.CSRFRequired()

129

@auth.CSRFRequired()

130

def create(self):

130

def create(self):

131

"""POST /users: Create a new item"""

131

"""POST /users: Create a new item"""

132

# url('users')

132

# url('users')

133

c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name

133

c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name

134

user_model = UserModel()

134

user_model = UserModel()

135

user_form = UserForm()()

135

user_form = UserForm()()

136

try:

136

try:

137

form_result = user_form.to_python(dict(request.POST))

137

form_result = user_form.to_python(dict(request.POST))

138

user = user_model.create(form_result)

138

user = user_model.create(form_result)

139

Session().flush()

139

Session().flush()

140

username = form_result['username']

140

username = form_result['username']

141

action_logger(c.rhodecode_user, 'admin_created_user:%s' % username,

141

action_logger(c.rhodecode_user, 'admin_created_user:%s' % username,

142

None, self.ip_addr, self.sa)

142

None, self.ip_addr, self.sa)

143

144

user_link = h.link_to(h.escape(username),

144

user_link = h.link_to(h.escape(username),

145

url('edit_user',

145

url('edit_user',

146

user_id=user.user_id))

146

user_id=user.user_id))

147

h.flash(h.literal(_('Created user %(user_link)s')

147

h.flash(h.literal(_('Created user %(user_link)s')

148

% {'user_link': user_link}), category='success')

148

% {'user_link': user_link}), category='success')

149

Session().commit()

149

Session().commit()

150

except formencode.Invalid as errors:

150

except formencode.Invalid as errors:

151

return htmlfill.render(

151

return htmlfill.render(

152

render('admin/users/user_add.html'),

152

render('admin/users/user_add.html'),

153

defaults=errors.value,

153

defaults=errors.value,

154

errors=errors.error_dict or {},

154

errors=errors.error_dict or {},

155

prefix_error=False,

155

prefix_error=False,

156

encoding="UTF-8",

156

encoding="UTF-8",

157

force_defaults=False)

157

force_defaults=False)

158

except UserCreationError as e:

158

except UserCreationError as e:

159

h.flash(e, 'error')

159

h.flash(e, 'error')

160

except Exception:

160

except Exception:

161

log.exception("Exception creation of user")

161

log.exception("Exception creation of user")

162

h.flash(_('Error occurred during creation of user %s')

162

h.flash(_('Error occurred during creation of user %s')

163

% request.POST.get('username'), category='error')

163

% request.POST.get('username'), category='error')

164

return redirect(url('users'))

164

return redirect(url('users'))

165

166

@HasPermissionAllDecorator('hg.admin')

166

@HasPermissionAllDecorator('hg.admin')

167

def new(self):

167

def new(self):

168

"""GET /users/new: Form to create a new item"""

168

"""GET /users/new: Form to create a new item"""

169

# url('new_user')

169

# url('new_user')

170

c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name

170

c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name

171

return render('admin/users/user_add.html')

171

return render('admin/users/user_add.html')

172

173

@HasPermissionAllDecorator('hg.admin')

173

@HasPermissionAllDecorator('hg.admin')

174

@auth.CSRFRequired()

174

@auth.CSRFRequired()

175

def update(self, user_id):

175

def update(self, user_id):

176

"""PUT /users/user_id: Update an existing item"""

176

"""PUT /users/user_id: Update an existing item"""

177

# Forms posted to this method should contain a hidden field:

177

# Forms posted to this method should contain a hidden field:

178

# <input type="hidden" name="_method" value="PUT" />

178

# <input type="hidden" name="_method" value="PUT" />

179

# Or using helpers:

179

# Or using helpers:

180

# h.form(url('update_user', user_id=ID),

180

# h.form(url('update_user', user_id=ID),

181

# method='put')

181

# method='put')

182

# url('user', user_id=ID)

182

# url('user', user_id=ID)

183

user_id = safe_int(user_id)

183

user_id = safe_int(user_id)

184

c.user = User.get_or_404(user_id)

184

c.user = User.get_or_404(user_id)

185

c.active = 'profile'

185

c.active = 'profile'

186

c.extern_type = c.user.extern_type

186

c.extern_type = c.user.extern_type

187

c.extern_name = c.user.extern_name

187

c.extern_name = c.user.extern_name

188

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

188

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

189

available_languages = [x[0] for x in c.allowed_languages]

189

available_languages = [x[0] for x in c.allowed_languages]

190

_form = UserForm(edit=True, available_languages=available_languages,

190

_form = UserForm(edit=True, available_languages=available_languages,

191

old_data={'user_id': user_id,

191

old_data={'user_id': user_id,

192

'email': c.user.email})()

192

'email': c.user.email})()

193

form_result = {}

193

form_result = {}

194

try:

194

try:

195

form_result = _form.to_python(dict(request.POST))

195

form_result = _form.to_python(dict(request.POST))

196

skip_attrs = ['extern_type', 'extern_name']

196

skip_attrs = ['extern_type', 'extern_name']

197

# TODO: plugin should define if username can be updated

197

# TODO: plugin should define if username can be updated

198

if c.extern_type != "rhodecode":

198

if c.extern_type != "rhodecode":

199

# forbid updating username for external accounts

199

# forbid updating username for external accounts

200

skip_attrs.append('username')

200

skip_attrs.append('username')

201

202

UserModel().update_user(user_id, skip_attrs=skip_attrs, **form_result)

202

UserModel().update_user(user_id, skip_attrs=skip_attrs, **form_result)

203

usr = form_result['username']

203

usr = form_result['username']

204

action_logger(c.rhodecode_user, 'admin_updated_user:%s' % usr,

204

action_logger(c.rhodecode_user, 'admin_updated_user:%s' % usr,

205

None, self.ip_addr, self.sa)

205

None, self.ip_addr, self.sa)

206

h.flash(_('User updated successfully'), category='success')

206

h.flash(_('User updated successfully'), category='success')

207

Session().commit()

207

Session().commit()

208

except formencode.Invalid as errors:

208

except formencode.Invalid as errors:

209

defaults = errors.value

209

defaults = errors.value

210

e = errors.error_dict or {}

210

e = errors.error_dict or {}

211

212

return htmlfill.render(

212

return htmlfill.render(

213

render('admin/users/user_edit.html'),

213

render('admin/users/user_edit.html'),

214

defaults=defaults,

214

defaults=defaults,

215

errors=e,

215

errors=e,

216

prefix_error=False,

216

prefix_error=False,

217

encoding="UTF-8",

217

encoding="UTF-8",

218

force_defaults=False)

218

force_defaults=False)

219

except UserCreationError as e:

220

h.flash(e, 'error')

219

except Exception:

221

except Exception:

220

log.exception("Exception updating user")

222

log.exception("Exception updating user")

221

h.flash(_('Error occurred during update of user %s')

223

h.flash(_('Error occurred during update of user %s')

222

% form_result.get('username'), category='error')

224

% form_result.get('username'), category='error')

223

return redirect(url('edit_user', user_id=user_id))

225

return redirect(url('edit_user', user_id=user_id))

224

226

225

@HasPermissionAllDecorator('hg.admin')

227

@HasPermissionAllDecorator('hg.admin')

226

@auth.CSRFRequired()

228

@auth.CSRFRequired()

227

def delete(self, user_id):

229

def delete(self, user_id):

228

"""DELETE /users/user_id: Delete an existing item"""

230

"""DELETE /users/user_id: Delete an existing item"""

229

# Forms posted to this method should contain a hidden field:

231

# Forms posted to this method should contain a hidden field:

230

# <input type="hidden" name="_method" value="DELETE" />

232

# <input type="hidden" name="_method" value="DELETE" />

231

# Or using helpers:

233

# Or using helpers:

232

# h.form(url('delete_user', user_id=ID),

234

# h.form(url('delete_user', user_id=ID),

233

# method='delete')

235

# method='delete')

234

# url('user', user_id=ID)

236

# url('user', user_id=ID)

235

user_id = safe_int(user_id)

237

user_id = safe_int(user_id)

236

c.user = User.get_or_404(user_id)

238

c.user = User.get_or_404(user_id)

237

239

238

_repos = c.user.repositories

240

_repos = c.user.repositories

239

_repo_groups = c.user.repository_groups

241

_repo_groups = c.user.repository_groups

240

_user_groups = c.user.user_groups

242

_user_groups = c.user.user_groups

241

243

242

handle_repos = None

244

handle_repos = None

243

handle_repo_groups = None

245

handle_repo_groups = None

244

handle_user_groups = None

246

handle_user_groups = None

245

# dummy call for flash of handle

247

# dummy call for flash of handle

246

set_handle_flash_repos = lambda: None

248

set_handle_flash_repos = lambda: None

247

set_handle_flash_repo_groups = lambda: None

249

set_handle_flash_repo_groups = lambda: None

248

set_handle_flash_user_groups = lambda: None

250

set_handle_flash_user_groups = lambda: None

249

251

250

if _repos and request.POST.get('user_repos'):

252

if _repos and request.POST.get('user_repos'):

251

do = request.POST['user_repos']

253

do = request.POST['user_repos']

252

if do == 'detach':

254

if do == 'detach':

253

handle_repos = 'detach'

255

handle_repos = 'detach'

254

set_handle_flash_repos = lambda: h.flash(

256

set_handle_flash_repos = lambda: h.flash(

255

_('Detached %s repositories') % len(_repos),

257

_('Detached %s repositories') % len(_repos),

256

category='success')

258

category='success')

257

elif do == 'delete':

259

elif do == 'delete':

258

handle_repos = 'delete'

260

handle_repos = 'delete'

259

set_handle_flash_repos = lambda: h.flash(

261

set_handle_flash_repos = lambda: h.flash(

260

_('Deleted %s repositories') % len(_repos),

262

_('Deleted %s repositories') % len(_repos),

261

category='success')

263

category='success')

262

264

263

if _repo_groups and request.POST.get('user_repo_groups'):

265

if _repo_groups and request.POST.get('user_repo_groups'):

264

do = request.POST['user_repo_groups']

266

do = request.POST['user_repo_groups']

265

if do == 'detach':

267

if do == 'detach':

266

handle_repo_groups = 'detach'

268

handle_repo_groups = 'detach'

267

set_handle_flash_repo_groups = lambda: h.flash(

269

set_handle_flash_repo_groups = lambda: h.flash(

268

_('Detached %s repository groups') % len(_repo_groups),

270

_('Detached %s repository groups') % len(_repo_groups),

269

category='success')

271

category='success')

270

elif do == 'delete':

272

elif do == 'delete':

271

handle_repo_groups = 'delete'

273

handle_repo_groups = 'delete'

272

set_handle_flash_repo_groups = lambda: h.flash(

274

set_handle_flash_repo_groups = lambda: h.flash(

273

_('Deleted %s repository groups') % len(_repo_groups),

275

_('Deleted %s repository groups') % len(_repo_groups),

274

category='success')

276

category='success')

275

277

276

if _user_groups and request.POST.get('user_user_groups'):

278

if _user_groups and request.POST.get('user_user_groups'):

277

do = request.POST['user_user_groups']

279

do = request.POST['user_user_groups']

278

if do == 'detach':

280

if do == 'detach':

279

handle_user_groups = 'detach'

281

handle_user_groups = 'detach'

280

set_handle_flash_user_groups = lambda: h.flash(

282

set_handle_flash_user_groups = lambda: h.flash(

281

_('Detached %s user groups') % len(_user_groups),

283

_('Detached %s user groups') % len(_user_groups),

282

category='success')

284

category='success')

283

elif do == 'delete':

285

elif do == 'delete':

284

handle_user_groups = 'delete'

286

handle_user_groups = 'delete'

285

set_handle_flash_user_groups = lambda: h.flash(

287

set_handle_flash_user_groups = lambda: h.flash(

286

_('Deleted %s user groups') % len(_user_groups),

288

_('Deleted %s user groups') % len(_user_groups),

287

category='success')

289

category='success')

288

290

289

try:

291

try:

290

UserModel().delete(c.user, handle_repos=handle_repos,

292

UserModel().delete(c.user, handle_repos=handle_repos,

291

handle_repo_groups=handle_repo_groups,

293

handle_repo_groups=handle_repo_groups,

292

handle_user_groups=handle_user_groups)

294

handle_user_groups=handle_user_groups)

293

Session().commit()

295

Session().commit()

294

set_handle_flash_repos()

296

set_handle_flash_repos()

295

set_handle_flash_repo_groups()

297

set_handle_flash_repo_groups()

296

set_handle_flash_user_groups()

298

set_handle_flash_user_groups()

297

h.flash(_('Successfully deleted user'), category='success')

299

h.flash(_('Successfully deleted user'), category='success')

298

except (UserOwnsReposException, UserOwnsRepoGroupsException,

300

except (UserOwnsReposException, UserOwnsRepoGroupsException,

299

UserOwnsUserGroupsException, DefaultUserException) as e:

301

UserOwnsUserGroupsException, DefaultUserException) as e:

300

h.flash(e, category='warning')

302

h.flash(e, category='warning')

301

except Exception:

303

except Exception:

302

log.exception("Exception during deletion of user")

304

log.exception("Exception during deletion of user")

303

h.flash(_('An error occurred during deletion of user'),

305

h.flash(_('An error occurred during deletion of user'),

304

category='error')

306

category='error')

305

return redirect(url('users'))

307

return redirect(url('users'))

306

308

307

@HasPermissionAllDecorator('hg.admin')

309

@HasPermissionAllDecorator('hg.admin')

308

@auth.CSRFRequired()

310

@auth.CSRFRequired()

309

def reset_password(self, user_id):

311

def reset_password(self, user_id):

310

"""

312

"""

311

toggle reset password flag for this user

313

toggle reset password flag for this user

312

314

313

:param user_id:

315

:param user_id:

314

"""

316

"""

315

user_id = safe_int(user_id)

317

user_id = safe_int(user_id)

316

c.user = User.get_or_404(user_id)

318

c.user = User.get_or_404(user_id)

317

try:

319

try:

318

old_value = c.user.user_data.get('force_password_change')

320

old_value = c.user.user_data.get('force_password_change')

319

c.user.update_userdata(force_password_change=not old_value)

321

c.user.update_userdata(force_password_change=not old_value)

320

Session().commit()

322

Session().commit()

321

if old_value:

323

if old_value:

322

msg = _('Force password change disabled for user')

324

msg = _('Force password change disabled for user')

323

else:

325

else:

324

msg = _('Force password change enabled for user')

326

msg = _('Force password change enabled for user')

325

h.flash(msg, category='success')

327

h.flash(msg, category='success')

326

except Exception:

328

except Exception:

327

log.exception("Exception during password reset for user")

329

log.exception("Exception during password reset for user")

328

h.flash(_('An error occurred during password reset for user'),

330

h.flash(_('An error occurred during password reset for user'),

329

category='error')

331

category='error')

330

332

331

return redirect(url('edit_user_advanced', user_id=user_id))

333

return redirect(url('edit_user_advanced', user_id=user_id))

332

334

333

@HasPermissionAllDecorator('hg.admin')

335

@HasPermissionAllDecorator('hg.admin')

334

@auth.CSRFRequired()

336

@auth.CSRFRequired()

335

def create_personal_repo_group(self, user_id):

337

def create_personal_repo_group(self, user_id):

336

"""

338

"""

337

Create personal repository group for this user

339

Create personal repository group for this user

338

340

339

:param user_id:

341

:param user_id:

340

"""

342

"""

341

from rhodecode.model.repo_group import RepoGroupModel

343

from rhodecode.model.repo_group import RepoGroupModel

342

344

343

user_id = safe_int(user_id)

345

user_id = safe_int(user_id)

344

c.user = User.get_or_404(user_id)

346

c.user = User.get_or_404(user_id)

345

347

346

try:

348

try:

347

desc = RepoGroupModel.PERSONAL_GROUP_DESC % {

349

desc = RepoGroupModel.PERSONAL_GROUP_DESC % {

348

'username': c.user.username}

350

'username': c.user.username}

349

if not RepoGroup.get_by_group_name(c.user.username):

351

if not RepoGroup.get_by_group_name(c.user.username):

350

RepoGroupModel().create(group_name=c.user.username,

352

RepoGroupModel().create(group_name=c.user.username,

351

group_description=desc,

353

group_description=desc,

352

owner=c.user.username)

354

owner=c.user.username)

353

355

354

msg = _('Created repository group `%s`' % (c.user.username,))

356

msg = _('Created repository group `%s`' % (c.user.username,))

355

h.flash(msg, category='success')

357

h.flash(msg, category='success')

356

except Exception:

358

except Exception:

357

log.exception("Exception during repository group creation")

359

log.exception("Exception during repository group creation")

358

msg = _(

360

msg = _(

359

'An error occurred during repository group creation for user')

361

'An error occurred during repository group creation for user')

360

h.flash(msg, category='error')

362

h.flash(msg, category='error')

361

363

362

return redirect(url('edit_user_advanced', user_id=user_id))

364

return redirect(url('edit_user_advanced', user_id=user_id))

363

365

364

@HasPermissionAllDecorator('hg.admin')

366

@HasPermissionAllDecorator('hg.admin')

365

def show(self, user_id):

367

def show(self, user_id):

366

"""GET /users/user_id: Show a specific item"""

368

"""GET /users/user_id: Show a specific item"""

367

# url('user', user_id=ID)

369

# url('user', user_id=ID)

368

User.get_or_404(-1)

370

User.get_or_404(-1)

369

371

370

@HasPermissionAllDecorator('hg.admin')

372

@HasPermissionAllDecorator('hg.admin')

371

def edit(self, user_id):

373

def edit(self, user_id):

372

"""GET /users/user_id/edit: Form to edit an existing item"""

374

"""GET /users/user_id/edit: Form to edit an existing item"""

373

# url('edit_user', user_id=ID)

375

# url('edit_user', user_id=ID)

374

user_id = safe_int(user_id)

376

user_id = safe_int(user_id)

375

c.user = User.get_or_404(user_id)

377

c.user = User.get_or_404(user_id)

376

if c.user.username == User.DEFAULT_USER:

378

if c.user.username == User.DEFAULT_USER:

377

h.flash(_("You can't edit this user"), category='warning')

379

h.flash(_("You can't edit this user"), category='warning')

378

return redirect(url('users'))

380

return redirect(url('users'))

379

381

380

c.active = 'profile'

382

c.active = 'profile'

381

c.extern_type = c.user.extern_type

383

c.extern_type = c.user.extern_type

382

c.extern_name = c.user.extern_name

384

c.extern_name = c.user.extern_name

383

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

385

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

384

386

385

defaults = c.user.get_dict()

387

defaults = c.user.get_dict()

386

defaults.update({'language': c.user.user_data.get('language')})

388

defaults.update({'language': c.user.user_data.get('language')})

387

return htmlfill.render(

389

return htmlfill.render(

388

render('admin/users/user_edit.html'),

390

render('admin/users/user_edit.html'),

389

defaults=defaults,

391

defaults=defaults,

390

encoding="UTF-8",

392

encoding="UTF-8",

391

force_defaults=False)

393

force_defaults=False)

392

394

393

@HasPermissionAllDecorator('hg.admin')

395

@HasPermissionAllDecorator('hg.admin')

394

def edit_advanced(self, user_id):

396

def edit_advanced(self, user_id):

395

user_id = safe_int(user_id)

397

user_id = safe_int(user_id)

396

user = c.user = User.get_or_404(user_id)

398

user = c.user = User.get_or_404(user_id)

397

if user.username == User.DEFAULT_USER:

399

if user.username == User.DEFAULT_USER:

398

h.flash(_("You can't edit this user"), category='warning')

400

h.flash(_("You can't edit this user"), category='warning')

399

return redirect(url('users'))

401

return redirect(url('users'))

400

402

401

c.active = 'advanced'

403

c.active = 'advanced'

402

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

404

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

403

c.personal_repo_group = RepoGroup.get_by_group_name(user.username)

405

c.personal_repo_group = RepoGroup.get_by_group_name(user.username)

404

c.first_admin = User.get_first_admin()

406

c.first_admin = User.get_first_admin()

405

defaults = user.get_dict()

407

defaults = user.get_dict()

406

408

407

# Interim workaround if the user participated on any pull requests as a

409

# Interim workaround if the user participated on any pull requests as a

408

# reviewer.

410

# reviewer.

409

has_review = bool(PullRequestReviewers.query().filter(

411

has_review = bool(PullRequestReviewers.query().filter(

410

PullRequestReviewers.user_id == user_id).first())

412

PullRequestReviewers.user_id == user_id).first())

411

c.can_delete_user = not has_review

413

c.can_delete_user = not has_review

412

c.can_delete_user_message = _(

414

c.can_delete_user_message = _(

413

'The user participates as reviewer in pull requests and '

415

'The user participates as reviewer in pull requests and '

414

'cannot be deleted. You can set the user to '

416

'cannot be deleted. You can set the user to '

415

'"inactive" instead of deleting it.') if has_review else ''

417

'"inactive" instead of deleting it.') if has_review else ''

416

418

417

return htmlfill.render(

419

return htmlfill.render(

418

render('admin/users/user_edit.html'),

420

render('admin/users/user_edit.html'),

419

defaults=defaults,

421

defaults=defaults,

420

encoding="UTF-8",

422

encoding="UTF-8",

421

force_defaults=False)

423

force_defaults=False)

422

424

423

@HasPermissionAllDecorator('hg.admin')

425

@HasPermissionAllDecorator('hg.admin')

424

def edit_auth_tokens(self, user_id):

426

def edit_auth_tokens(self, user_id):

425

user_id = safe_int(user_id)

427

user_id = safe_int(user_id)

426

c.user = User.get_or_404(user_id)

428

c.user = User.get_or_404(user_id)

427

if c.user.username == User.DEFAULT_USER:

429

if c.user.username == User.DEFAULT_USER:

428

h.flash(_("You can't edit this user"), category='warning')

430

h.flash(_("You can't edit this user"), category='warning')

429

return redirect(url('users'))

431

return redirect(url('users'))

430

432

431

c.active = 'auth_tokens'

433

c.active = 'auth_tokens'

432

show_expired = True

434

show_expired = True

433

c.lifetime_values = [

435

c.lifetime_values = [

434

(str(-1), _('forever')),

436

(str(-1), _('forever')),

435

(str(5), _('5 minutes')),

437

(str(5), _('5 minutes')),

436

(str(60), _('1 hour')),

438

(str(60), _('1 hour')),

437

(str(60 * 24), _('1 day')),

439

(str(60 * 24), _('1 day')),

438

(str(60 * 24 * 30), _('1 month')),

440

(str(60 * 24 * 30), _('1 month')),

439

]

441

]

440

c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]

442

c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]

441

c.role_values = [(x, AuthTokenModel.cls._get_role_name(x))

443

c.role_values = [(x, AuthTokenModel.cls._get_role_name(x))

442

for x in AuthTokenModel.cls.ROLES]

444

for x in AuthTokenModel.cls.ROLES]

443

c.role_options = [(c.role_values, _("Role"))]

445

c.role_options = [(c.role_values, _("Role"))]

444

c.user_auth_tokens = AuthTokenModel().get_auth_tokens(

446

c.user_auth_tokens = AuthTokenModel().get_auth_tokens(

445

c.user.user_id, show_expired=show_expired)

447

c.user.user_id, show_expired=show_expired)

446

defaults = c.user.get_dict()

448

defaults = c.user.get_dict()

447

return htmlfill.render(

449

return htmlfill.render(

448

render('admin/users/user_edit.html'),

450

render('admin/users/user_edit.html'),

449

defaults=defaults,

451

defaults=defaults,

450

encoding="UTF-8",

452

encoding="UTF-8",

451

force_defaults=False)

453

force_defaults=False)

452

454

453

@HasPermissionAllDecorator('hg.admin')

455

@HasPermissionAllDecorator('hg.admin')

454

@auth.CSRFRequired()

456

@auth.CSRFRequired()

455

def add_auth_token(self, user_id):

457

def add_auth_token(self, user_id):

456

user_id = safe_int(user_id)

458

user_id = safe_int(user_id)

457

c.user = User.get_or_404(user_id)

459

c.user = User.get_or_404(user_id)

458

if c.user.username == User.DEFAULT_USER:

460

if c.user.username == User.DEFAULT_USER:

459

h.flash(_("You can't edit this user"), category='warning')

461

h.flash(_("You can't edit this user"), category='warning')

460

return redirect(url('users'))

462

return redirect(url('users'))

461

463

462

lifetime = safe_int(request.POST.get('lifetime'), -1)

464

lifetime = safe_int(request.POST.get('lifetime'), -1)

463

description = request.POST.get('description')

465

description = request.POST.get('description')

464

role = request.POST.get('role')

466

role = request.POST.get('role')

465

AuthTokenModel().create(c.user.user_id, description, lifetime, role)

467

AuthTokenModel().create(c.user.user_id, description, lifetime, role)

466

Session().commit()

468

Session().commit()

467

h.flash(_("Auth token successfully created"), category='success')

469

h.flash(_("Auth token successfully created"), category='success')

468

return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id))

470

return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id))

469

471

470

@HasPermissionAllDecorator('hg.admin')

472

@HasPermissionAllDecorator('hg.admin')

471

@auth.CSRFRequired()

473

@auth.CSRFRequired()

472

def delete_auth_token(self, user_id):

474

def delete_auth_token(self, user_id):

473

user_id = safe_int(user_id)

475

user_id = safe_int(user_id)

474

c.user = User.get_or_404(user_id)

476

c.user = User.get_or_404(user_id)

475

if c.user.username == User.DEFAULT_USER:

477

if c.user.username == User.DEFAULT_USER:

476

h.flash(_("You can't edit this user"), category='warning')

478

h.flash(_("You can't edit this user"), category='warning')

477

return redirect(url('users'))

479

return redirect(url('users'))

478

480

479

auth_token = request.POST.get('del_auth_token')

481

auth_token = request.POST.get('del_auth_token')

480

if request.POST.get('del_auth_token_builtin'):

482

if request.POST.get('del_auth_token_builtin'):

481

user = User.get(c.user.user_id)

483

user = User.get(c.user.user_id)

482

if user:

484

if user:

483

user.api_key = generate_auth_token(user.username)

485

user.api_key = generate_auth_token(user.username)

484

Session().add(user)

486

Session().add(user)

485

Session().commit()

487

Session().commit()

486

h.flash(_("Auth token successfully reset"), category='success')

488

h.flash(_("Auth token successfully reset"), category='success')

487

elif auth_token:

489

elif auth_token:

488

AuthTokenModel().delete(auth_token, c.user.user_id)

490

AuthTokenModel().delete(auth_token, c.user.user_id)

489

Session().commit()

491

Session().commit()

490

h.flash(_("Auth token successfully deleted"), category='success')

492

h.flash(_("Auth token successfully deleted"), category='success')

491

493

492

return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id))

494

return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id))

493

495

494

@HasPermissionAllDecorator('hg.admin')

496

@HasPermissionAllDecorator('hg.admin')

495

def edit_global_perms(self, user_id):

497

def edit_global_perms(self, user_id):

496

user_id = safe_int(user_id)

498

user_id = safe_int(user_id)

497

c.user = User.get_or_404(user_id)

499

c.user = User.get_or_404(user_id)

498

if c.user.username == User.DEFAULT_USER:

500

if c.user.username == User.DEFAULT_USER:

499

h.flash(_("You can't edit this user"), category='warning')

501

h.flash(_("You can't edit this user"), category='warning')

500

return redirect(url('users'))

502

return redirect(url('users'))

501

503

502

c.active = 'global_perms'

504

c.active = 'global_perms'

503

505

504

c.default_user = User.get_default_user()

506

c.default_user = User.get_default_user()

505

defaults = c.user.get_dict()

507

defaults = c.user.get_dict()

506

defaults.update(c.default_user.get_default_perms(suffix='_inherited'))

508

defaults.update(c.default_user.get_default_perms(suffix='_inherited'))

507

defaults.update(c.default_user.get_default_perms())

509

defaults.update(c.default_user.get_default_perms())

508

defaults.update(c.user.get_default_perms())

510

defaults.update(c.user.get_default_perms())

509

511

510

return htmlfill.render(

512

return htmlfill.render(

511

render('admin/users/user_edit.html'),

513

render('admin/users/user_edit.html'),

512

defaults=defaults,

514

defaults=defaults,

513

encoding="UTF-8",

515

encoding="UTF-8",

514

force_defaults=False)

516

force_defaults=False)

515

517

516

@HasPermissionAllDecorator('hg.admin')

518

@HasPermissionAllDecorator('hg.admin')

517

@auth.CSRFRequired()

519

@auth.CSRFRequired()

518

def update_global_perms(self, user_id):

520

def update_global_perms(self, user_id):

519

"""PUT /users_perm/user_id: Update an existing item"""

521

"""PUT /users_perm/user_id: Update an existing item"""

520

# url('user_perm', user_id=ID, method='put')

522

# url('user_perm', user_id=ID, method='put')

521

user_id = safe_int(user_id)

523

user_id = safe_int(user_id)

522

user = User.get_or_404(user_id)

524

user = User.get_or_404(user_id)

523

c.active = 'global_perms'

525

c.active = 'global_perms'

524

try:

526

try:

525

# first stage that verifies the checkbox

527

# first stage that verifies the checkbox

526

_form = UserIndividualPermissionsForm()

528

_form = UserIndividualPermissionsForm()

527

form_result = _form.to_python(dict(request.POST))

529

form_result = _form.to_python(dict(request.POST))

528

inherit_perms = form_result['inherit_default_permissions']

530

inherit_perms = form_result['inherit_default_permissions']

529

user.inherit_default_permissions = inherit_perms

531

user.inherit_default_permissions = inherit_perms

530

Session().add(user)

532

Session().add(user)

531

533

532

if not inherit_perms:

534

if not inherit_perms:

533

# only update the individual ones if we un check the flag

535

# only update the individual ones if we un check the flag

534

_form = UserPermissionsForm(

536

_form = UserPermissionsForm(

535

[x[0] for x in c.repo_create_choices],

537

[x[0] for x in c.repo_create_choices],

536

[x[0] for x in c.repo_create_on_write_choices],

538

[x[0] for x in c.repo_create_on_write_choices],

537

[x[0] for x in c.repo_group_create_choices],

539

[x[0] for x in c.repo_group_create_choices],

538

[x[0] for x in c.user_group_create_choices],

540

[x[0] for x in c.user_group_create_choices],

539

[x[0] for x in c.fork_choices],

541

[x[0] for x in c.fork_choices],

540

[x[0] for x in c.inherit_default_permission_choices])()

542

[x[0] for x in c.inherit_default_permission_choices])()

541

543

542

form_result = _form.to_python(dict(request.POST))

544

form_result = _form.to_python(dict(request.POST))

543

form_result.update({'perm_user_id': user.user_id})

545

form_result.update({'perm_user_id': user.user_id})

544

546

545

PermissionModel().update_user_permissions(form_result)

547

PermissionModel().update_user_permissions(form_result)

546

548

547

Session().commit()

549

Session().commit()

548

h.flash(_('User global permissions updated successfully'),

550

h.flash(_('User global permissions updated successfully'),

549

category='success')

551

category='success')

550

552

551

Session().commit()

553

Session().commit()

552

except formencode.Invalid as errors:

554

except formencode.Invalid as errors:

553

defaults = errors.value

555

defaults = errors.value

554

c.user = user

556

c.user = user

555

return htmlfill.render(

557

return htmlfill.render(

556

render('admin/users/user_edit.html'),

558

render('admin/users/user_edit.html'),

557

defaults=defaults,

559

defaults=defaults,

558

errors=errors.error_dict or {},

560

errors=errors.error_dict or {},

559

prefix_error=False,

561

prefix_error=False,

560

encoding="UTF-8",

562

encoding="UTF-8",

561

force_defaults=False)

563

force_defaults=False)

562

except Exception:

564

except Exception:

563

log.exception("Exception during permissions saving")

565

log.exception("Exception during permissions saving")

564

h.flash(_('An error occurred during permissions saving'),

566

h.flash(_('An error occurred during permissions saving'),

565

category='error')

567

category='error')

566

return redirect(url('edit_user_global_perms', user_id=user_id))

568

return redirect(url('edit_user_global_perms', user_id=user_id))

567

569

568

@HasPermissionAllDecorator('hg.admin')

570

@HasPermissionAllDecorator('hg.admin')

569

def edit_perms_summary(self, user_id):

571

def edit_perms_summary(self, user_id):

570

user_id = safe_int(user_id)

572

user_id = safe_int(user_id)

571

c.user = User.get_or_404(user_id)

573

c.user = User.get_or_404(user_id)

572

if c.user.username == User.DEFAULT_USER:

574

if c.user.username == User.DEFAULT_USER:

573

h.flash(_("You can't edit this user"), category='warning')

575

h.flash(_("You can't edit this user"), category='warning')

574

return redirect(url('users'))

576

return redirect(url('users'))

575

577

576

c.active = 'perms_summary'

578

c.active = 'perms_summary'

577

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

579

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

578

580

579

return render('admin/users/user_edit.html')

581

return render('admin/users/user_edit.html')

580

582

581

@HasPermissionAllDecorator('hg.admin')

583

@HasPermissionAllDecorator('hg.admin')

582

def edit_emails(self, user_id):

584

def edit_emails(self, user_id):

583

user_id = safe_int(user_id)

585

user_id = safe_int(user_id)

584

c.user = User.get_or_404(user_id)

586

c.user = User.get_or_404(user_id)

585

if c.user.username == User.DEFAULT_USER:

587

if c.user.username == User.DEFAULT_USER:

586

h.flash(_("You can't edit this user"), category='warning')

588

h.flash(_("You can't edit this user"), category='warning')

587

return redirect(url('users'))

589

return redirect(url('users'))

588

590

589

c.active = 'emails'

591

c.active = 'emails'

590

c.user_email_map = UserEmailMap.query() \

592

c.user_email_map = UserEmailMap.query() \

591

.filter(UserEmailMap.user == c.user).all()

593

.filter(UserEmailMap.user == c.user).all()

592

594

593

defaults = c.user.get_dict()

595

defaults = c.user.get_dict()

594

return htmlfill.render(

596

return htmlfill.render(

595

render('admin/users/user_edit.html'),

597

render('admin/users/user_edit.html'),

596

defaults=defaults,

598

defaults=defaults,

597

encoding="UTF-8",

599

encoding="UTF-8",

598

force_defaults=False)

600

force_defaults=False)

599

601

600

@HasPermissionAllDecorator('hg.admin')

602

@HasPermissionAllDecorator('hg.admin')

601

@auth.CSRFRequired()

603

@auth.CSRFRequired()

602

def add_email(self, user_id):

604

def add_email(self, user_id):

603

"""POST /user_emails:Add an existing item"""

605

"""POST /user_emails:Add an existing item"""

604

# url('user_emails', user_id=ID, method='put')

606

# url('user_emails', user_id=ID, method='put')

605

user_id = safe_int(user_id)

607

user_id = safe_int(user_id)

606

c.user = User.get_or_404(user_id)

608

c.user = User.get_or_404(user_id)

607

609

608

email = request.POST.get('new_email')

610

email = request.POST.get('new_email')

609

user_model = UserModel()

611

user_model = UserModel()

610

612

611

try:

613

try:

612

user_model.add_extra_email(user_id, email)

614

user_model.add_extra_email(user_id, email)

613

Session().commit()

615

Session().commit()

614

h.flash(_("Added new email address `%s` for user account") % email,

616

h.flash(_("Added new email address `%s` for user account") % email,

615

category='success')

617

category='success')

616

except formencode.Invalid as error:

618

except formencode.Invalid as error:

617

msg = error.error_dict['email']

619

msg = error.error_dict['email']

618

h.flash(msg, category='error')

620

h.flash(msg, category='error')

619

except Exception:

621

except Exception:

620

log.exception("Exception during email saving")

622

log.exception("Exception during email saving")

621

h.flash(_('An error occurred during email saving'),

623

h.flash(_('An error occurred during email saving'),

622

category='error')

624

category='error')

623

return redirect(url('edit_user_emails', user_id=user_id))

625

return redirect(url('edit_user_emails', user_id=user_id))

624

626

625

@HasPermissionAllDecorator('hg.admin')

627

@HasPermissionAllDecorator('hg.admin')

626

@auth.CSRFRequired()

628

@auth.CSRFRequired()

627

def delete_email(self, user_id):

629

def delete_email(self, user_id):

628

"""DELETE /user_emails_delete/user_id: Delete an existing item"""

630

"""DELETE /user_emails_delete/user_id: Delete an existing item"""

629

# url('user_emails_delete', user_id=ID, method='delete')

631

# url('user_emails_delete', user_id=ID, method='delete')

630

user_id = safe_int(user_id)

632

user_id = safe_int(user_id)

631

c.user = User.get_or_404(user_id)

633

c.user = User.get_or_404(user_id)

632

email_id = request.POST.get('del_email_id')

634

email_id = request.POST.get('del_email_id')

633

user_model = UserModel()

635

user_model = UserModel()

634

user_model.delete_extra_email(user_id, email_id)

636

user_model.delete_extra_email(user_id, email_id)

635

Session().commit()

637

Session().commit()

636

h.flash(_("Removed email address from user account"), category='success')

638

h.flash(_("Removed email address from user account"), category='success')

637

return redirect(url('edit_user_emails', user_id=user_id))

639

return redirect(url('edit_user_emails', user_id=user_id))

638

640

639

@HasPermissionAllDecorator('hg.admin')

641

@HasPermissionAllDecorator('hg.admin')

640

def edit_ips(self, user_id):

642

def edit_ips(self, user_id):

641

user_id = safe_int(user_id)

643

user_id = safe_int(user_id)

642

c.user = User.get_or_404(user_id)

644

c.user = User.get_or_404(user_id)

643

if c.user.username == User.DEFAULT_USER:

645

if c.user.username == User.DEFAULT_USER:

644

h.flash(_("You can't edit this user"), category='warning')

646

h.flash(_("You can't edit this user"), category='warning')

645

return redirect(url('users'))

647

return redirect(url('users'))

646

648

647

c.active = 'ips'

649

c.active = 'ips'

648

c.user_ip_map = UserIpMap.query() \

650

c.user_ip_map = UserIpMap.query() \

649

.filter(UserIpMap.user == c.user).all()

651

.filter(UserIpMap.user == c.user).all()

650

652

651

c.inherit_default_ips = c.user.inherit_default_permissions

653

c.inherit_default_ips = c.user.inherit_default_permissions

652

c.default_user_ip_map = UserIpMap.query() \

654

c.default_user_ip_map = UserIpMap.query() \

653

.filter(UserIpMap.user == User.get_default_user()).all()

655

.filter(UserIpMap.user == User.get_default_user()).all()

654

656

655

defaults = c.user.get_dict()

657

defaults = c.user.get_dict()

656

return htmlfill.render(

658

return htmlfill.render(

657

render('admin/users/user_edit.html'),

659

render('admin/users/user_edit.html'),

658

defaults=defaults,

660

defaults=defaults,

659

encoding="UTF-8",

661

encoding="UTF-8",

660

force_defaults=False)

662

force_defaults=False)

661

663

662

@HasPermissionAllDecorator('hg.admin')

664

@HasPermissionAllDecorator('hg.admin')

663

@auth.CSRFRequired()

665

@auth.CSRFRequired()

664

def add_ip(self, user_id):

666

def add_ip(self, user_id):

665

"""POST /user_ips:Add an existing item"""

667

"""POST /user_ips:Add an existing item"""

666

# url('user_ips', user_id=ID, method='put')

668

# url('user_ips', user_id=ID, method='put')

667

669

668

user_id = safe_int(user_id)

670

user_id = safe_int(user_id)

669

c.user = User.get_or_404(user_id)

671

c.user = User.get_or_404(user_id)

670

user_model = UserModel()

672

user_model = UserModel()

671

try:

673

try:

672

ip_list = user_model.parse_ip_range(request.POST.get('new_ip'))

674

ip_list = user_model.parse_ip_range(request.POST.get('new_ip'))

673

except Exception as e:

675

except Exception as e:

674

ip_list = []

676

ip_list = []

675

log.exception("Exception during ip saving")

677

log.exception("Exception during ip saving")

676

h.flash(_('An error occurred during ip saving:%s' % (e,)),

678

h.flash(_('An error occurred during ip saving:%s' % (e,)),

677

category='error')

679

category='error')

678

680

679

desc = request.POST.get('description')

681

desc = request.POST.get('description')

680

added = []

682

added = []

681

for ip in ip_list:

683

for ip in ip_list:

682

try:

684

try:

683

user_model.add_extra_ip(user_id, ip, desc)

685

user_model.add_extra_ip(user_id, ip, desc)

684

Session().commit()

686

Session().commit()

685

added.append(ip)

687

added.append(ip)

686

except formencode.Invalid as error:

688

except formencode.Invalid as error:

687

msg = error.error_dict['ip']

689

msg = error.error_dict['ip']

688

h.flash(msg, category='error')

690

h.flash(msg, category='error')

689

except Exception:

691

except Exception:

690

log.exception("Exception during ip saving")

692

log.exception("Exception during ip saving")

691

h.flash(_('An error occurred during ip saving'),

693

h.flash(_('An error occurred during ip saving'),

692

category='error')

694

category='error')

693

if added:

695

if added:

694

h.flash(

696

h.flash(

695

_("Added ips %s to user whitelist") % (', '.join(ip_list), ),

697

_("Added ips %s to user whitelist") % (', '.join(ip_list), ),

696

category='success')

698

category='success')

697

if 'default_user' in request.POST:

699

if 'default_user' in request.POST:

698

return redirect(url('admin_permissions_ips'))

700

return redirect(url('admin_permissions_ips'))

699

return redirect(url('edit_user_ips', user_id=user_id))

701

return redirect(url('edit_user_ips', user_id=user_id))

700

702

701

@HasPermissionAllDecorator('hg.admin')

703

@HasPermissionAllDecorator('hg.admin')

702

@auth.CSRFRequired()

704

@auth.CSRFRequired()

703

def delete_ip(self, user_id):

705

def delete_ip(self, user_id):

704

"""DELETE /user_ips_delete/user_id: Delete an existing item"""

706

"""DELETE /user_ips_delete/user_id: Delete an existing item"""

705

# url('user_ips_delete', user_id=ID, method='delete')

707

# url('user_ips_delete', user_id=ID, method='delete')

706

user_id = safe_int(user_id)

708

user_id = safe_int(user_id)

707

c.user = User.get_or_404(user_id)

709

c.user = User.get_or_404(user_id)

708

710

709

ip_id = request.POST.get('del_ip_id')

711

ip_id = request.POST.get('del_ip_id')

710

user_model = UserModel()

712

user_model = UserModel()

711

user_model.delete_extra_ip(user_id, ip_id)

713

user_model.delete_extra_ip(user_id, ip_id)

712

Session().commit()

714

Session().commit()

713

h.flash(_("Removed ip address from user whitelist"), category='success')

715

h.flash(_("Removed ip address from user whitelist"), category='success')

714

716

715

if 'default_user' in request.POST:

717

if 'default_user' in request.POST:

716

return redirect(url('admin_permissions_ips'))

718

return redirect(url('admin_permissions_ips'))

717

return redirect(url('edit_user_ips', user_id=user_id))

719

return redirect(url('edit_user_ips', user_id=user_id))

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2016  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Users crud controller for pylons
             """
             import logging
             import formencode
             from formencode import htmlfill
             from pylons import request, tmpl_context as c, url, config
             from pylons.controllers.util import redirect
             from pylons.i18n.translation import _
             from rhodecode.authentication.plugins import auth_rhodecode
             from rhodecode.lib.exceptions import (
                 DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,
                 UserOwnsUserGroupsException, UserCreationError)
             from rhodecode.lib import helpers as h
             from rhodecode.lib import auth
             from rhodecode.lib.auth import (
                 LoginRequired, HasPermissionAllDecorator, AuthUser, generate_auth_token)
             from rhodecode.lib.base import BaseController, render
             from rhodecode.model.auth_token import AuthTokenModel
             from rhodecode.model.db import (
                 PullRequestReviewers, User, UserEmailMap, UserIpMap, RepoGroup)
             from rhodecode.model.forms import (
                 UserForm, UserPermissionsForm, UserIndividualPermissionsForm)
             from rhodecode.model.user import UserModel
             from rhodecode.model.meta import Session
             from rhodecode.model.permission import PermissionModel
             from rhodecode.lib.utils import action_logger
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.utils2 import datetime_to_time, safe_int
             log = logging.getLogger(__name__)
             class UsersController(BaseController):
                 """REST Controller styled on the Atom Publishing Protocol"""
                 @LoginRequired()
                 def __before__(self):
                     super(UsersController, self).__before__()
                     c.available_permissions = config['available_permissions']
                     c.allowed_languages = [
                         ('en', 'English (en)'),
                         ('de', 'German (de)'),
                         ('fr', 'French (fr)'),
                         ('it', 'Italian (it)'),
                         ('ja', 'Japanese (ja)'),
                         ('pl', 'Polish (pl)'),
                         ('pt', 'Portuguese (pt)'),
                         ('ru', 'Russian (ru)'),
                         ('zh', 'Chinese (zh)'),
                     ]
                     PermissionModel().set_global_permission_choices(c, translator=_)
                 @HasPermissionAllDecorator('hg.admin')
                 def index(self):
                     """GET /users: All items in the collection"""
                     # url('users')
                     from rhodecode.lib.utils import PartialRenderer
                     _render = PartialRenderer('data_table/_dt_elements.html')
                     def grav_tmpl(user_email, size):
                         return _render("user_gravatar", user_email, size)
                     def username(user_id, username):
                         return _render("user_name", user_id, username)
                     def user_actions(user_id, username):
                         return _render("user_actions", user_id, username)
                     # json generate
                     c.users_list = User.query()\
                         .filter(User.username != User.DEFAULT_USER) \
                         .all()
                     users_data = []
                     for user in c.users_list:
                         users_data.append({
                             "gravatar": grav_tmpl(user.email, 20),
                             "username": h.link_to(
                                 user.username, h.url('user_profile', username=user.username)),
                             "username_raw": user.username,
                             "email": user.email,
                             "first_name": h.escape(user.name),
                             "last_name": h.escape(user.lastname),
                             "last_login": h.format_date(user.last_login),
                             "last_login_raw": datetime_to_time(user.last_login),
                             "last_activity": h.format_date(
                                 h.time_to_datetime(user.user_data.get('last_activity', 0))),
                             "last_activity_raw": user.user_data.get('last_activity', 0),
                             "active": h.bool2icon(user.active),
                             "active_raw": user.active,
                             "admin": h.bool2icon(user.admin),
                             "admin_raw": user.admin,
                             "extern_type": user.extern_type,
                             "extern_name": user.extern_name,
                             "action": user_actions(user.user_id, user.username),
                         })
                     c.data = json.dumps(users_data)
                     return render('admin/users/users.html')
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def create(self):
                     """POST /users: Create a new item"""
                     # url('users')
                     c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
                     user_model = UserModel()
                     user_form = UserForm()()
                     try:
                         form_result = user_form.to_python(dict(request.POST))
                         user = user_model.create(form_result)
                         Session().flush()
                         username = form_result['username']
                         action_logger(c.rhodecode_user, 'admin_created_user:%s' % username,
                                       None, self.ip_addr, self.sa)
                         user_link = h.link_to(h.escape(username),
                                               url('edit_user',
                                                   user_id=user.user_id))
                         h.flash(h.literal(_('Created user %(user_link)s')
                                           % {'user_link': user_link}), category='success')
                         Session().commit()
                     except formencode.Invalid as errors:
                         return htmlfill.render(
                             render('admin/users/user_add.html'),
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False)
                     except UserCreationError as e:
                         h.flash(e, 'error')
                     except Exception:
                         log.exception("Exception creation of user")
                         h.flash(_('Error occurred during creation of user %s')
                                 % request.POST.get('username'), category='error')
                     return redirect(url('users'))
                 @HasPermissionAllDecorator('hg.admin')
                 def new(self):
                     """GET /users/new: Form to create a new item"""
                     # url('new_user')
                     c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
                     return render('admin/users/user_add.html')
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def update(self, user_id):
                     """PUT /users/user_id: Update an existing item"""
                     # Forms posted to this method should contain a hidden field:
                     # <input type="hidden" name="_method" value="PUT" />
                     # Or using helpers:
                     #    h.form(url('update_user', user_id=ID),
                     #           method='put')
                     # url('user', user_id=ID)
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     c.active = 'profile'
                     c.extern_type = c.user.extern_type
                     c.extern_name = c.user.extern_name
                     c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
                     available_languages = [x[0] for x in c.allowed_languages]
                     _form = UserForm(edit=True, available_languages=available_languages,
                                      old_data={'user_id': user_id,
                                                'email': c.user.email})()
                     form_result = {}
                     try:
                         form_result = _form.to_python(dict(request.POST))
                         skip_attrs = ['extern_type', 'extern_name']
                         # TODO: plugin should define if username can be updated
                         if c.extern_type != "rhodecode":
                             # forbid updating username for external accounts
                             skip_attrs.append('username')
                         UserModel().update_user(user_id, skip_attrs=skip_attrs, **form_result)
                         usr = form_result['username']
                         action_logger(c.rhodecode_user, 'admin_updated_user:%s' % usr,
                                       None, self.ip_addr, self.sa)
                         h.flash(_('User updated successfully'), category='success')
                         Session().commit()
                     except formencode.Invalid as errors:
                         defaults = errors.value
                         e = errors.error_dict or {}
                         return htmlfill.render(
                             render('admin/users/user_edit.html'),
                             defaults=defaults,
                             errors=e,
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False)
+                    except UserCreationError as e:
+                        h.flash(e, 'error')
                     except Exception:
                         log.exception("Exception updating user")
                         h.flash(_('Error occurred during update of user %s')
                                 % form_result.get('username'), category='error')
                     return redirect(url('edit_user', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def delete(self, user_id):
                     """DELETE /users/user_id: Delete an existing item"""
                     # Forms posted to this method should contain a hidden field:
                     # <input type="hidden" name="_method" value="DELETE" />
                     # Or using helpers:
                     #    h.form(url('delete_user', user_id=ID),
                     #           method='delete')
                     # url('user', user_id=ID)
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     _repos = c.user.repositories
                     _repo_groups = c.user.repository_groups
                     _user_groups = c.user.user_groups
                     handle_repos = None
                     handle_repo_groups = None
                     handle_user_groups = None
                     # dummy call for flash of handle
                     set_handle_flash_repos = lambda: None
                     set_handle_flash_repo_groups = lambda: None
                     set_handle_flash_user_groups = lambda: None
                     if _repos and request.POST.get('user_repos'):
                         do = request.POST['user_repos']
                         if do == 'detach':
                             handle_repos = 'detach'
                             set_handle_flash_repos = lambda: h.flash(
                                 _('Detached %s repositories') % len(_repos),
                                 category='success')
                         elif do == 'delete':
                             handle_repos = 'delete'
                             set_handle_flash_repos = lambda: h.flash(
                                 _('Deleted %s repositories') % len(_repos),
                                 category='success')
                     if _repo_groups and request.POST.get('user_repo_groups'):
                         do = request.POST['user_repo_groups']
                         if do == 'detach':
                             handle_repo_groups = 'detach'
                             set_handle_flash_repo_groups = lambda: h.flash(
                                 _('Detached %s repository groups') % len(_repo_groups),
                                 category='success')
                         elif do == 'delete':
                             handle_repo_groups = 'delete'
                             set_handle_flash_repo_groups = lambda: h.flash(
                                 _('Deleted %s repository groups') % len(_repo_groups),
                                 category='success')
                     if _user_groups and request.POST.get('user_user_groups'):
                         do = request.POST['user_user_groups']
                         if do == 'detach':
                             handle_user_groups = 'detach'
                             set_handle_flash_user_groups = lambda: h.flash(
                                 _('Detached %s user groups') % len(_user_groups),
                                 category='success')
                         elif do == 'delete':
                             handle_user_groups = 'delete'
                             set_handle_flash_user_groups = lambda: h.flash(
                                 _('Deleted %s user groups') % len(_user_groups),
                                 category='success')
                     try:
                         UserModel().delete(c.user, handle_repos=handle_repos,
                                            handle_repo_groups=handle_repo_groups,
                                            handle_user_groups=handle_user_groups)
                         Session().commit()
                         set_handle_flash_repos()
                         set_handle_flash_repo_groups()
                         set_handle_flash_user_groups()
                         h.flash(_('Successfully deleted user'), category='success')
                     except (UserOwnsReposException, UserOwnsRepoGroupsException,
                             UserOwnsUserGroupsException, DefaultUserException) as e:
                         h.flash(e, category='warning')
                     except Exception:
                         log.exception("Exception during deletion of user")
                         h.flash(_('An error occurred during deletion of user'),
                                 category='error')
                     return redirect(url('users'))
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def reset_password(self, user_id):
                     """
                     toggle reset password flag for this user
                     :param user_id:
                     """
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     try:
                         old_value = c.user.user_data.get('force_password_change')
                         c.user.update_userdata(force_password_change=not old_value)
                         Session().commit()
                         if old_value:
                             msg = _('Force password change disabled for user')
                         else:
                             msg = _('Force password change enabled for user')
                         h.flash(msg, category='success')
                     except Exception:
                         log.exception("Exception during password reset for user")
                         h.flash(_('An error occurred during password reset for user'),
                                 category='error')
                     return redirect(url('edit_user_advanced', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def create_personal_repo_group(self, user_id):
                     """
                     Create personal repository group for this user
                     :param user_id:
                     """
                     from rhodecode.model.repo_group import RepoGroupModel
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     try:
                         desc = RepoGroupModel.PERSONAL_GROUP_DESC % {
                             'username': c.user.username}
                         if not RepoGroup.get_by_group_name(c.user.username):
                             RepoGroupModel().create(group_name=c.user.username,
                                                     group_description=desc,
                                                     owner=c.user.username)
                             msg = _('Created repository group `%s`' % (c.user.username,))
                             h.flash(msg, category='success')
                     except Exception:
                         log.exception("Exception during repository group creation")
                         msg = _(
                             'An error occurred during repository group creation for user')
                         h.flash(msg, category='error')
                     return redirect(url('edit_user_advanced', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 def show(self, user_id):
                     """GET /users/user_id: Show a specific item"""
                     # url('user', user_id=ID)
                     User.get_or_404(-1)
                 @HasPermissionAllDecorator('hg.admin')
                 def edit(self, user_id):
                     """GET /users/user_id/edit: Form to edit an existing item"""
                     # url('edit_user', user_id=ID)
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(url('users'))
                     c.active = 'profile'
                     c.extern_type = c.user.extern_type
                     c.extern_name = c.user.extern_name
                     c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
                     defaults = c.user.get_dict()
                     defaults.update({'language': c.user.user_data.get('language')})
                     return htmlfill.render(
                         render('admin/users/user_edit.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False)
                 @HasPermissionAllDecorator('hg.admin')
                 def edit_advanced(self, user_id):
                     user_id = safe_int(user_id)
                     user = c.user = User.get_or_404(user_id)
                     if user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(url('users'))
                     c.active = 'advanced'
                     c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
                     c.personal_repo_group = RepoGroup.get_by_group_name(user.username)
                     c.first_admin = User.get_first_admin()
                     defaults = user.get_dict()
                     # Interim workaround if the user participated on any pull requests as a
                     # reviewer.
                     has_review = bool(PullRequestReviewers.query().filter(
                         PullRequestReviewers.user_id == user_id).first())
                     c.can_delete_user = not has_review
                     c.can_delete_user_message = _(
                         'The user participates as reviewer in pull requests and '
                         'cannot be deleted. You can set the user to '
                         '"inactive" instead of deleting it.') if has_review else ''
                     return htmlfill.render(
                         render('admin/users/user_edit.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False)
                 @HasPermissionAllDecorator('hg.admin')
                 def edit_auth_tokens(self, user_id):
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(url('users'))
                     c.active = 'auth_tokens'
                     show_expired = True
                     c.lifetime_values = [
                         (str(-1), _('forever')),
                         (str(5), _('5 minutes')),
                         (str(60), _('1 hour')),
                         (str(60 * 24), _('1 day')),
                         (str(60 * 24 * 30), _('1 month')),
                     ]
                     c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]
                     c.role_values = [(x, AuthTokenModel.cls._get_role_name(x))
                                      for x in AuthTokenModel.cls.ROLES]
                     c.role_options = [(c.role_values, _("Role"))]
                     c.user_auth_tokens = AuthTokenModel().get_auth_tokens(
                         c.user.user_id, show_expired=show_expired)
                     defaults = c.user.get_dict()
                     return htmlfill.render(
                         render('admin/users/user_edit.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False)
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def add_auth_token(self, user_id):
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(url('users'))
                     lifetime = safe_int(request.POST.get('lifetime'), -1)
                     description = request.POST.get('description')
                     role = request.POST.get('role')
                     AuthTokenModel().create(c.user.user_id, description, lifetime, role)
                     Session().commit()
                     h.flash(_("Auth token successfully created"), category='success')
                     return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def delete_auth_token(self, user_id):
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(url('users'))
                     auth_token = request.POST.get('del_auth_token')
                     if request.POST.get('del_auth_token_builtin'):
                         user = User.get(c.user.user_id)
                         if user:
                             user.api_key = generate_auth_token(user.username)
                             Session().add(user)
                             Session().commit()
                             h.flash(_("Auth token successfully reset"), category='success')
                     elif auth_token:
                         AuthTokenModel().delete(auth_token, c.user.user_id)
                         Session().commit()
                         h.flash(_("Auth token successfully deleted"), category='success')
                     return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 def edit_global_perms(self, user_id):
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(url('users'))
                     c.active = 'global_perms'
                     c.default_user = User.get_default_user()
                     defaults = c.user.get_dict()
                     defaults.update(c.default_user.get_default_perms(suffix='_inherited'))
                     defaults.update(c.default_user.get_default_perms())
                     defaults.update(c.user.get_default_perms())
                     return htmlfill.render(
                         render('admin/users/user_edit.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False)
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def update_global_perms(self, user_id):
                     """PUT /users_perm/user_id: Update an existing item"""
                     # url('user_perm', user_id=ID, method='put')
                     user_id = safe_int(user_id)
                     user = User.get_or_404(user_id)
                     c.active = 'global_perms'
                     try:
                         # first stage that verifies the checkbox
                         _form = UserIndividualPermissionsForm()
                         form_result = _form.to_python(dict(request.POST))
                         inherit_perms = form_result['inherit_default_permissions']
                         user.inherit_default_permissions = inherit_perms
                         Session().add(user)
                         if not inherit_perms:
                             # only update the individual ones if we un check the flag
                             _form = UserPermissionsForm(
                                 [x[0] for x in c.repo_create_choices],
                                 [x[0] for x in c.repo_create_on_write_choices],
                                 [x[0] for x in c.repo_group_create_choices],
                                 [x[0] for x in c.user_group_create_choices],
                                 [x[0] for x in c.fork_choices],
                                 [x[0] for x in c.inherit_default_permission_choices])()
                             form_result = _form.to_python(dict(request.POST))
                             form_result.update({'perm_user_id': user.user_id})
                             PermissionModel().update_user_permissions(form_result)
                         Session().commit()
                         h.flash(_('User global permissions updated successfully'),
                                 category='success')
                         Session().commit()
                     except formencode.Invalid as errors:
                         defaults = errors.value
                         c.user = user
                         return htmlfill.render(
                             render('admin/users/user_edit.html'),
                             defaults=defaults,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False)
                     except Exception:
                         log.exception("Exception during permissions saving")
                         h.flash(_('An error occurred during permissions saving'),
                                 category='error')
                     return redirect(url('edit_user_global_perms', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 def edit_perms_summary(self, user_id):
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(url('users'))
                     c.active = 'perms_summary'
                     c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
                     return render('admin/users/user_edit.html')
                 @HasPermissionAllDecorator('hg.admin')
                 def edit_emails(self, user_id):
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(url('users'))
                     c.active = 'emails'
                     c.user_email_map = UserEmailMap.query() \
                         .filter(UserEmailMap.user == c.user).all()
                     defaults = c.user.get_dict()
                     return htmlfill.render(
                         render('admin/users/user_edit.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False)
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def add_email(self, user_id):
                     """POST /user_emails:Add an existing item"""
                     # url('user_emails', user_id=ID, method='put')
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     email = request.POST.get('new_email')
                     user_model = UserModel()
                     try:
                         user_model.add_extra_email(user_id, email)
                         Session().commit()
                         h.flash(_("Added new email address `%s` for user account") % email,
                                 category='success')
                     except formencode.Invalid as error:
                         msg = error.error_dict['email']
                         h.flash(msg, category='error')
                     except Exception:
                         log.exception("Exception during email saving")
                         h.flash(_('An error occurred during email saving'),
                                 category='error')
                     return redirect(url('edit_user_emails', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def delete_email(self, user_id):
                     """DELETE /user_emails_delete/user_id: Delete an existing item"""
                     # url('user_emails_delete', user_id=ID, method='delete')
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     email_id = request.POST.get('del_email_id')
                     user_model = UserModel()
                     user_model.delete_extra_email(user_id, email_id)
                     Session().commit()
                     h.flash(_("Removed email address from user account"), category='success')
                     return redirect(url('edit_user_emails', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 def edit_ips(self, user_id):
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(url('users'))
                     c.active = 'ips'
                     c.user_ip_map = UserIpMap.query() \
                         .filter(UserIpMap.user == c.user).all()
                     c.inherit_default_ips = c.user.inherit_default_permissions
                     c.default_user_ip_map = UserIpMap.query() \
                         .filter(UserIpMap.user == User.get_default_user()).all()
                     defaults = c.user.get_dict()
                     return htmlfill.render(
                         render('admin/users/user_edit.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False)
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def add_ip(self, user_id):
                     """POST /user_ips:Add an existing item"""
                     # url('user_ips', user_id=ID, method='put')
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     user_model = UserModel()
                     try:
                         ip_list = user_model.parse_ip_range(request.POST.get('new_ip'))
                     except Exception as e:
                         ip_list = []
                         log.exception("Exception during ip saving")
                         h.flash(_('An error occurred during ip saving:%s' % (e,)),
                                 category='error')
                     desc = request.POST.get('description')
                     added = []
                     for ip in ip_list:
                         try:
                             user_model.add_extra_ip(user_id, ip, desc)
                             Session().commit()
                             added.append(ip)
                         except formencode.Invalid as error:
                             msg = error.error_dict['ip']
                             h.flash(msg, category='error')
                         except Exception:
                             log.exception("Exception during ip saving")
                             h.flash(_('An error occurred during ip saving'),
                                     category='error')
                     if added:
                         h.flash(
                             _("Added ips %s to user whitelist") % (', '.join(ip_list), ),
                             category='success')
                     if 'default_user' in request.POST:
                         return redirect(url('admin_permissions_ips'))
                     return redirect(url('edit_user_ips', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def delete_ip(self, user_id):
                     """DELETE /user_ips_delete/user_id: Delete an existing item"""
                     # url('user_ips_delete', user_id=ID, method='delete')
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     ip_id = request.POST.get('del_ip_id')
                     user_model = UserModel()
                     user_model.delete_extra_ip(user_id, ip_id)
                     Session().commit()
                     h.flash(_("Removed ip address from user whitelist"), category='success')
                     if 'default_user' in request.POST:
                         return redirect(url('admin_permissions_ips'))
                     return redirect(url('edit_user_ips', user_id=user_id))