rhodecode-enterprise-ce Commit - r4251:fc351abb

release: merge back stable branch into default

marcink -

r4251:fc351abb default

parent child

The requested changes are too big and content was truncated. Show full diff

docs/release-notes/release-notes-4.18.1.rst

0 created 644 +60 0

@@ -0,0 +1,60 b''
	1	\|RCE\| 4.18.1 \|RNS\|
	2	------------------
	3
	4	Release Date
	5	^^^^^^^^^^^^
	6
	7	- 2020-01-20
	8
	9
	10	New Features
	11	^^^^^^^^^^^^
	12
	13
	14
	15	General
	16	^^^^^^^
	17
	18	- API: invalidate license cache on set_license_key call.
	19	- API: add send_email flag for comments api to allow commenting without email notification.
	20	- API: added pull requests versions into returned API data.
	21	- Dashboard: fixed jumping of text in grid loading by new loading indicator.
	22	- Installation: add few extra defaults that makes RhodeCode nicer out of the box.
	23	- Pull Requests: small code cleanup to define other type of merge username.
	24	RC_MERGE_USER_NAME_ATTR env variable defines what should be used from user as merge username.
	25	- Gists: cleanup UI and make the gist access id use monospace according to the new UI.
	26
	27
	28	Security
	29	^^^^^^^^
	30
	31	- Repository permission: properly flush permission caches on set private mode of repository.
	32	Otherwise we get cached values still in place until it expires.
	33	- Repository permission: add set/un-set of private repository from permissions page.
	34	- Permissions: flush all user permissions in case of default user permission changes.
	35
	36
	37	Performance
	38	^^^^^^^^^^^
	39
	40	- Caches: used more efficient way of fetching all users for permissions invalidation.
	41	- Issue trackers: optimized performance of fetching issue tracker patterns.
	42
	43
	44	Fixes
	45	^^^^^
	46
	47	- SSH: fixed SSH problems with EE edition.
	48	- Branch permissions: remove emtpy tooltips on branch permission entries.
	49	- Core: fixed cython compat inspect that caused some API calls to not work correctly in EE release.
	50	- Audit logger: use copy of params we later modify to prevent from modification by the store
	51	function of parameters that we only use for reading.
	52	- Users: fixed wrong mention of readme in user description help block.
	53	- Issue trackers: fixed wrong examples in patterns.
	54	- Issue trackers: fixed missing option to get back to inherited settings.
	55
	56
	57	Upgrade notes
	58	^^^^^^^^^^^^^
	59
	60	- Scheduled release addressing problems in 4.18.X releases.

docs/release-notes/release-notes-4.18.2.rst

0 created 644 +49 0

@@ -0,0 +1,49 b''
	1	\|RCE\| 4.18.2 \|RNS\|
	2	------------------
	3
	4	Release Date
	5	^^^^^^^^^^^^
	6
	7	- 2020-01-28
	8
	9
	10	New Features
	11	^^^^^^^^^^^^
	12
	13
	14
	15	General
	16	^^^^^^^
	17
	18	- Permissions: add better help text about default permissions, and correlation with anonymous access enabled.
	19	- Mentions: markdown renderer now wraps username in hovercard logic allowing checking the mentioned user.
	20	- Documentation: added note about hard restart due to celery update.
	21	- Maintenance: run rebuildfncache for Mercurial in maintenance command.
	22
	23
	24	Security
	25	^^^^^^^^
	26
	27
	28
	29	Performance
	30	^^^^^^^^^^^
	31
	32	- Authentication: cache plugins for auth and their settings in the auth_registry for single request.
	33	This heavily influences SVN performance on multiple-file commits.
	34
	35
	36	Fixes
	37	^^^^^
	38
	39	- Descriptions: fixed rendering problem with certain meta-tags in repo description.
	40	- Emails: fixed fonts rendering problems in Outlook.
	41	- Emails: fixed bug in test email sending.
	42	- Summary: fixed styling of readme indicator.
	43	- Flash: fixed display problem with flash messages on error pages.
	44
	45
	46	Upgrade notes
	47	^^^^^^^^^^^^^
	48
	49	- Scheduled release addressing problems in 4.18.X releases.

docs/release-notes/release-notes-4.18.3.rst

0 created 644 +64 0

@@ -0,0 +1,64 b''
	1	\|RCE\| 4.18.3 \|RNS\|
	2	------------------
	3
	4	Release Date
	5	^^^^^^^^^^^^
	6
	7	- 2020-03-24
	8
	9
	10	New Features
	11	^^^^^^^^^^^^
	12
	13	- LDAP: added nested user groups sync which was planned in 4.18.X but didn't
	14	make it to the release. New option for sync is available in the LDAP configuration.
	15
	16
	17	General
	18	^^^^^^^
	19
	20	- API: added branch permissions functions.
	21	- Pull requests: added creating indicator to let users know they should wait until PR is creating.
	22	- Pull requests: allow super-admins to force change state of locked PRs.
	23	- Users/User groups: in edit mode we now show the actual name of what we're editing.
	24	- SSH: allow generation of legacy SSH keys for older systems and Windows users.
	25	- File store: don't response with cookie data on file-store download response.
	26	- File store: use our own logic for setting content-type. This solves a problem
	27	when previously used resolver set different content-type+content-encoding which
	28	is an incorrect behaviour.
	29	- My Account: show info about password usage for external accounts e.g github/google etc
	30	We now recommend using auth-tokens instead of actual passwords.
	31	- Repositories: in description field we now show mention of metatags only if they
	32	are enabled.
	33
	34
	35	Security
	36	^^^^^^^^
	37
	38	- Remote sync: don't expose credentials in displayed URLs.
	39	Remote links url had visible credentials displayed in the link.
	40	This was used for web-view and not needed anymore.
	41
	42
	43	Performance
	44	^^^^^^^^^^^
	45
	46	- Full text search: significantly improved GIT commit indexing performance by reducing
	47	number of calls to the vcsserver.
	48
	49
	50	Fixes
	51	^^^^^
	52
	53	- Mercurial: fixed cases of lookup of branches that are exactly 20 character long.
	54	- SVN: allow legacy (pre SVN 1.7) extraction of post commit data.
	55	- GIT: use non-unicode author extraction as it's returned as bytes from backend, and
	56	we can get an unicode errors while there's some non-ascii characters.
	57	- GIT: use safe configparser for git submodules to prevent from errors on submodules with % sign.
	58	- System info: fixed UI problem with new version update info screen.
	59
	60
	61	Upgrade notes
	62	^^^^^^^^^^^^^
	63
	64	- Scheduled release addressing problems in 4.18.X releases.

.hgtags

0 +4 0

 bd3e92b7e2e2d2024152b34bb88dff1db544a71 v4.0.0
 c5398320ea6cddd50955e88d408794c21d43a v4.0.1
             c3fe200198f5aa34cf2e4066df2881a9cefe3704 v4.1.0
 fd5c850745e2ea821fb4406af5f4bff9b0a7526 v4.1.1
 c87da28a179953df86061d817bc35533c66dd2 v4.1.2
             baaf9f5bcea3bae0ef12ae20c8b270482e62abb6 v4.2.0
 a70c7e56844a825f61df496ee5eaf8c3c4e189 v4.2.1
             fa695cdb411d294679ac081d595ac654e5613b03 v4.3.0
 e4dc11b58cad833c513fe17bac39e6850edf959 v4.3.1
 a876f48f5cb1d018b837db28ff928500cb32cfb v4.4.0
 dd86b410b1aac086ffdfc524ef300f896af5047 v4.4.1
             d2514226abc8d3b4f6fb57765f47d1b6fb360a05 v4.4.2
 d783325930af6dad2741476c0d0b1b7c8415c2 v4.5.0
 f2016f352abcbdba4a19d4039c386e9629449da v4.5.1
 fec799314c70a5c780fb28b3357b08869333a v4.5.2
 c3b85fafc83143e6678fbc3da69e1615bcac55 v4.6.0
 ad13deb9118c2a5243d4032d4d9cc174e5872db v4.6.1
 be921e01fa24bb102696ada596f87464c3666f6 v4.7.0
 bdec29c2872c974431d55200d0398354cdb1 v4.7.1
             bd1c8d230fe741c2dfd7100a0ef39fd0774fd581 v4.7.2
             9731914f89765d9628dc4dddc84bc9402aa124c8 v4.8.0
             c5a2b7d0e4bbdebc4a62d7b624befe375207b659 v4.9.0
             d9aa3b27ac9f7e78359775c75fedf7bfece232f1 v4.9.1
 ba4d74981cec5d6b28b158f875a2540952c2f74 v4.10.0
 a6821cbd6b0b3c21503002f88800679fa35ab63 v4.10.1
 ad90ec8d621f4416074b84f6e9ce03964defb v4.10.2
 baee10e698da2724c6e0f698c03a6abb993bf2 v4.10.3
 d3afd1dce3f4767cc353f84a17f7d5218a1 v4.10.4
 f6744ad8cc274311825f63f953e4dee2ea5cb9 v4.10.5
 eb24bea2f5f9258775245e3f09f6fa0a4dda01 v4.10.6
             3121217a812c956d7dd5a5875821bd73e8002a32 v4.11.0
             fa98b454715ac5b912f39e84af54345909a2a805 v4.11.1
 abcfdcc229a723cebe52d3a9bcff10bba08e v4.11.2
 f145db9172f0a8f1487e09207178a6ab065 v4.11.3
 c74f33e32bbae6fc4d71ec5a999cff3c13605 v4.11.4
 fbd8b0c3ddc2fa4ac9e4ca16942a03eb593df2d v4.11.5
             f0609aa5d5d05a1ca2f97c3995542236131c9d8a v4.11.6
             b5b30547d90d2e088472a70c84878f429ffbf40d v4.12.0
             9072253aa8894d20c00b4a43dc61c2168c1eff94 v4.12.1
 a517543ea9ef9987d74371bd2a315eb0b232dc9 v4.12.2
 fc0731b024c3114be87865eda7ab621cc957e32 v4.12.3
 d531c0b068c6eda62dddceedc9f845ecb6feb6f v4.12.4
 d6bf2d81b1564830eb5e83396110d2a9a93eb1e v4.13.0
 fc89e708bd90e413cd0d54350017abbdbc0e v4.13.1
 d621550521c314ee97b3d43473ac0bcf06fb8 v4.13.2
 dc62c090881fb5d03268141e71e0940d7c3295d v4.13.3
             9151328c1c46b72ba6f00d7640d9141e75aa1ca2 v4.14.0
             a47eeac5dfa41fa6779d90452affba4091c3ade8 v4.14.1
 b34ce0d2c3c10510626b3b65044939bb7a2cddf v4.15.0
             14502561d22e6b70613674cd675ae9a604b7989f v4.15.1
 aaa40b605b01af78a9f6882eca561c54b525ef0 v4.15.2
             797744642eca86640ed20bef2cd77445780abaec v4.16.0
 c3452c7c25ed35ff269690929e11960ed6ad7d3 v4.16.1
 d8057df561c4b6b81b6401aed7d2f911e6e77f7 v4.16.2
 acfc008896ef4c62546bab5074e8f6f89b4fa7 v4.17.0
 b9b610976f483877142fe75321808ce9ebac59 v4.17.1
             ad5bd0c4bd322fdbd04bb825a3d027e08f7a3901 v4.17.2
 f5794b55a6236d68f6485a485372dde6566e0 v4.17.3
 bc3100cfd6094c1d04f475ddb299b7dc3d0b33 v4.17.4
             e3de8c95baf8cc9109ca56aee8193a2cb6a54c8a v4.17.4
+            f37a3126570477543507f0bc9d245ce75546181a v4.18.0
+d8791463e87b64c1a18475de330ee600d37561 v4.18.1
+bd6b75dac1d25c64885d4d49385e5533f21c525 v4.18.2
+ed92fe57f2e9fc7b71dc0b65e26c2da5c7085f v4.18.3

docs/admin/repo_admin/repo-admin-tasks.rst

0 +1 -1

             .. _repo-admin-tasks:
             Common Admin Tasks for Repositories
             -----------------------------------
             Manually Force Delete Repository
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
             In case of attached forks or pull-requests repositories should be archived.
             Here is how to force delete a repository and remove all dependent objects
             .. code-block:: bash
                :dedent: 1
                 # starts the ishell interactive prompt
                 $ rccontrol ishell enterprise-1
             .. code-block:: python
                :dedent: 1
                 In [4]: from rhodecode.model.repo import RepoModel
                 In [3]: repo = Repository.get_by_repo_name('test_repos/repo_with_prs')
                 In [5]: RepoModel().delete(repo, forks='detach', pull_requests='delete')
                 In [6]: Session().commit()
             Below is a fully automated example to force delete repositories reading from a
             file where each line is a repository name. This can be executed via simple CLI command
             without entering the interactive shell.
             Save the below content as a file named `repo_delete_task.py`
             .. code-block:: python
                :dedent: 1
                 from rhodecode.model.db import *
                 from rhodecode.model.repo import RepoModel
                 with open('delete_repos.txt', 'rb') as f:
                     # read all lines from file
                     repos = f.readlines()
                     for repo_name in repos:
                         repo_name = repo_name.strip()  # cleanup the name just in case
                         repo = Repository.get_by_repo_name(repo_name)
                         if not repo:
                             raise Exception('Repo with name {} not found'.format(repo_name))
                         RepoModel().delete(repo, forks='detach', pull_requests='delete')
                         Session().commit()
                         print('Removed repository {}'.format(repo_name))
             The code above will read the names of repositories from a file called `delete_repos.txt`
             Each lines should represent a single name e.g `repo_name_1` or `repo_group/repo_name_2`
             Run this line from CLI to execute the code from the `repo_delete_task.py` file and
             exit the ishell after the execution::
-                echo "%run repo_delete_task.py" | rccontrol ishell Enterprise-1
+                echo "%run repo_delete_task.py" | rccontrol ishell enterprise-1

docs/admin/system_admin/svn-http.rst

0 +1 0

             .. _svn-http:
             |svn| With Write Over HTTP
             ^^^^^^^^^^^^^^^^^^^^^^^^^^
             To use |svn| with read/write support over the |svn| HTTP protocol, you have to
             configure the HTTP |svn| backend.
             Prerequisites
             =============
             - Enable HTTP support inside the admin VCS settings on your |RCE| instance
             - You need to install the following tools on the machine that is running an
               instance of |RCE|:
               ``Apache HTTP Server`` and ``mod_dav_svn``.
             .. tip::
                We recommend using Wandisco repositories which provide latest SVN versions
                for most platforms. If you skip this version you'll have to ensure the Client version
                is compatible with installed SVN version which might differ depending on the operating system.
                Here is an example how to add the Wandisco repositories for Ubuntu.
                 .. code-block:: bash
                     $ sudo sh -c 'echo "deb http://opensource.wandisco.com/ubuntu `lsb_release -cs` svn110" >> /etc/apt/sources.list.d/subversion110.list'
                     $ sudo wget -q http://opensource.wandisco.com/wandisco-debian-new.gpg -O- | sudo apt-key add -
                     $ sudo apt-get update
                 Here is an example how to add the Wandisco repositories for Centos/Redhat. Using
                 a yum config
                 .. code-block:: bash
                     [wandisco-Git]
                     name=CentOS-6 - Wandisco Git
                     baseurl=http://opensource.wandisco.com/centos/6/git/$basearch/
                     enabled=1
                     gpgcheck=1
                     gpgkey=http://opensource.wandisco.com/RPM-GPG-KEY-WANdisco
             Example installation of required components for Ubuntu platform:
             .. code-block:: bash
                 $ sudo apt-get install apache2
                 $ sudo apt-get install libapache2-svn
             Once installed you need to enable ``dav_svn`` on Ubuntu:
             .. code-block:: bash
                 $ sudo a2enmod dav_svn
                 $ sudo a2enmod headers
                 $ sudo a2enmod authn_anon
             Example installation of required components for RedHat/CentOS platform:
             .. code-block:: bash
                 $ sudo yum install httpd
                 $ sudo yum install subversion mod_dav_svn
             Once installed you need to enable ``dav_svn`` on RedHat/CentOS:
             .. code-block:: bash
                 sudo vi /etc/httpd/conf.modules.d/10-subversion.conf
                 ## The file should read:
                 LoadModule dav_svn_module     modules/mod_dav_svn.so
                 LoadModule headers_module     modules/mod_headers.so
                 LoadModule authn_anon_module  modules/mod_authn_anon.so
             .. tip::
                To check the installed mod_dav_svn module version, you can use such command.
                `strings /usr/lib/apache2/modules/mod_dav_svn.so | grep 'Powered by'`
             Configuring Apache Setup
             ========================
             .. tip::
                It is recommended to run Apache on a port other than 80, due to possible
                conflicts with other HTTP servers like nginx. To do this, set the
                ``Listen`` parameter in the ``/etc/apache2/ports.conf`` file, for example
                ``Listen 8090``.
             .. warning::
                Make sure your Apache instance which runs the mod_dav_svn module is
                only accessible by |RCE|. Otherwise everyone is able to browse
                the repositories or run subversion operations (checkout/commit/etc.).
             It is also recommended to run apache as the same user as |RCE|, otherwise
             permission issues could occur. To do this edit the ``/etc/apache2/envvars``
                .. code-block:: apache
                   export APACHE_RUN_USER=rhodecode
                   export APACHE_RUN_GROUP=rhodecode
 . To configure Apache, create and edit a virtual hosts file, for example
                :file:`/etc/apache2/sites-enabled/default.conf`. Below is an example
                how to use one with auto-generated config ```mod_dav_svn.conf```
                from configured |RCE| instance.
             .. code-block:: apache
                 <VirtualHost *:8090>
                     ServerAdmin rhodecode-admin@localhost
                     DocumentRoot /var/www/html
                     ErrorLog ${'${APACHE_LOG_DIR}'}/error.log
                     CustomLog ${'${APACHE_LOG_DIR}'}/access.log combined
                     LogLevel info
                     # allows custom host names, prevents 400 errors on checkout
                     HttpProtocolOptions Unsafe
+                    # Most likely this will be: /home/user/.rccontrol/enterprise-1/mod_dav_svn.conf
                     Include /home/user/.rccontrol/enterprise-1/mod_dav_svn.conf
                 </VirtualHost>
 . Go to the :menuselection:`Admin --> Settings --> VCS` page, and
                enable :guilabel:`Proxy Subversion HTTP requests`, and specify the
                :guilabel:`Subversion HTTP Server URL`.
 . Open the |RCE| configuration file,
                :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
 . Add the following configuration option in the ``[app:main]``
                section if you don't have it yet.
                This enables mapping of the created |RCE| repo groups into special
                |svn| paths. Each time a new repository group is created, the system will
                update the template file and create new mapping. Apache web server needs to
                be reloaded to pick up the changes on this file.
                To do this, simply configure `svn.proxy.reload_cmd` inside the .ini file.
                Example configuration:
             .. code-block:: ini
                 ############################################################
                 ### Subversion proxy support (mod_dav_svn)               ###
                 ### Maps RhodeCode repo groups into SVN paths for Apache ###
                 ############################################################
                 ## Enable or disable the config file generation.
                 svn.proxy.generate_config = true
                 ## Generate config file with `SVNListParentPath` set to `On`.
                 svn.proxy.list_parent_path = true
                 ## Set location and file name of generated config file.
                 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
                 ## Used as a prefix to the <Location> block in the generated config file.
                 ## In most cases it should be set to `/`.
                 svn.proxy.location_root = /
                 ## Command to reload the mod dav svn configuration on change.
                 ## Example: `/etc/init.d/apache2 reload`
                 svn.proxy.reload_cmd = /etc/init.d/apache2 reload
                 ## If the timeout expires before the reload command finishes, the command will
                 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
                 #svn.proxy.reload_timeout = 10
             This would create a special template file called ```mod_dav_svn.conf```. We
             used that file path in the apache config above inside the Include statement.
             It's also possible to manually generate the config from the
             :menuselection:`Admin --> Settings --> VCS` page by clicking a
             `Generate Apache Config` button.
 . Now only things left is to enable svn support, and generate the initial
                configuration.
                - Select `Proxy subversion HTTP requests` checkbox
                - Enter http://localhost:8090 into `Subversion HTTP Server URL`
                - Click the `Generate Apache Config` button.
             This config will be automatically re-generated once an user-groups is added
             to properly map the additional paths generated.
             Using |svn|
             ===========
             Once |svn| has been enabled on your instance, you can use it with the
             following examples. For more |svn| information, see the `Subversion Red Book`_
             .. code-block:: bash
                 # To clone a repository
                 svn checkout http://my-svn-server.example.com/my-svn-repo
                 # svn commit
                 svn commit
             .. _Subversion Red Book: http://svnbook.red-bean.com/en/1.7/svn-book.html#svn.ref.svn
             .. _Ask Ubuntu: http://askubuntu.com/questions/162391/how-do-i-fix-my-locale-issue

docs/admin/system_admin/tuning/tuning-user-sessions-performance.rst

0 +1 -1

             .. _user-session-ref:
             User Session Performance
             ------------------------
             The default file-based sessions are only suitable for smaller setups, or
             instances that doesn't have a lot of users or traffic.
             They are set as default option because it's setup-free solution.
             The most common issue of file based sessions are file limit errors which occur
             if there are lots of session files.
             Therefore, in a large scale deployment, to give better performance,
             scalability, and maintainability we recommend switching from file-based
             sessions to database-based user sessions or Redis based sessions.
             To switch to database-based user sessions uncomment the following section in
             your :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file.
             .. code-block:: ini
                   ## db based session, fast, and allows easy management over logged in users
                   beaker.session.type = ext:database
                   beaker.session.table_name = db_session
                   # use just one of the following according to the type of database
                   beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
                   # or
                   beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
                   beaker.session.sa.pool_recycle = 3600
                   beaker.session.sa.echo = false
             and make sure you comment out the file based sessions.
             .. code-block:: ini
                   ## types are file, ext:memcached, ext:database, and memory (default).
                   #beaker.session.type = file
                   #beaker.session.data_dir = %(here)s/data/sessions/data
             The `table_name` will be automatically created on specified database if it isn't yet existing.
             Database specified in the `beaker.session.sa.url` can be the same that RhodeCode
             uses, or if required it can be a different one. We recommend to use the same database.
-            To switch to reds-based user sessions uncomment the following section in
+            To switch to redis-based user sessions uncomment the following section in
             your :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file.
             .. code-block:: ini
                   ## redis sessions
                   beaker.session.type = ext:redis
                   beaker.session.url = localhost:6379
             and make sure you comment out the file based sessions.
             .. code-block:: ini
                   ## types are file, ext:memcached, ext:database, and memory (default).
                   #beaker.session.type = file
                   #beaker.session.data_dir = %(here)s/data/sessions/data

docs/install/quick-start.rst

0 +9 0

             .. _quick-start:
             Quick Start Installation Guide
             ==============================
             .. important::
                 These are quick start instructions. To optimize your |RCE|,
                 |RCC|, and |RCT| usage, read the more detailed instructions in our guides.
                 For detailed installation instructions, see
                 :ref:`RhodeCode Control Documentation <control:rcc>`
             .. tip::
                If using a non-SQLite database, install and configure the database, create
                a new user, and grant permissions. You will be prompted for this user's
                credentials during |RCE| installation. See the relevant database
                documentation for more details.
             To get |RCE| up and running, run through the below steps:
 . Download the latest |RCC| installer from `rhodecode.com/download`_.
                If you don't have an account, sign up at `rhodecode.com/register`_.
 . Run the |RCC| installer and accept the End User Licence using the
                following example:
             .. code-block:: bash
                 $ chmod +x RhodeCode-installer-linux-*
                 $ ./RhodeCode-installer-linux-*
                 Do you accept the RhodeCode Control license?
                 Press [Y] to accept license and [V] to view license text: y
+            .. important::
+               We recommend running RhodeCode as a non-root user, such as `rhodecode`;
+               this user must have a proper home directory.
+               Either log in as that user to install the software, or do it as root
+               with `sudo -i -u rhodecode ./RhodeCode-installer-linux-*`
 . Install a VCS Server, and configure it to start at boot.
             .. code-block:: bash
                 $ rccontrol install VCSServer
                 Agree to the licence agreement? [y/N]: y
                 IP to start the server on [127.0.0.1]:
                 Port for the server to start [10005]:
                 Creating new instance: vcsserver-1
                 Installing RhodeCode VCSServer
                 Configuring RhodeCode VCS Server ...
                 Supervisord state is: RUNNING
                 Added process group vcsserver-1
 . Install |RCEE| or |RCCE|. If using MySQL or PostgreSQL, during
                installation you'll be asked for your database credentials, so have them at hand.
                Mysql or Postgres needs to be running and a new database needs to be created.
                You don't need any credentials or to create a database for SQLite.
             .. code-block:: bash
                :emphasize-lines: 11-16
                 $ rccontrol install Community
                 or
                 $ rccontrol install Enterprise
                 Username [admin]: username
                 Password (min 6 chars):
                 Repeat for confirmation:
                 Email: your@mail.com
                 Respositories location [/home/brian/repos]:
                 IP to start the Enterprise server on [127.0.0.1]:
                 Port for the Enterprise server to use [10004]:
                 Database type - [s]qlite, [m]ysql, [p]ostresql:
                 PostgreSQL selected
                 Database host [127.0.0.1]:
                 Database port [5432]:
                 Database username: db-user-name
                 Database password: somepassword
                 Database name: example-db-name
 . Check the status of your installation. You |RCEE|/|RCCE| instance runs
                on the URL displayed in the status message.
             .. code-block:: bash
                 $ rccontrol status
                 - NAME: enterprise-1
                 - STATUS: RUNNING
                 - TYPE: Enterprise
                 - VERSION: 4.1.0
                 - URL: http://127.0.0.1:10003
                 - NAME: vcsserver-1
                 - STATUS: RUNNING
                 - TYPE: VCSServer
                 - VERSION: 4.1.0
                 - URL: http://127.0.0.1:10001
             .. note::
                Recommended post quick start install instructions:
                * Read the documentation
                * Carry out the :ref:`rhodecode-post-instal-ref`
                * Set up :ref:`indexing-ref`
                * Familiarise yourself with the :ref:`rhodecode-admin-ref` section.
             .. _rhodecode.com/download/: https://rhodecode.com/download/
             .. _rhodecode.com: https://rhodecode.com/
             .. _rhodecode.com/register: https://rhodecode.com/register/
             .. _rhodecode.com/download: https://rhodecode.com/download/

docs/release-notes/release-notes-4.18.0.rst

0 +9 0

             |RCE| 4.18.0 |RNS|
             ------------------
             Release Date
             ^^^^^^^^^^^^
             - 2020-01-05
             New Features
             ^^^^^^^^^^^^
             - Artifacts: are no longer in BETA. New info page is available for uploaded artifacts
               which exposes some useful information like sha256, various access urls etc, and also
               allows deletion of artifacts, and updating their description.
             - Artifacts: support new download url based on access to artifacts using new auth-token types.
             - Artifacts: added ability to store artifacts using API, and internal cli upload.
               This allows uploading of artifacts that can have 100s of GBs in size efficiently.
             - Artifacts: added metadata logic to store various extra custom data for artifacts.
             - Comments: added support for adding comment attachments using the artifacts logic.
               Logged in users can now pick or drag and drop attachments into comment forms.
             - Comments: enable linkification of certain patterns on comments in repo/pull request scopes.
               This will render now active links to commits, pull-requests mentioned in comments body.
             - Jira: new update integration plugin.
               Plugin now fetches possible transitions from tickets and show them to users in the interface.
               Allow sending extra attributes during a transition like `resolution` message.
             - Navigation: Added new consistent and contextual way of creating new objects
               likes gists, repositories, and repository groups using dedicated action (with a `+` sign)
               available in the top navigation.
             - Hovercards: added new tooltips and hovercards to expose certain information for objects shown in UI.
               RhodeCode usernames, issues, pull-requests will have active hovercard logic that will
               load extra information about them and exposing them to users.
             - Files: all readme files found in repository file browser will be now rendered, allowing having readme per directory.
             - Search: expose line counts in search files information.
             - Audit-logs: expose download user audit logs as JSON file.
             - Users: added description field for users.
               Allows users to write a short BIO, or description of their role in the organization.
             - Users: allow super-admins to change bound authentication type for users.
               E.g internal rhodecode accounts can be changed to ldap easily from user settings page.
             - Pull requests: simplified the UI for display view, hide less important information and expose the most important ones.
             - Pull requests: add merge check that detects WIP marker in title.
               Usually WIP in title means unfinished task that needs still some work, such marker will prevent accidental merges.
             - Pull requests: TODO comments have now a dedicated box below reviewers to keep track
               of important TODOs that still need attention before review process is finalized.
             - Pull requests: participants of pull request will receive an email about update of a
               pull requests with a small summary of changes made.
             - Pull requests: change the naming from #NUM into !NUM.
               !NUM format is now parsed and linkified in comments and commit messages.
             - Pull requests: pull requests which state is changing can now be viewed with a limited view.
             - Pull requests: re-organize merge/close buttons and merge checks according to the new UI.
             - Pull requests: update commits button allows a force-refresh update now using dropdown option.
             - Pull requests: added quick filter to grid view to filter/search pull requests in a repository.
             - Pull requests: closing a pull-request without a merge requires additional confirmation now.
             - Pull requests: merge checks will now show which files caused conflicts and are blocking the merge.
             - Emails: updated all generated emails design and cleanup the data fields they expose.
               a) More consistent UI for all types of emails. b) Improved formatting of plaintext emails
               c) Added reply link to comment type emails for quicker response action.
             General
             ^^^^^^^
             - Artifacts: don't show hidden artifacts, allow showing them via a GET ?hidden=1 flag.
               Hidden artifacts are for example comment attachments.
             - UI: new commits page, according to the new design, which started on 4.17.X release lines
             - UI: use explicit named actions like "create user" instead of generic "save" which is bad UX.
             - UI: fixed problems with generating last change in repository groups.
               There's now a new logic that checks all objects inside group for latest update time.
             - API: add artifact `get_info`, and `store_metadata` methods.
             - API: allowed to specify extra recipients for pr/commit comments api methods.
             - Vcsserver: set file based cache as default for vcsserver which can be shared
               across multiple workers saving memory usage.
             - Vcsserver: added redis as possible cache backend for even greater performance.
             - Dependencies: bumped GIT version to 2.23.0
             - Dependencies: bumped SVN version to 1.12.2
             - Dependencies: bumped Mercurial version to 5.1.1 and hg-evolve to 9.1.0
             - Search: added logic for sorting ElasticSearch6 backend search results.
             - User bookmarks: make it easier to re-organize existing entries.
             - Data grids: hide pagination for single pages in grids.
             - Gists: UX, removed private/public gist buttons and replaced them with radio group.
             - Gunicorn: moved all configuration of gunicorn workers to .ini files.
             - Gunicorn: added worker memory management allowing setting maximum per-worker memory usage.
             - Automation: moved update groups task into celery task
             - Cache commits: add option to refresh caches manually from advanced pages.
             - Pull requests: add indication of state change in list of pull-requests and actually show them in the list.
             - Cache keys: register and self cleanup cache keys used for invalidation to prevent leaking lot of them into DB on worker recycle
             - Repo groups: removed locking inheritance flag from repo-groups. We'll deprecate this soon and this only brings in confusion
             - System snapshot: improved formatting for better readability
             - System info: expose data about vcsserver.
             - Packages: updated celery to 4.3.0 and switch default backend to redis instead of RabbitMQ.
               Redis is stable enough and easier to install. Having Redis simplifies the stack as it's used in other parts of RhodeCode.
             - Dependencies: bumped alembic to 1.2.1
             - Dependencies: bumped amqp==2.5.2 and kombu==4.6.6
             - Dependencies: bumped atomicwrites==1.3.0
             - Dependencies: bumped cffi==1.12.3
             - Dependencies: bumped configparser==4.0.2
             - Dependencies: bumped deform==2.0.8
             - Dependencies: bumped dogpile.cache==0.9.0
             - Dependencies: bumped hupper==1.8.1
             - Dependencies: bumped mako to 1.1.0
             - Dependencies: bumped markupsafe to 1.1.1
             - Dependencies: bumped packaging==19.2
             - Dependencies: bumped paste==3.2.1
             - Dependencies: bumped pastescript==3.2.0
             - Dependencies: bumped pathlib2 to 2.3.4
             - Dependencies: bumped pluggy==0.13.0
             - Dependencies: bumped psutil to 5.6.3
             - Dependencies: bumped psutil==5.6.5
             - Dependencies: bumped psycopg2==2.8.4
             - Dependencies: bumped pycurl to 7.43.0.3
             - Dependencies: bumped pyotp==2.3.0
             - Dependencies: bumped pyparsing to 2.4.2
             - Dependencies: bumped pyramid-debugtoolbar==4.5.1
             - Dependencies: bumped pyramid-mako to 1.1.0
             - Dependencies: bumped redis to 3.3.8
             - Dependencies: bumped sqlalchemy to 1.3.8
             - Dependencies: bumped sqlalchemy==1.3.11
             - Dependencies: bumped test libraries.
             - Dependencies: freeze alembic==1.3.1
             - Dependencies: freeze python-dateutil
             - Dependencies: freeze redis==3.3.11
             - Dependencies: freeze supervisor==4.1.0
             Security
             ^^^^^^^^
             - Security: fixed issues with exposing wrong http status (403) indicating repository with
               given name exists and we don't have permissions to it. This was exposed in the redirection
               logic of the global pull-request page. In case of redirection we also exposed
               repository name in the URL.
             Performance
             ^^^^^^^^^^^
             - Core: many various small improvements and optimizations to make rhodecode faster then before.
             - VCSServer: new cache implementation for remote functions.
               Single worker shared caches that can use redis/file-cache.
               This greatly improves performance on larger instances, and doesn't trigger cache
               re-calculation on worker restarts.
             - GIT: switched internal git operations from Dulwich to libgit2 in order to obtain better performance and scalability.
             - SSH: skip loading unneeded application parts for SSH to make execution of ssh commands faster.
             - Main page: main page will now load repositories and repositories groups using partial DB calls instead of big JSON files.
               In case of many repositories in root this could lead to very slow page rendering.
             - Admin pages: made all grids use same DB based partial loading logic. We'll no longer fetch
               all objects into JSON for display purposes. This significantly improves speed of those pages in case
               of many objects shown in them.
             - Summary page: use non-memory cache for readme, and cleanup cache for repo stats.
               This change won't re-cache after worker restarts and can be shared across all workers
             - Files: only check for git_lfs/hg_largefiles if they are enabled.
               This speeds up fetching of files if they are not LF and very big.
             - Vcsserver: added support for streaming data from the remote methods. This allows
               to stream very large files without taking up memory, mostly for usage in SVN when
               downloading large binaries from vcs system.
             - Files: added streaming remote attributes for vcsserver.
               This change enables streaming raw content or raw downloads of large files without
               transferring them over to enterprise for pack & repack using msgpack.
               Msgpack has a limit of 2gb and generally pack+repack for ~2gb is very slow.
             - Files: ensure over size limit files never do any content fetching when viewing such files.
             - VCSServer: skip host verification to speed up pycurl calls.
             - User-bookmarks: cache fetching of bookmarks since this is quite expensive query to
               make with joinedload on repos/repo groups.
             - Goto-switcher: reduce query data to only required attributes for speedups.
             - My account: owner/watched repos are now loaded only using DB queries.
             Fixes
             ^^^^^
             - Mercurial: move imports from top-level to prevent from loading mercurial code on hook execution for svn/git.
             - GIT: limit sync-fetch logic to only retrieve tags/ and heads/ with default execution arguments.
             - GIT: fixed issue with git submodules detection.
             - SVN: fix checkout url for ssh+svn backend not having special prefix resulting in incorrect command shown.
             - SVN: fixed problem with showing empty directories.
             - OAuth: use a vendored version of `authomatic` library, and switch Bitbucket authentication to use oauth2.
             - Diffs: handle paths with quotes in diffs.
             - Diffs: fixed outdated files in pull-requests re-using the filediff raw_id for anchor generation. Fixes #5567
             - Diffs: toggle race condition on sticky vs wide-diff-mode that caused some display problems on larger diffs.
             - Pull requests: handle exceptions in state change and improve logging.
             - Pull requests: fixed title/description generation for single commits which are numbers.
             - Pull requests: changed the source of changes to be using shadow repos if it exists.
               In case of `git push -f` and rebase we lost commits in the repo resulting in
               problems of displaying versions of pull-requests.
             - Pull requests: handle case when removing existing files from a repository in compare versions diff.
             - Files: don't expose copy content helper in case of binary files.
             - Registration: properly expose first_name/last_name into email on user registration.
             - Markup renderers: fixed broken code highlight for rst files.
             - Ui: make super admin be named consistently across ui.
             - Audit logs: fixed search cases with special chars such as `-`.
             Upgrade notes
             ^^^^^^^^^^^^^
+            - Major Celery Version upgrade. The 4.18.X release includes a major Celery version.
+              It's recommended to run `rccontrol self-stop && rccontrol self-init` after the
+              upgrade to ensure celery workers are restarted and updated.
             - New Automation task. We've changed the logic for updating latest change inside repository group.
               New logic includes scanning for changes in all nested objects. Since this is a heavy task
               a new dedicated scheduler task has been created to update it automatically on a scheduled base.
               Please review in `admin > settings > automation` to enable this task.
             - New safer encryption algorithm. Some setting values are encrypted before storing it inside the database.
               To keep full backward compatibility old AES algorithm is used.
               If you wish to enable a safer option set fernet encryption instead inside rhodecode.ini
               `rhodecode.encrypted_values.algorithm = fernet`
             - Pull requests UI changes. We've simplified the UI on pull requests page.
               Please review the new UI to prevent surprises. All actions from old UI should be still possible with the new one.
             - Redis is now a default recommended backend for Celery and replaces previous rabbitmq.
               Redis is generally easier to manage and install, and it's also very stable for usage
               in the scheduler/celery async tasks. Since we also recommend Redis for caches the application
               stack can be simplified by removing rabbitmq and replacing it with single Redis instance.
             - Recommendation for using Redis as the new cache backend on vcsserver.
               Since Version 4.18.0 VCSServer has a new cache implementation for VCS data.
               By default, for simplicity the cache type is file based. We strongly recommend using
               Redis instead for better Performance and scalability
               Please review vcsserver.ini settings under:
               `rc_cache.repo_object.backend = dogpile.cache.rc.redis_msgpack`
+            - Gunicorn configuration now moved to .ini files.
+              Upgrading to 4.18.X will overwrite the gunicorn_conf.py file. If there are any custom changes in that file
+              they will be lost. Recommended way to configure gunicorn is now via the .ini files. Please check `rhodecode.template.ini` file
+              for example gunicorn configuration.
             - New memory monitoring for Gunicorn workers. Starting from 4.18 release a option was added
               to limit the maximum amount of memory used by a worker.
               Please review new settings in `[server:main]` section for memory management in both
               rhodecode.ini and vcsserver.ini::
                 ; Maximum memory usage that each worker can use before it will receive a
                 ; graceful restart signal 0 = memory monitoring is disabled
                 ; Examples: 268435456 (256MB), 536870912 (512MB)
                 ; 1073741824 (1GB), 2147483648 (2GB), 4294967296 (4GB)
                 memory_max_usage = 0

docs/release-notes/release-notes.rst

0 +3 0

             .. _rhodecode-release-notes-ref:
             Release Notes
             =============
             |RCE| 4.x Versions
             ------------------
             .. toctree::
                :maxdepth: 1
+               release-notes-4.18.3.rst
+               release-notes-4.18.2.rst
+               release-notes-4.18.1.rst
                release-notes-4.18.0.rst
                release-notes-4.17.4.rst
                release-notes-4.17.3.rst
                release-notes-4.17.2.rst
                release-notes-4.17.1.rst
                release-notes-4.17.0.rst
                release-notes-4.16.2.rst
                release-notes-4.16.1.rst
                release-notes-4.16.0.rst
                release-notes-4.15.2.rst
                release-notes-4.15.1.rst
                release-notes-4.15.0.rst
                release-notes-4.14.1.rst
                release-notes-4.14.0.rst
                release-notes-4.13.3.rst
                release-notes-4.13.2.rst
                release-notes-4.13.1.rst
                release-notes-4.13.0.rst
                release-notes-4.12.4.rst
                release-notes-4.12.3.rst
                release-notes-4.12.2.rst
                release-notes-4.12.1.rst
                release-notes-4.12.0.rst
                release-notes-4.11.6.rst
                release-notes-4.11.5.rst
                release-notes-4.11.4.rst
                release-notes-4.11.3.rst
                release-notes-4.11.2.rst
                release-notes-4.11.1.rst
                release-notes-4.11.0.rst
                release-notes-4.10.6.rst
                release-notes-4.10.5.rst
                release-notes-4.10.4.rst
                release-notes-4.10.3.rst
                release-notes-4.10.2.rst
                release-notes-4.10.1.rst
                release-notes-4.10.0.rst
                release-notes-4.9.1.rst
                release-notes-4.9.0.rst
                release-notes-4.8.0.rst
                release-notes-4.7.2.rst
                release-notes-4.7.1.rst
                release-notes-4.7.0.rst
                release-notes-4.6.1.rst
                release-notes-4.6.0.rst
                release-notes-4.5.2.rst
                release-notes-4.5.1.rst
                release-notes-4.5.0.rst
                release-notes-4.4.2.rst
                release-notes-4.4.1.rst
                release-notes-4.4.0.rst
                release-notes-4.3.1.rst
                release-notes-4.3.0.rst
                release-notes-4.2.1.rst
                release-notes-4.2.0.rst
                release-notes-4.1.2.rst
                release-notes-4.1.1.rst
                release-notes-4.1.0.rst
                release-notes-4.0.1.rst
                release-notes-4.0.0.rst
             |RCE| 3.x Versions
             ------------------
             .. toctree::
                :maxdepth: 1
                release-notes-3.8.4.rst
                release-notes-3.8.3.rst
                release-notes-3.8.2.rst
                release-notes-3.8.1.rst
                release-notes-3.8.0.rst
                release-notes-3.7.1.rst
                release-notes-3.7.0.rst
                release-notes-3.6.1.rst
                release-notes-3.6.0.rst
                release-notes-3.5.2.rst
                release-notes-3.5.1.rst
                release-notes-3.5.0.rst
                release-notes-3.4.1.rst
                release-notes-3.4.0.rst
                release-notes-3.3.4.rst
                release-notes-3.3.3.rst
                release-notes-3.3.2.rst
                release-notes-3.3.1.rst
                release-notes-3.3.0.rst
                release-notes-3.2.3.rst
                release-notes-3.2.2.rst
                release-notes-3.2.1.rst
                release-notes-3.2.0.rst
                release-notes-3.1.1.rst
                release-notes-3.1.0.rst
                release-notes-3.0.2.rst
                release-notes-3.0.1.rst
                release-notes-3.0.0.rst
             |RCE| 2.x Versions
             ------------------
             .. toctree::
                :maxdepth: 1
                release-notes-2.2.8.rst
                release-notes-2.2.7.rst
                release-notes-2.2.6.rst
                release-notes-2.2.5.rst
                release-notes-2.2.4.rst
                release-notes-2.2.3.rst
                release-notes-2.2.2.rst
                release-notes-2.2.1.rst
                release-notes-2.2.0.rst
                release-notes-2.1.0.rst
                release-notes-2.0.2.rst
                release-notes-2.0.1.rst
                release-notes-2.0.0.rst
             |RCE| 1.x Versions
             ------------------
             .. toctree::
                :maxdepth: 1
                release-notes-1.7.2.rst
                release-notes-1.7.1.rst
                release-notes-1.7.0.rst
                release-notes-1.6.0.rst

rhodecode/api/__init__.py

0 +3 -2

             # -*- coding: utf-8 -*-
             # Copyright (C) 2011-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
-            import inspect
             import itertools
             import logging
             import sys
             import types
             import fnmatch
             import decorator
             import venusian
             from collections import OrderedDict
             from pyramid.exceptions import ConfigurationError
             from pyramid.renderers import render
             from pyramid.response import Response
             from pyramid.httpexceptions import HTTPNotFound
             from rhodecode.api.exc import (
                 JSONRPCBaseError, JSONRPCError, JSONRPCForbidden, JSONRPCValidationError)
             from rhodecode.apps._base import TemplateArgs
             from rhodecode.lib.auth import AuthUser
             from rhodecode.lib.base import get_ip_addr, attach_context_attributes
             from rhodecode.lib.exc_tracking import store_exception
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.utils2 import safe_str
             from rhodecode.lib.plugins.utils import get_plugin_settings
             from rhodecode.model.db import User, UserApiKeys
             log = logging.getLogger(__name__)
             DEFAULT_RENDERER = 'jsonrpc_renderer'
             DEFAULT_URL = '/_admin/apiv2'
             def find_methods(jsonrpc_methods, pattern):
                 matches = OrderedDict()
                 if not isinstance(pattern, (list, tuple)):
                     pattern = [pattern]
                 for single_pattern in pattern:
                     for method_name, method in jsonrpc_methods.items():
                         if fnmatch.fnmatch(method_name, single_pattern):
                             matches[method_name] = method
                 return matches
             class ExtJsonRenderer(object):
                 """
                 Custom renderer that mkaes use of our ext_json lib
                 """
                 def __init__(self, serializer=json.dumps, **kw):
                     """ Any keyword arguments will be passed to the ``serializer``
                     function."""
                     self.serializer = serializer
                     self.kw = kw
                 def __call__(self, info):
                     """ Returns a plain JSON-encoded string with content-type
                     ``application/json``. The content-type may be overridden by
                     setting ``request.response.content_type``."""
                     def _render(value, system):
                         request = system.get('request')
                         if request is not None:
                             response = request.response
                             ct = response.content_type
                             if ct == response.default_content_type:
                                 response.content_type = 'application/json'
                         return self.serializer(value, **self.kw)
                     return _render
             def jsonrpc_response(request, result):
                 rpc_id = getattr(request, 'rpc_id', None)
                 response = request.response
                 # store content_type before render is called
                 ct = response.content_type
                 ret_value = ''
                 if rpc_id:
                     ret_value = {
                         'id': rpc_id,
                         'result': result,
                         'error': None,
                     }
                     # fetch deprecation warnings, and store it inside results
                     deprecation = getattr(request, 'rpc_deprecation', None)
                     if deprecation:
                         ret_value['DEPRECATION_WARNING'] = deprecation
                 raw_body = render(DEFAULT_RENDERER, ret_value, request=request)
                 response.body = safe_str(raw_body, response.charset)
                 if ct == response.default_content_type:
                     response.content_type = 'application/json'
                 return response
             def jsonrpc_error(request, message, retid=None, code=None, headers=None):
                 """
                 Generate a Response object with a JSON-RPC error body
                 :param code:
                 :param retid:
                 :param message:
                 """
                 err_dict = {'id': retid, 'result': None, 'error': message}
                 body = render(DEFAULT_RENDERER, err_dict, request=request).encode('utf-8')
                 return Response(
                     body=body,
                     status=code,
                     content_type='application/json',
                     headerlist=headers
                 )
             def exception_view(exc, request):
                 rpc_id = getattr(request, 'rpc_id', None)
                 if isinstance(exc, JSONRPCError):
                     fault_message = safe_str(exc.message)
                     log.debug('json-rpc error rpc_id:%s "%s"', rpc_id, fault_message)
                 elif isinstance(exc, JSONRPCValidationError):
                     colander_exc = exc.colander_exception
                     # TODO(marcink): think maybe of nicer way to serialize errors ?
                     fault_message = colander_exc.asdict()
                     log.debug('json-rpc colander error rpc_id:%s "%s"', rpc_id, fault_message)
                 elif isinstance(exc, JSONRPCForbidden):
                     fault_message = 'Access was denied to this resource.'
                     log.warning('json-rpc forbidden call rpc_id:%s "%s"', rpc_id, fault_message)
                 elif isinstance(exc, HTTPNotFound):
                     method = request.rpc_method
                     log.debug('json-rpc method `%s` not found in list of '
                               'api calls: %s, rpc_id:%s',
                               method, request.registry.jsonrpc_methods.keys(), rpc_id)
                     similar = 'none'
                     try:
                         similar_paterns = ['*{}*'.format(x) for x in method.split('_')]
                         similar_found = find_methods(
                             request.registry.jsonrpc_methods, similar_paterns)
                         similar = ', '.join(similar_found.keys()) or similar
                     except Exception:
                         # make the whole above block safe
                         pass
                     fault_message = "No such method: {}. Similar methods: {}".format(
                         method, similar)
                 else:
                     fault_message = 'undefined error'
                     exc_info = exc.exc_info()
                     store_exception(id(exc_info), exc_info, prefix='rhodecode-api')
                 return jsonrpc_error(request, fault_message, rpc_id)
             def request_view(request):
                 """
                 Main request handling method. It handles all logic to call a specific
                 exposed method
                 """
+                # cython compatible inspect
+                from rhodecode.config.patches import inspect_getargspec
+                inspect = inspect_getargspec()
                 # check if we can find this session using api_key, get_by_auth_token
                 # search not expired tokens only
                 try:
                     api_user = User.get_by_auth_token(request.rpc_api_key)
                     if api_user is None:
                         return jsonrpc_error(
                             request, retid=request.rpc_id, message='Invalid API KEY')
                     if not api_user.active:
                         return jsonrpc_error(
                             request, retid=request.rpc_id,
                             message='Request from this user not allowed')
                     # check if we are allowed to use this IP
                     auth_u = AuthUser(
                         api_user.user_id, request.rpc_api_key, ip_addr=request.rpc_ip_addr)
                     if not auth_u.ip_allowed:
                         return jsonrpc_error(
                             request, retid=request.rpc_id,
                             message='Request from IP:%s not allowed' % (
                                 request.rpc_ip_addr,))
                     else:
                         log.info('Access for IP:%s allowed', request.rpc_ip_addr)
                     # register our auth-user
                     request.rpc_user = auth_u
                     request.environ['rc_auth_user_id'] = auth_u.user_id
                     # now check if token is valid for API
                     auth_token = request.rpc_api_key
                     token_match = api_user.authenticate_by_token(
                         auth_token, roles=[UserApiKeys.ROLE_API])
                     invalid_token = not token_match
                     log.debug('Checking if API KEY is valid with proper role')
                     if invalid_token:
                         return jsonrpc_error(
                             request, retid=request.rpc_id,
                             message='API KEY invalid or, has bad role for an API call')
                 except Exception:
                     log.exception('Error on API AUTH')
                     return jsonrpc_error(
                         request, retid=request.rpc_id, message='Invalid API KEY')
                 method = request.rpc_method
                 func = request.registry.jsonrpc_methods[method]
                 # now that we have a method, add request._req_params to
                 # self.kargs and dispatch control to WGIController
                 argspec = inspect.getargspec(func)
                 arglist = argspec[0]
                 defaults = map(type, argspec[3] or [])
                 default_empty = types.NotImplementedType
                 # kw arguments required by this method
                 func_kwargs = dict(itertools.izip_longest(
                     reversed(arglist), reversed(defaults), fillvalue=default_empty))
                 # This attribute will need to be first param of a method that uses
                 # api_key, which is translated to instance of user at that name
                 user_var = 'apiuser'
                 request_var = 'request'
                 for arg in [user_var, request_var]:
                     if arg not in arglist:
                         return jsonrpc_error(
                             request,
                             retid=request.rpc_id,
                             message='This method [%s] does not support '
                                     'required parameter `%s`' % (func.__name__, arg))
                 # get our arglist and check if we provided them as args
                 for arg, default in func_kwargs.items():
                     if arg in [user_var, request_var]:
                         # user_var and request_var are pre-hardcoded parameters and we
                         # don't need to do any translation
                         continue
                     # skip the required param check if it's default value is
                     # NotImplementedType (default_empty)
                     if default == default_empty and arg not in request.rpc_params:
                         return jsonrpc_error(
                             request,
                             retid=request.rpc_id,
                             message=('Missing non optional `%s` arg in JSON DATA' % arg)
                         )
                 # sanitize extra passed arguments
                 for k in request.rpc_params.keys()[:]:
                     if k not in func_kwargs:
                         del request.rpc_params[k]
                 call_params = request.rpc_params
                 call_params.update({
                     'request': request,
                     'apiuser': auth_u
                 })
                 # register some common functions for usage
                 attach_context_attributes(TemplateArgs(), request, request.rpc_user.user_id)
                 try:
                     ret_value = func(**call_params)
                     return jsonrpc_response(request, ret_value)
                 except JSONRPCBaseError:
                     raise
                 except Exception:
                     log.exception('Unhandled exception occurred on api call: %s', func)
                     exc_info = sys.exc_info()
                     exc_id, exc_type_name = store_exception(
                         id(exc_info), exc_info, prefix='rhodecode-api')
                     error_headers = [('RhodeCode-Exception-Id', str(exc_id)),
                                      ('RhodeCode-Exception-Type', str(exc_type_name))]
                     return jsonrpc_error(
                         request, retid=request.rpc_id, message='Internal server error',
                         headers=error_headers)
             def setup_request(request):
                 """
                 Parse a JSON-RPC request body. It's used inside the predicates method
                 to validate and bootstrap requests for usage in rpc calls.
                 We need to raise JSONRPCError here if we want to return some errors back to
                 user.
                 """
                 log.debug('Executing setup request: %r', request)
                 request.rpc_ip_addr = get_ip_addr(request.environ)
                 # TODO(marcink): deprecate GET at some point
                 if request.method not in ['POST', 'GET']:
                     log.debug('unsupported request method "%s"', request.method)
                     raise JSONRPCError(
                         'unsupported request method "%s". Please use POST' % request.method)
                 if 'CONTENT_LENGTH' not in request.environ:
                     log.debug("No Content-Length")
                     raise JSONRPCError("Empty body, No Content-Length in request")
                 else:
                     length = request.environ['CONTENT_LENGTH']
                     log.debug('Content-Length: %s', length)
                     if length == 0:
                         log.debug("Content-Length is 0")
                         raise JSONRPCError("Content-Length is 0")
                 raw_body = request.body
                 log.debug("Loading JSON body now")
                 try:
                     json_body = json.loads(raw_body)
                 except ValueError as e:
                     # catch JSON errors Here
                     raise JSONRPCError("JSON parse error ERR:%s RAW:%r" % (e, raw_body))
                 request.rpc_id = json_body.get('id')
                 request.rpc_method = json_body.get('method')
                 # check required base parameters
                 try:
                     api_key = json_body.get('api_key')
                     if not api_key:
                         api_key = json_body.get('auth_token')
                     if not api_key:
                         raise KeyError('api_key or auth_token')
                     # TODO(marcink): support passing in token in request header
                     request.rpc_api_key = api_key
                     request.rpc_id = json_body['id']
                     request.rpc_method = json_body['method']
                     request.rpc_params = json_body['args'] \
                         if isinstance(json_body['args'], dict) else {}
                     log.debug('method: %s, params: %.10240r', request.rpc_method, request.rpc_params)
                 except KeyError as e:
                     raise JSONRPCError('Incorrect JSON data. Missing %s' % e)
                 log.debug('setup complete, now handling method:%s rpcid:%s',
                           request.rpc_method, request.rpc_id, )
             class RoutePredicate(object):
                 def __init__(self, val, config):
                     self.val = val
                 def text(self):
                     return 'jsonrpc route = %s' % self.val
                 phash = text
                 def __call__(self, info, request):
                     if self.val:
                         # potentially setup and bootstrap our call
                         setup_request(request)
                         # Always return True so that even if it isn't a valid RPC it
                         # will fall through to the underlaying handlers like notfound_view
                         return True
             class NotFoundPredicate(object):
                 def __init__(self, val, config):
                     self.val = val
                     self.methods = config.registry.jsonrpc_methods
                 def text(self):
                     return 'jsonrpc method not found = {}.'.format(self.val)
                 phash = text
                 def __call__(self, info, request):
                     return hasattr(request, 'rpc_method')
             class MethodPredicate(object):
                 def __init__(self, val, config):
                     self.method = val
                 def text(self):
                     return 'jsonrpc method = %s' % self.method
                 phash = text
                 def __call__(self, context, request):
                     # we need to explicitly return False here, so pyramid doesn't try to
                     # execute our view directly. We need our main handler to execute things
                     return getattr(request, 'rpc_method') == self.method
             def add_jsonrpc_method(config, view, **kwargs):
                 # pop the method name
                 method = kwargs.pop('method', None)
                 if method is None:
                     raise ConfigurationError(
                         'Cannot register a JSON-RPC method without specifying the "method"')
                 # we define custom predicate, to enable to detect conflicting methods,
                 # those predicates are kind of "translation" from the decorator variables
                 # to internal predicates names
                 kwargs['jsonrpc_method'] = method
                 # register our view into global view store for validation
                 config.registry.jsonrpc_methods[method] = view
                 # we're using our main request_view handler, here, so each method
                 # has a unified handler for itself
                 config.add_view(request_view, route_name='apiv2', **kwargs)
             class jsonrpc_method(object):
                 """
                 decorator that works similar to @add_view_config decorator,
                 but tailored for our JSON RPC
                 """
                 venusian = venusian  # for testing injection
                 def __init__(self, method=None, **kwargs):
                     self.method = method
                     self.kwargs = kwargs
                 def __call__(self, wrapped):
                     kwargs = self.kwargs.copy()
                     kwargs['method'] = self.method or wrapped.__name__
                     depth = kwargs.pop('_depth', 0)
                     def callback(context, name, ob):
                         config = context.config.with_package(info.module)
                         config.add_jsonrpc_method(view=ob, **kwargs)
                     info = venusian.attach(wrapped, callback, category='pyramid',
                                            depth=depth + 1)
                     if info.scope == 'class':
                         # ensure that attr is set if decorating a class method
                         kwargs.setdefault('attr', wrapped.__name__)
                     kwargs['_info'] = info.codeinfo  # fbo action_method
                     return wrapped
             class jsonrpc_deprecated_method(object):
                 """
                 Marks method as deprecated, adds log.warning, and inject special key to
                 the request variable to mark method as deprecated.
                 Also injects special docstring that extract_docs will catch to mark
                 method as deprecated.
                 :param use_method: specify which method should be used instead of
                     the decorated one
                 Use like::
                     @jsonrpc_method()
                     @jsonrpc_deprecated_method(use_method='new_func', deprecated_at_version='3.0.0')
                     def old_func(request, apiuser, arg1, arg2):
                         ...
                 """
                 def __init__(self, use_method, deprecated_at_version):
                     self.use_method = use_method
                     self.deprecated_at_version = deprecated_at_version
                     self.deprecated_msg = ''
                 def __call__(self, func):
                     self.deprecated_msg = 'Please use method `{method}` instead.'.format(
                         method=self.use_method)
                     docstring = """\n
                     .. deprecated:: {version}
                        {deprecation_message}
                     {original_docstring}
                     """
                     func.__doc__ = docstring.format(
                         version=self.deprecated_at_version,
                         deprecation_message=self.deprecated_msg,
                         original_docstring=func.__doc__)
                     return decorator.decorator(self.__wrapper, func)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     log.warning('DEPRECATED API CALL on function %s, please '
                                 'use `%s` instead', func, self.use_method)
                     # alter function docstring to mark as deprecated, this is picked up
                     # via fabric file that generates API DOC.
                     result = func(*fargs, **fkwargs)
                     request = fargs[0]
                     request.rpc_deprecation = 'DEPRECATED METHOD ' + self.deprecated_msg
                     return result
             def includeme(config):
                 plugin_module = 'rhodecode.api'
                 plugin_settings = get_plugin_settings(
                     plugin_module, config.registry.settings)
                 if not hasattr(config.registry, 'jsonrpc_methods'):
                     config.registry.jsonrpc_methods = OrderedDict()
                 # match filter by given method only
                 config.add_view_predicate('jsonrpc_method', MethodPredicate)
                 config.add_view_predicate('jsonrpc_method_not_found', NotFoundPredicate)
                 config.add_renderer(DEFAULT_RENDERER, ExtJsonRenderer(
                     serializer=json.dumps, indent=4))
                 config.add_directive('add_jsonrpc_method', add_jsonrpc_method)
                 config.add_route_predicate(
                     'jsonrpc_call', RoutePredicate)
                 config.add_route(
                     'apiv2', plugin_settings.get('url', DEFAULT_URL), jsonrpc_call=True)
                 config.scan(plugin_module, ignore='rhodecode.api.tests')
                 # register some exception handling view
                 config.add_view(exception_view, context=JSONRPCBaseError)
                 config.add_notfound_view(exception_view, jsonrpc_method_not_found=True)

rhodecode/api/tests/test_get_method.py

0 +2 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import pytest
             from rhodecode.api.tests.utils import build_data, api_call, assert_ok
             @pytest.mark.usefixtures("testuser_api", "app")
             class TestGetMethod(object):
                 def test_get_methods_no_matches(self):
                     id_, params = build_data(self.apikey, 'get_method', pattern='hello')
                     response = api_call(self.app, params)
                     expected = []
                     assert_ok(id_, expected, given=response.body)
                 def test_get_methods(self):
                     id_, params = build_data(self.apikey, 'get_method', pattern='*comment*')
                     response = api_call(self.app, params)
                     expected = ['changeset_comment', 'comment_pull_request',
                                 'get_pull_request_comments', 'comment_commit', 'get_repo_comments']
                     assert_ok(id_, expected, given=response.body)
                 def test_get_methods_on_single_match(self):
                     id_, params = build_data(self.apikey, 'get_method',
                                              pattern='*comment_commit*')
                     response = api_call(self.app, params)
                     expected = ['comment_commit',
                                 {'apiuser': '<RequiredType>',
                                  'comment_type': "<Optional:u'note'>",
                                  'commit_id': '<RequiredType>',
                                  'extra_recipients': '<Optional:[]>',
                                  'message': '<RequiredType>',
                                  'repoid': '<RequiredType>',
                                  'request': '<RequiredType>',
                                  'resolves_comment_id': '<Optional:None>',
                                  'status': '<Optional:None>',
-                                 'userid': '<Optional:<OptionalAttr:apiuser>>'}]
+                                 'userid': '<Optional:<OptionalAttr:apiuser>>',
+                                 'send_email': '<Optional:True>'}]
                     assert_ok(id_, expected, given=response.body)

rhodecode/api/tests/test_grant_user_group_permission.py

0 +1 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import mock
             import pytest
             from rhodecode.model.repo import RepoModel
             from rhodecode.api.tests.utils import (
                 build_data, api_call, assert_error, assert_ok, crash)
             @pytest.mark.usefixtures("testuser_api", "app")
             class TestGrantUserGroupPermission(object):
                 @pytest.mark.parametrize("name, perm", [
                     ('none', 'repository.none'),
                     ('read', 'repository.read'),
                     ('write', 'repository.write'),
                     ('admin', 'repository.admin')
                 ])
                 def test_api_grant_user_group_permission(
                         self, name, perm, backend, user_util):
                     user_group = user_util.create_user_group()
                     id_, params = build_data(
                         self.apikey,
                         'grant_user_group_permission',
                         repoid=backend.repo_name,
                         usergroupid=user_group.users_group_name,
                         perm=perm)
                     response = api_call(self.app, params)
                     ret = {
                         'msg': 'Granted perm: `%s` for user group: `%s` in repo: `%s`' % (
                             perm, user_group.users_group_name, backend.repo_name
                         ),
                         'success': True
                     }
                     expected = ret
                     assert_ok(id_, expected, given=response.body)
                 def test_api_grant_user_group_permission_wrong_permission(
                         self, backend, user_util):
                     perm = 'haha.no.permission'
                     user_group = user_util.create_user_group()
                     id_, params = build_data(
                         self.apikey,
                         'grant_user_group_permission',
                         repoid=backend.repo_name,
                         usergroupid=user_group.users_group_name,
                         perm=perm)
                     response = api_call(self.app, params)
-                    expected = 'permission `%s` does not exist' % (perm,)
+                    expected = 'permission `%s` does not exist.' % (perm,)
                     assert_error(id_, expected, given=response.body)
                 @mock.patch.object(RepoModel, 'grant_user_group_permission', crash)
                 def test_api_grant_user_group_permission_exception_when_adding(
                         self, backend, user_util):
                     perm = 'repository.read'
                     user_group = user_util.create_user_group()
                     id_, params = build_data(
                         self.apikey,
                         'grant_user_group_permission',
                         repoid=backend.repo_name,
                         usergroupid=user_group.users_group_name,
                         perm=perm)
                     response = api_call(self.app, params)
                     expected = (
                         'failed to edit permission for user group: `%s` in repo: `%s`' % (
                             user_group.users_group_name, backend.repo_name
                         )
                     )
                     assert_error(id_, expected, given=response.body)

rhodecode/api/tests/test_grant_user_group_permission_to_repo_group.py

0 +2 -3

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import mock
             import pytest
             from rhodecode.model.user import UserModel
             from rhodecode.model.repo_group import RepoGroupModel
             from rhodecode.api.tests.utils import (
                 build_data, api_call, assert_error, assert_ok, crash)
             @pytest.mark.usefixtures("testuser_api", "app")
             class TestGrantUserGroupPermissionFromRepoGroup(object):
                 @pytest.mark.parametrize("name, perm, apply_to_children", [
                     ('none', 'group.none', 'none'),
                     ('read', 'group.read', 'none'),
                     ('write', 'group.write', 'none'),
                     ('admin', 'group.admin', 'none'),
                     ('none', 'group.none', 'all'),
                     ('read', 'group.read', 'all'),
                     ('write', 'group.write', 'all'),
                     ('admin', 'group.admin', 'all'),
                     ('none', 'group.none', 'repos'),
                     ('read', 'group.read', 'repos'),
                     ('write', 'group.write', 'repos'),
                     ('admin', 'group.admin', 'repos'),
                     ('none', 'group.none', 'groups'),
                     ('read', 'group.read', 'groups'),
                     ('write', 'group.write', 'groups'),
                     ('admin', 'group.admin', 'groups'),
                 ])
                 def test_api_grant_user_group_permission_to_repo_group(
                         self, name, perm, apply_to_children, user_util):
                     user_group = user_util.create_user_group()
                     repo_group = user_util.create_repo_group()
                     user_util.create_repo(parent=repo_group)
                     id_, params = build_data(
                         self.apikey,
                         'grant_user_group_permission_to_repo_group',
                         repogroupid=repo_group.name,
                         usergroupid=user_group.users_group_name,
                         perm=perm,
                         apply_to_children=apply_to_children,)
                     response = api_call(self.app, params)
                     ret = {
                         'msg': (
                             'Granted perm: `%s` (recursive:%s) for user group: `%s`'
                             ' in repo group: `%s`' % (
                                 perm, apply_to_children, user_group.users_group_name,
                                 repo_group.name
                             )
                         ),
                         'success': True
                     }
                     expected = ret
                     try:
                         assert_ok(id_, expected, given=response.body)
                     finally:
                         RepoGroupModel().revoke_user_group_permission(
                             repo_group.group_id, user_group.users_group_id)
                 @pytest.mark.parametrize(
                     "name, perm, apply_to_children, grant_admin, access_ok", [
                         ('none_fails', 'group.none', 'none', False, False),
                         ('read_fails', 'group.read', 'none', False, False),
                         ('write_fails', 'group.write', 'none', False, False),
                         ('admin_fails', 'group.admin', 'none', False, False),
                         # with granted perms
                         ('none_ok', 'group.none', 'none', True, True),
                         ('read_ok', 'group.read', 'none', True, True),
                         ('write_ok', 'group.write', 'none', True, True),
                         ('admin_ok', 'group.admin', 'none', True, True),
                     ]
                 )
                 def test_api_grant_user_group_permission_to_repo_group_by_regular_user(
                         self, name, perm, apply_to_children, grant_admin, access_ok,
                         user_util):
                     user = UserModel().get_by_username(self.TEST_USER_LOGIN)
                     user_group = user_util.create_user_group()
                     repo_group = user_util.create_repo_group()
                     if grant_admin:
                         user_util.grant_user_permission_to_repo_group(
                             repo_group, user, 'group.admin')
                     id_, params = build_data(
                         self.apikey_regular,
                         'grant_user_group_permission_to_repo_group',
                         repogroupid=repo_group.name,
                         usergroupid=user_group.users_group_name,
                         perm=perm,
                         apply_to_children=apply_to_children,)
                     response = api_call(self.app, params)
                     if access_ok:
                         ret = {
                             'msg': (
                                 'Granted perm: `%s` (recursive:%s) for user group: `%s`'
                                 ' in repo group: `%s`' % (
                                     perm, apply_to_children, user_group.users_group_name,
                                     repo_group.name
                                 )
                             ),
                             'success': True
                         }
                         expected = ret
                         try:
                             assert_ok(id_, expected, given=response.body)
                         finally:
                             RepoGroupModel().revoke_user_group_permission(
                                 repo_group.group_id, user_group.users_group_id)
                     else:
-                        expected = 'repository group `%s` does not exist' % (
+                        expected = 'repository group `%s` does not exist' % (repo_group.name,)
-                            repo_group.name,)
                         assert_error(id_, expected, given=response.body)
                 def test_api_grant_user_group_permission_to_repo_group_wrong_permission(
                         self, user_util):
                     user_group = user_util.create_user_group()
                     repo_group = user_util.create_repo_group()
                     perm = 'haha.no.permission'
                     id_, params = build_data(
                         self.apikey,
                         'grant_user_group_permission_to_repo_group',
                         repogroupid=repo_group.name,
                         usergroupid=user_group.users_group_name,
                         perm=perm)
                     response = api_call(self.app, params)
-                    expected = 'permission `%s` does not exist' % (perm,)
+                    expected = 'permission `%s` does not exist. Permission should start with prefix: `group.`' % (perm,)
                     assert_error(id_, expected, given=response.body)
                 @mock.patch.object(RepoGroupModel, 'grant_user_group_permission', crash)
                 def test_api_grant_user_group_permission_exception_when_adding_2(
                         self, user_util):
                     user_group = user_util.create_user_group()
                     repo_group = user_util.create_repo_group()
                     perm = 'group.read'
                     id_, params = build_data(
                         self.apikey,
                         'grant_user_group_permission_to_repo_group',
                         repogroupid=repo_group.name,
                         usergroupid=user_group.users_group_name,
                         perm=perm)
                     response = api_call(self.app, params)
                     expected = (
                         'failed to edit permission for user group: `%s`'
                         ' in repo group: `%s`' % (
                             user_group.users_group_name, repo_group.name)
                     )
                     assert_error(id_, expected, given=response.body)

rhodecode/api/tests/test_grant_user_permission.py

0 +1 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import mock
             import pytest
             from rhodecode.model.repo import RepoModel
             from rhodecode.api.tests.utils import (
                 build_data, api_call, assert_error, assert_ok, crash)
             @pytest.mark.usefixtures("testuser_api", "app")
             class TestGrantUserPermission(object):
                 @pytest.mark.parametrize("name, perm", [
                     ('none', 'repository.none'),
                     ('read', 'repository.read'),
                     ('write', 'repository.write'),
                     ('admin', 'repository.admin')
                 ])
                 def test_api_grant_user_permission(self, name, perm, backend, user_util):
                     user = user_util.create_user()
                     id_, params = build_data(
                         self.apikey,
                         'grant_user_permission',
                         repoid=backend.repo_name,
                         userid=user.username,
                         perm=perm)
                     response = api_call(self.app, params)
                     ret = {
                         'msg': 'Granted perm: `%s` for user: `%s` in repo: `%s`' % (
                             perm, user.username, backend.repo_name
                         ),
                         'success': True
                     }
                     expected = ret
                     assert_ok(id_, expected, given=response.body)
                 def test_api_grant_user_permission_wrong_permission(
                         self, backend, user_util):
                     user = user_util.create_user()
                     perm = 'haha.no.permission'
                     id_, params = build_data(
                         self.apikey,
                         'grant_user_permission',
                         repoid=backend.repo_name,
                         userid=user.username,
                         perm=perm)
                     response = api_call(self.app, params)
-                    expected = 'permission `%s` does not exist' % (perm,)
+                    expected = 'permission `%s` does not exist.' % (perm,)
                     assert_error(id_, expected, given=response.body)
                 @mock.patch.object(RepoModel, 'grant_user_permission', crash)
                 def test_api_grant_user_permission_exception_when_adding(
                         self, backend, user_util):
                     user = user_util.create_user()
                     perm = 'repository.read'
                     id_, params = build_data(
                         self.apikey,
                         'grant_user_permission',
                         repoid=backend.repo_name,
                         userid=user.username,
                         perm=perm)
                     response = api_call(self.app, params)
                     expected = 'failed to edit permission for user: `%s` in repo: `%s`' % (
                         user.username, backend.repo_name
                     )
                     assert_error(id_, expected, given=response.body)

rhodecode/api/tests/test_grant_user_permission_to_repo_group.py

0 +1 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import mock
             import pytest
             from rhodecode.model.user import UserModel
             from rhodecode.model.repo_group import RepoGroupModel
             from rhodecode.api.tests.utils import (
                 build_data, api_call, assert_error, assert_ok, crash)
             @pytest.mark.usefixtures("testuser_api", "app")
             class TestGrantUserPermissionFromRepoGroup(object):
                 @pytest.mark.parametrize("name, perm, apply_to_children", [
                     ('none', 'group.none', 'none'),
                     ('read', 'group.read', 'none'),
                     ('write', 'group.write', 'none'),
                     ('admin', 'group.admin', 'none'),
                     ('none', 'group.none', 'all'),
                     ('read', 'group.read', 'all'),
                     ('write', 'group.write', 'all'),
                     ('admin', 'group.admin', 'all'),
                     ('none', 'group.none', 'repos'),
                     ('read', 'group.read', 'repos'),
                     ('write', 'group.write', 'repos'),
                     ('admin', 'group.admin', 'repos'),
                     ('none', 'group.none', 'groups'),
                     ('read', 'group.read', 'groups'),
                     ('write', 'group.write', 'groups'),
                     ('admin', 'group.admin', 'groups'),
                 ])
                 def test_api_grant_user_permission_to_repo_group(
                         self, name, perm, apply_to_children, user_util):
                     user = user_util.create_user()
                     repo_group = user_util.create_repo_group()
                     id_, params = build_data(
                         self.apikey, 'grant_user_permission_to_repo_group',
                         repogroupid=repo_group.name, userid=user.username,
                         perm=perm, apply_to_children=apply_to_children)
                     response = api_call(self.app, params)
                     ret = {
                         'msg': (
                             'Granted perm: `%s` (recursive:%s) for user: `%s`'
                             ' in repo group: `%s`' % (
                                 perm, apply_to_children, user.username, repo_group.name
                             )
                         ),
                         'success': True
                     }
                     expected = ret
                     assert_ok(id_, expected, given=response.body)
                 @pytest.mark.parametrize(
                     "name, perm, apply_to_children, grant_admin, access_ok", [
                         ('none_fails', 'group.none', 'none', False, False),
                         ('read_fails', 'group.read', 'none', False, False),
                         ('write_fails', 'group.write', 'none', False, False),
                         ('admin_fails', 'group.admin', 'none', False, False),
                         # with granted perms
                         ('none_ok', 'group.none', 'none', True, True),
                         ('read_ok', 'group.read', 'none', True, True),
                         ('write_ok', 'group.write', 'none', True, True),
                         ('admin_ok', 'group.admin', 'none', True, True),
                     ]
                 )
                 def test_api_grant_user_permission_to_repo_group_by_regular_user(
                         self, name, perm, apply_to_children, grant_admin, access_ok,
                         user_util):
                     user = user_util.create_user()
                     repo_group = user_util.create_repo_group()
                     if grant_admin:
                         test_user = UserModel().get_by_username(self.TEST_USER_LOGIN)
                         user_util.grant_user_permission_to_repo_group(
                             repo_group, test_user, 'group.admin')
                     id_, params = build_data(
                         self.apikey_regular, 'grant_user_permission_to_repo_group',
                         repogroupid=repo_group.name, userid=user.username,
                         perm=perm, apply_to_children=apply_to_children)
                     response = api_call(self.app, params)
                     if access_ok:
                         ret = {
                             'msg': (
                                 'Granted perm: `%s` (recursive:%s) for user: `%s`'
                                 ' in repo group: `%s`' % (
                                     perm, apply_to_children, user.username, repo_group.name
                                 )
                             ),
                             'success': True
                         }
                         expected = ret
                         assert_ok(id_, expected, given=response.body)
                     else:
                         expected = 'repository group `%s` does not exist' % (
                             repo_group.name, )
                         assert_error(id_, expected, given=response.body)
                 def test_api_grant_user_permission_to_repo_group_wrong_permission(
                         self, user_util):
                     user = user_util.create_user()
                     repo_group = user_util.create_repo_group()
                     perm = 'haha.no.permission'
                     id_, params = build_data(
                         self.apikey,
                         'grant_user_permission_to_repo_group',
                         repogroupid=repo_group.name,
                         userid=user.username,
                         perm=perm)
                     response = api_call(self.app, params)
-                    expected = 'permission `%s` does not exist' % (perm,)
+                    expected = 'permission `%s` does not exist. Permission should start with prefix: `group.`' % (perm,)
                     assert_error(id_, expected, given=response.body)
                 @mock.patch.object(RepoGroupModel, 'grant_user_permission', crash)
                 def test_api_grant_user_permission_to_repo_group_exception_when_adding(
                         self, user_util):
                     user = user_util.create_user()
                     repo_group = user_util.create_repo_group()
                     perm = 'group.read'
                     id_, params = build_data(
                         self.apikey,
                         'grant_user_permission_to_repo_group',
                         repogroupid=repo_group.name,
                         userid=user.username,
                         perm=perm)
                     response = api_call(self.app, params)
                     expected = (
                         'failed to edit permission for user: `%s` in repo group: `%s`' % (
                             user.username, repo_group.name
                         )
                     )
                     assert_error(id_, expected, given=response.body)

rhodecode/api/tests/test_grant_user_permission_to_user_group.py

0 +1 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import mock
             import pytest
             from rhodecode.model.user import UserModel
             from rhodecode.model.user_group import UserGroupModel
             from rhodecode.api.tests.utils import (
                 build_data, api_call, assert_error, assert_ok, crash)
             @pytest.mark.usefixtures("testuser_api", "app")
             class TestGrantUserPermissionFromUserGroup(object):
                 @pytest.mark.parametrize("name, perm", [
                     ('none', 'usergroup.none'),
                     ('read', 'usergroup.read'),
                     ('write', 'usergroup.write'),
                     ('admin', 'usergroup.admin'),
                     ('none', 'usergroup.none'),
                     ('read', 'usergroup.read'),
                     ('write', 'usergroup.write'),
                     ('admin', 'usergroup.admin'),
                     ('none', 'usergroup.none'),
                     ('read', 'usergroup.read'),
                     ('write', 'usergroup.write'),
                     ('admin', 'usergroup.admin'),
                     ('none', 'usergroup.none'),
                     ('read', 'usergroup.read'),
                     ('write', 'usergroup.write'),
                     ('admin', 'usergroup.admin'),
                 ])
                 def test_api_grant_user_permission_to_user_group(
                         self, name, perm, user_util):
                     user = user_util.create_user()
                     group = user_util.create_user_group()
                     id_, params = build_data(
                         self.apikey,
                         'grant_user_permission_to_user_group',
                         usergroupid=group.users_group_name,
                         userid=user.username,
                         perm=perm)
                     response = api_call(self.app, params)
                     ret = {
                         'msg': 'Granted perm: `%s` for user: `%s` in user group: `%s`' % (
                             perm, user.username, group.users_group_name
                         ),
                         'success': True
                     }
                     expected = ret
                     assert_ok(id_, expected, given=response.body)
                 @pytest.mark.parametrize("name, perm, grant_admin, access_ok", [
                     ('none_fails', 'usergroup.none', False, False),
                     ('read_fails', 'usergroup.read', False, False),
                     ('write_fails', 'usergroup.write', False, False),
                     ('admin_fails', 'usergroup.admin', False, False),
                     # with granted perms
                     ('none_ok', 'usergroup.none', True, True),
                     ('read_ok', 'usergroup.read', True, True),
                     ('write_ok', 'usergroup.write', True, True),
                     ('admin_ok', 'usergroup.admin', True, True),
                 ])
                 def test_api_grant_user_permission_to_user_group_by_regular_user(
                         self, name, perm, grant_admin, access_ok, user_util):
                     api_user = UserModel().get_by_username(self.TEST_USER_LOGIN)
                     user = user_util.create_user()
                     group = user_util.create_user_group()
                     # grant the user ability to at least read the group
                     permission = 'usergroup.admin' if grant_admin else 'usergroup.read'
                     user_util.grant_user_permission_to_user_group(
                         group, api_user, permission)
                     id_, params = build_data(
                         self.apikey_regular,
                         'grant_user_permission_to_user_group',
                         usergroupid=group.users_group_name,
                         userid=user.username,
                         perm=perm)
                     response = api_call(self.app, params)
                     if access_ok:
                         ret = {
                             'msg': (
                                 'Granted perm: `%s` for user: `%s` in user group: `%s`' % (
                                     perm, user.username, group.users_group_name
                                 )
                             ),
                             'success': True
                         }
                         expected = ret
                         assert_ok(id_, expected, given=response.body)
                     else:
                         expected = 'user group `%s` does not exist' % (
                             group.users_group_name)
                         assert_error(id_, expected, given=response.body)
                 def test_api_grant_user_permission_to_user_group_wrong_permission(
                         self, user_util):
                     user = user_util.create_user()
                     group = user_util.create_user_group()
                     perm = 'haha.no.permission'
                     id_, params = build_data(
                         self.apikey,
                         'grant_user_permission_to_user_group',
                         usergroupid=group.users_group_name,
                         userid=user.username,
                         perm=perm)
                     response = api_call(self.app, params)
-                    expected = 'permission `%s` does not exist' % perm
+                    expected = 'permission `%s` does not exist. Permission should start with prefix: `usergroup.`' % perm
                     assert_error(id_, expected, given=response.body)
                 def test_api_grant_user_permission_to_user_group_exception_when_adding(
                         self, user_util):
                     user = user_util.create_user()
                     group = user_util.create_user_group()
                     perm = 'usergroup.read'
                     id_, params = build_data(
                         self.apikey,
                         'grant_user_permission_to_user_group',
                         usergroupid=group.users_group_name,
                         userid=user.username,
                         perm=perm)
                     with mock.patch.object(UserGroupModel, 'grant_user_permission', crash):
                         response = api_call(self.app, params)
                     expected = (
                         'failed to edit permission for user: `%s` in user group: `%s`' % (
                             user.username, group.users_group_name
                         )
                     )
                     assert_error(id_, expected, given=response.body)

rhodecode/api/utils.py

0 +11 -7

             # -*- coding: utf-8 -*-
             # Copyright (C) 2014-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             JSON RPC utils
             """
             import collections
             import logging
             from rhodecode.api.exc import JSONRPCError
             from rhodecode.lib.auth import (
                 HasPermissionAnyApi, HasRepoPermissionAnyApi, HasRepoGroupPermissionAnyApi)
             from rhodecode.lib.utils import safe_unicode
             from rhodecode.lib.vcs.exceptions import RepositoryError
             from rhodecode.lib.view_utils import get_commit_from_ref_name
             from rhodecode.lib.utils2 import str2bool
             log = logging.getLogger(__name__)
             class OAttr(object):
                 """
                 Special Option that defines other attribute, and can default to them
                 Example::
                     def test(apiuser, userid=Optional(OAttr('apiuser')):
                         user = Optional.extract(userid, evaluate_locals=local())
                         #if we pass in userid, we get it, else it will default to apiuser
                         #attribute
                 """
                 def __init__(self, attr_name):
                     self.attr_name = attr_name
                 def __repr__(self):
                     return '<OptionalAttr:%s>' % self.attr_name
                 def __call__(self):
                     return self
             class Optional(object):
                 """
                 Defines an optional parameter::
                     param = param.getval() if isinstance(param, Optional) else param
                     param = param() if isinstance(param, Optional) else param
                 is equivalent of::
                     param = Optional.extract(param)
                 """
                 def __init__(self, type_):
                     self.type_ = type_
                 def __repr__(self):
                     return '<Optional:%s>' % self.type_.__repr__()
                 def __call__(self):
                     return self.getval()
                 def getval(self, evaluate_locals=None):
                     """
                     returns value from this Optional instance
                     """
                     if isinstance(self.type_, OAttr):
                         param_name = self.type_.attr_name
                         if evaluate_locals:
                             return evaluate_locals[param_name]
                         # use params name
                         return param_name
                     return self.type_
                 @classmethod
                 def extract(cls, val, evaluate_locals=None, binary=None):
                     """
                     Extracts value from Optional() instance
                     :param val:
                     :return: original value if it's not Optional instance else
                         value of instance
                     """
                     if isinstance(val, cls):
                         val = val.getval(evaluate_locals)
                     if binary:
                         val = str2bool(val)
                     return val
             def parse_args(cli_args, key_prefix=''):
                 from rhodecode.lib.utils2 import (escape_split)
                 kwargs = collections.defaultdict(dict)
                 for el in escape_split(cli_args, ','):
                     kv = escape_split(el, '=', 1)
                     if len(kv) == 2:
                         k, v = kv
                         kwargs[key_prefix + k] = v
                 return kwargs
             def get_origin(obj):
                 """
                 Get origin of permission from object.
                 :param obj:
                 """
                 origin = 'permission'
                 if getattr(obj, 'owner_row', '') and getattr(obj, 'admin_row', ''):
                     # admin and owner case, maybe we should use dual string ?
                     origin = 'owner'
                 elif getattr(obj, 'owner_row', ''):
                     origin = 'owner'
                 elif getattr(obj, 'admin_row', ''):
                     origin = 'super-admin'
                 return origin
             def store_update(updates, attr, name):
                 """
                 Stores param in updates dict if it's not instance of Optional
                 allows easy updates of passed in params
                 """
                 if not isinstance(attr, Optional):
                     updates[name] = attr
             def has_superadmin_permission(apiuser):
                 """
                 Return True if apiuser is admin or return False
                 :param apiuser:
                 """
                 if HasPermissionAnyApi('hg.admin')(user=apiuser):
                     return True
                 return False
             def validate_repo_permissions(apiuser, repoid, repo, perms):
                 """
                 Raise JsonRPCError if apiuser is not authorized or return True
                 :param apiuser:
                 :param repoid:
                 :param repo:
                 :param perms:
                 """
                 if not HasRepoPermissionAnyApi(*perms)(
                         user=apiuser, repo_name=repo.repo_name):
                     raise JSONRPCError(
                         'repository `%s` does not exist' % repoid)
                 return True
             def validate_repo_group_permissions(apiuser, repogroupid, repo_group, perms):
                 """
                 Raise JsonRPCError if apiuser is not authorized or return True
                 :param apiuser:
                 :param repogroupid: just the id of repository group
                 :param repo_group: instance of repo_group
                 :param perms:
                 """
                 if not HasRepoGroupPermissionAnyApi(*perms)(
                         user=apiuser, group_name=repo_group.group_name):
                     raise JSONRPCError(
                         'repository group `%s` does not exist' % repogroupid)
                 return True
             def validate_set_owner_permissions(apiuser, owner):
                 if isinstance(owner, Optional):
                     owner = get_user_or_error(apiuser.user_id)
                 else:
                     if has_superadmin_permission(apiuser):
                         owner = get_user_or_error(owner)
                     else:
                         # forbid setting owner for non-admins
                         raise JSONRPCError(
                             'Only RhodeCode super-admin can specify `owner` param')
                 return owner
             def get_user_or_error(userid):
                 """
                 Get user by id or name or return JsonRPCError if not found
                 :param userid:
                 """
                 from rhodecode.model.user import UserModel
                 user_model = UserModel()
                 if isinstance(userid, (int, long)):
                     try:
                         user = user_model.get_user(userid)
                     except ValueError:
                         user = None
                 else:
                     user = user_model.get_by_username(userid)
                 if user is None:
                     raise JSONRPCError(
                         'user `%s` does not exist' % (userid,))
                 return user
             def get_repo_or_error(repoid):
                 """
                 Get repo by id or name or return JsonRPCError if not found
                 :param repoid:
                 """
                 from rhodecode.model.repo import RepoModel
                 repo_model = RepoModel()
                 if isinstance(repoid, (int, long)):
                     try:
                         repo = repo_model.get_repo(repoid)
                     except ValueError:
                         repo = None
                 else:
                     repo = repo_model.get_by_repo_name(repoid)
                 if repo is None:
                     raise JSONRPCError(
                         'repository `%s` does not exist' % (repoid,))
                 return repo
             def get_repo_group_or_error(repogroupid):
                 """
                 Get repo group by id or name or return JsonRPCError if not found
                 :param repogroupid:
                 """
                 from rhodecode.model.repo_group import RepoGroupModel
                 repo_group_model = RepoGroupModel()
                 if isinstance(repogroupid, (int, long)):
                     try:
                         repo_group = repo_group_model._get_repo_group(repogroupid)
                     except ValueError:
                         repo_group = None
                 else:
                     repo_group = repo_group_model.get_by_group_name(repogroupid)
                 if repo_group is None:
                     raise JSONRPCError(
                         'repository group `%s` does not exist' % (repogroupid,))
                 return repo_group
             def get_user_group_or_error(usergroupid):
                 """
                 Get user group by id or name or return JsonRPCError if not found
                 :param usergroupid:
                 """
                 from rhodecode.model.user_group import UserGroupModel
                 user_group_model = UserGroupModel()
                 if isinstance(usergroupid, (int, long)):
                     try:
                         user_group = user_group_model.get_group(usergroupid)
                     except ValueError:
                         user_group = None
                 else:
                     user_group = user_group_model.get_by_name(usergroupid)
                 if user_group is None:
                     raise JSONRPCError(
                         'user group `%s` does not exist' % (usergroupid,))
                 return user_group
             def get_perm_or_error(permid, prefix=None):
                 """
                 Get permission by id or name or return JsonRPCError if not found
                 :param permid:
                 """
                 from rhodecode.model.permission import PermissionModel
                 perm = PermissionModel.cls.get_by_key(permid)
                 if perm is None:
-                    raise JSONRPCError('permission `%s` does not exist' % (permid,))
+                    msg = 'permission `{}` does not exist.'.format(permid)
+                    if prefix:
+                        msg += ' Permission should start with prefix: `{}`'.format(prefix)
+                    raise JSONRPCError(msg)
                 if prefix:
                     if not perm.permission_name.startswith(prefix):
                         raise JSONRPCError('permission `%s` is invalid, '
                                            'should start with %s' % (permid, prefix))
                 return perm
             def get_gist_or_error(gistid):
                 """
                 Get gist by id or gist_access_id or return JsonRPCError if not found
                 :param gistid:
                 """
                 from rhodecode.model.gist import GistModel
                 gist = GistModel.cls.get_by_access_id(gistid)
                 if gist is None:
                     raise JSONRPCError('gist `%s` does not exist' % (gistid,))
                 return gist
             def get_pull_request_or_error(pullrequestid):
                 """
                 Get pull request by id or return JsonRPCError if not found
                 :param pullrequestid:
                 """
                 from rhodecode.model.pull_request import PullRequestModel
                 try:
                     pull_request = PullRequestModel().get(int(pullrequestid))
                 except ValueError:
                     raise JSONRPCError('pullrequestid must be an integer')
                 if not pull_request:
                     raise JSONRPCError('pull request `%s` does not exist' % (
                         pullrequestid,))
                 return pull_request
             def build_commit_data(commit, detail_level):
                 parsed_diff = []
                 if detail_level == 'extended':
-                    for f in commit.added:
+                    for f_path in commit.added_paths:
-                        parsed_diff.append(_get_commit_dict(filename=f.path, op='A'))
+                        parsed_diff.append(_get_commit_dict(filename=f_path, op='A'))
-                    for f in commit.changed:
+                    for f_path in commit.changed_paths:
-                        parsed_diff.append(_get_commit_dict(filename=f.path, op='M'))
+                        parsed_diff.append(_get_commit_dict(filename=f_path, op='M'))
-                    for f in commit.removed:
+                    for f_path in commit.removed_paths:
-                        parsed_diff.append(_get_commit_dict(filename=f.path, op='D'))
+                        parsed_diff.append(_get_commit_dict(filename=f_path, op='D'))
                 elif detail_level == 'full':
                     from rhodecode.lib.diffs import DiffProcessor
                     diff_processor = DiffProcessor(commit.diff())
                     for dp in diff_processor.prepare():
                         del dp['stats']['ops']
                         _stats = dp['stats']
                         parsed_diff.append(_get_commit_dict(
                             filename=dp['filename'], op=dp['operation'],
                             new_revision=dp['new_revision'],
                             old_revision=dp['old_revision'],
                             raw_diff=dp['raw_diff'], stats=_stats))
                 return parsed_diff
             def get_commit_or_error(ref, repo):
                 try:
                     ref_type, _, ref_hash = ref.split(':')
                 except ValueError:
                     raise JSONRPCError(
                         'Ref `{ref}` given in a wrong format. Please check the API'
                         ' documentation for more details'.format(ref=ref))
                 try:
                     # TODO: dan: refactor this to use repo.scm_instance().get_commit()
                     # once get_commit supports ref_types
                     return get_commit_from_ref_name(repo, ref_hash)
                 except RepositoryError:
                     raise JSONRPCError('Ref `{ref}` does not exist'.format(ref=ref))
             def _get_ref_hash(repo, type_, name):
                 vcs_repo = repo.scm_instance()
                 if type_ in ['branch'] and vcs_repo.alias in ('hg', 'git'):
                     return vcs_repo.branches[name]
                 elif type_ in ['bookmark', 'book'] and vcs_repo.alias == 'hg':
                     return vcs_repo.bookmarks[name]
                 else:
                     raise ValueError()
             def resolve_ref_or_error(ref, repo, allowed_ref_types=None):
                 allowed_ref_types = allowed_ref_types or ['bookmark', 'book', 'tag', 'branch']
                 def _parse_ref(type_, name, hash_=None):
                     return type_, name, hash_
                 try:
                     ref_type, ref_name, ref_hash = _parse_ref(*ref.split(':'))
                 except TypeError:
                     raise JSONRPCError(
                         'Ref `{ref}` given in a wrong format. Please check the API'
                         ' documentation for more details'.format(ref=ref))
                 if ref_type not in allowed_ref_types:
                     raise JSONRPCError(
                         'Ref `{ref}` type is not allowed. '
                         'Only:{allowed_refs} are possible.'.format(
                             ref=ref, allowed_refs=allowed_ref_types))
                 try:
                     ref_hash = ref_hash or _get_ref_hash(repo, ref_type, ref_name)
                 except (KeyError, ValueError):
                     raise JSONRPCError(
                         'The specified value:{type}:`{name}` does not exist, or is not allowed.'.format(
                             type=ref_type, name=ref_name))
                 return ':'.join([ref_type, ref_name, ref_hash])
             def _get_commit_dict(
                     filename, op, new_revision=None, old_revision=None,
                     raw_diff=None, stats=None):
                 if stats is None:
                     stats = {
                         "added": None,
                         "binary": None,
                         "deleted": None
                     }
                 return {
                     "filename": safe_unicode(filename),
                     "op": op,
                     # extra details
                     "new_revision": new_revision,
                     "old_revision": old_revision,
                     "raw_diff": raw_diff,
                     "stats": stats
                 }

rhodecode/api/views/pull_request_api.py

0 +7 -2

             # -*- coding: utf-8 -*-
             # Copyright (C) 2011-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             from rhodecode import events
             from rhodecode.api import jsonrpc_method, JSONRPCError, JSONRPCValidationError
             from rhodecode.api.utils import (
                 has_superadmin_permission, Optional, OAttr, get_repo_or_error,
                 get_pull_request_or_error, get_commit_or_error, get_user_or_error,
                 validate_repo_permissions, resolve_ref_or_error, validate_set_owner_permissions)
             from rhodecode.lib.auth import (HasRepoPermissionAnyApi)
             from rhodecode.lib.base import vcs_operation_context
             from rhodecode.lib.utils2 import str2bool
             from rhodecode.model.changeset_status import ChangesetStatusModel
             from rhodecode.model.comment import CommentsModel
             from rhodecode.model.db import Session, ChangesetStatus, ChangesetComment, PullRequest
             from rhodecode.model.pull_request import PullRequestModel, MergeCheck
             from rhodecode.model.settings import SettingsModel
             from rhodecode.model.validation_schema import Invalid
             from rhodecode.model.validation_schema.schemas.reviewer_schema import(
                 ReviewerListSchema)
             log = logging.getLogger(__name__)
             @jsonrpc_method()
             def get_pull_request(request, apiuser, pullrequestid, repoid=Optional(None),
                                  merge_state=Optional(False)):
                 """
                 Get a pull request based on the given ID.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Optional, repository name or repository ID from where
                     the pull request was opened.
                 :type repoid: str or int
                 :param pullrequestid: ID of the requested pull request.
                 :type pullrequestid: int
                 :param merge_state: Optional calculate merge state for each repository.
                     This could result in longer time to fetch the data
                 :type merge_state: bool
                 Example output:
                 .. code-block:: bash
                   "id": <id_given_in_input>,
                   "result":
                     {
                         "pull_request_id":   "<pull_request_id>",
                         "url":               "<url>",
                         "title":             "<title>",
                         "description":       "<description>",
                         "status" :           "<status>",
                         "created_on":        "<date_time_created>",
                         "updated_on":        "<date_time_updated>",
+                        "versions":          "<number_or_versions_of_pr>",
                         "commit_ids":        [
                                                  ...
                                                  "<commit_id>",
                                                  "<commit_id>",
                                                  ...
                                              ],
                         "review_status":    "<review_status>",
                         "mergeable":         {
                                                  "status":  "<bool>",
                                                  "message": "<message>",
                                              },
                         "source":            {
                                                  "clone_url":     "<clone_url>",
                                                  "repository":    "<repository_name>",
                                                  "reference":
                                                  {
                                                      "name":      "<name>",
                                                      "type":      "<type>",
                                                      "commit_id": "<commit_id>",
                                                  }
                                              },
                         "target":            {
                                                  "clone_url":   "<clone_url>",
                                                  "repository":    "<repository_name>",
                                                  "reference":
                                                  {
                                                      "name":      "<name>",
                                                      "type":      "<type>",
                                                      "commit_id": "<commit_id>",
                                                  }
                                              },
                         "merge":             {
                                                  "clone_url":   "<clone_url>",
                                                  "reference":
                                                  {
                                                      "name":      "<name>",
                                                      "type":      "<type>",
                                                      "commit_id": "<commit_id>",
                                                  }
                                              },
                        "author":             <user_obj>,
                        "reviewers":          [
                                                  ...
                                                  {
                                                     "user":          "<user_obj>",
                                                     "review_status": "<review_status>",
                                                  }
                                                  ...
                                              ]
                     },
                    "error": null
                 """
                 pull_request = get_pull_request_or_error(pullrequestid)
                 if Optional.extract(repoid):
                     repo = get_repo_or_error(repoid)
                 else:
                     repo = pull_request.target_repo
                 if not PullRequestModel().check_user_read(pull_request, apiuser, api=True):
                     raise JSONRPCError('repository `%s` or pull request `%s` '
                                        'does not exist' % (repoid, pullrequestid))
                 # NOTE(marcink): only calculate and return merge state if the pr state is 'created'
                 # otherwise we can lock the repo on calculation of merge state while update/merge
                 # is happening.
                 pr_created = pull_request.pull_request_state == pull_request.STATE_CREATED
                 merge_state = Optional.extract(merge_state, binary=True) and pr_created
                 data = pull_request.get_api_data(with_merge_state=merge_state)
                 return data
             @jsonrpc_method()
             def get_pull_requests(request, apiuser, repoid, status=Optional('new'),
                                   merge_state=Optional(False)):
                 """
                 Get all pull requests from the repository specified in `repoid`.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Optional repository name or repository ID.
                 :type repoid: str or int
                 :param status: Only return pull requests with the specified status.
                     Valid options are.
                     * ``new`` (default)
                     * ``open``
                     * ``closed``
                 :type status: str
                 :param merge_state: Optional calculate merge state for each repository.
                     This could result in longer time to fetch the data
                 :type merge_state: bool
                 Example output:
                 .. code-block:: bash
                   "id": <id_given_in_input>,
                   "result":
                     [
                         ...
                         {
                             "pull_request_id":   "<pull_request_id>",
                             "url":               "<url>",
                             "title" :            "<title>",
                             "description":       "<description>",
                             "status":            "<status>",
                             "created_on":        "<date_time_created>",
                             "updated_on":        "<date_time_updated>",
                             "commit_ids":        [
                                                      ...
                                                      "<commit_id>",
                                                      "<commit_id>",
                                                      ...
                                                  ],
                             "review_status":    "<review_status>",
                             "mergeable":         {
                                                     "status":      "<bool>",
                                                     "message:      "<message>",
                                                  },
                             "source":            {
                                                      "clone_url":     "<clone_url>",
                                                      "reference":
                                                      {
                                                          "name":      "<name>",
                                                          "type":      "<type>",
                                                          "commit_id": "<commit_id>",
                                                      }
                                                  },
                             "target":            {
                                                      "clone_url":   "<clone_url>",
                                                      "reference":
                                                      {
                                                          "name":      "<name>",
                                                          "type":      "<type>",
                                                          "commit_id": "<commit_id>",
                                                      }
                                                  },
                             "merge":             {
                                                      "clone_url":   "<clone_url>",
                                                      "reference":
                                                      {
                                                          "name":      "<name>",
                                                          "type":      "<type>",
                                                          "commit_id": "<commit_id>",
                                                      }
                                                  },
                            "author":             <user_obj>,
                            "reviewers":          [
                                                      ...
                                                      {
                                                         "user":          "<user_obj>",
                                                         "review_status": "<review_status>",
                                                      }
                                                      ...
                                                  ]
                         }
                         ...
                     ],
                   "error": null
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = (
                         'repository.admin', 'repository.write', 'repository.read',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 status = Optional.extract(status)
                 merge_state = Optional.extract(merge_state, binary=True)
                 pull_requests = PullRequestModel().get_all(repo, statuses=[status],
                                                            order_by='id', order_dir='desc')
                 data = [pr.get_api_data(with_merge_state=merge_state) for pr in pull_requests]
                 return data
             @jsonrpc_method()
             def merge_pull_request(
                     request, apiuser, pullrequestid, repoid=Optional(None),
                     userid=Optional(OAttr('apiuser'))):
                 """
                 Merge the pull request specified by `pullrequestid` into its target
                 repository.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Optional, repository name or repository ID of the
                     target repository to which the |pr| is to be merged.
                 :type repoid: str or int
                 :param pullrequestid: ID of the pull request which shall be merged.
                 :type pullrequestid: int
                 :param userid: Merge the pull request as this user.
                 :type userid: Optional(str or int)
                 Example output:
                 .. code-block:: bash
                     "id": <id_given_in_input>,
                     "result": {
                         "executed":               "<bool>",
                         "failure_reason":         "<int>",
                         "merge_status_message":   "<str>",
                         "merge_commit_id":        "<merge_commit_id>",
                         "possible":               "<bool>",
                         "merge_ref":        {
                                                 "commit_id": "<commit_id>",
                                                 "type":      "<type>",
                                                 "name":      "<name>"
                                             }
                     },
                     "error": null
                 """
                 pull_request = get_pull_request_or_error(pullrequestid)
                 if Optional.extract(repoid):
                     repo = get_repo_or_error(repoid)
                 else:
                     repo = pull_request.target_repo
                 auth_user = apiuser
                 if not isinstance(userid, Optional):
                     if (has_superadmin_permission(apiuser) or
                             HasRepoPermissionAnyApi('repository.admin')(
                                 user=apiuser, repo_name=repo.repo_name)):
                         apiuser = get_user_or_error(userid)
                         auth_user = apiuser.AuthUser()
                     else:
                         raise JSONRPCError('userid is not the same as your user')
                 if pull_request.pull_request_state != PullRequest.STATE_CREATED:
                     raise JSONRPCError(
                         'Operation forbidden because pull request is in state {}, '
                         'only state {} is allowed.'.format(
                             pull_request.pull_request_state, PullRequest.STATE_CREATED))
                 with pull_request.set_state(PullRequest.STATE_UPDATING):
                     check = MergeCheck.validate(pull_request, auth_user=auth_user,
                                                 translator=request.translate)
                 merge_possible = not check.failed
                 if not merge_possible:
                     error_messages = []
                     for err_type, error_msg in check.errors:
                         error_msg = request.translate(error_msg)
                         error_messages.append(error_msg)
                     reasons = ','.join(error_messages)
                     raise JSONRPCError(
                         'merge not possible for following reasons: {}'.format(reasons))
                 target_repo = pull_request.target_repo
                 extras = vcs_operation_context(
                     request.environ, repo_name=target_repo.repo_name,
                     username=auth_user.username, action='push',
                     scm=target_repo.repo_type)
                 with pull_request.set_state(PullRequest.STATE_UPDATING):
                     merge_response = PullRequestModel().merge_repo(
                         pull_request, apiuser, extras=extras)
                 if merge_response.executed:
                     PullRequestModel().close_pull_request(pull_request.pull_request_id, auth_user)
                     Session().commit()
                 # In previous versions the merge response directly contained the merge
                 # commit id. It is now contained in the merge reference object. To be
                 # backwards compatible we have to extract it again.
                 merge_response = merge_response.asdict()
                 merge_response['merge_commit_id'] = merge_response['merge_ref'].commit_id
                 return merge_response
             @jsonrpc_method()
             def get_pull_request_comments(
                     request, apiuser, pullrequestid, repoid=Optional(None)):
                 """
                 Get all comments of pull request specified with the `pullrequestid`
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Optional repository name or repository ID.
                 :type repoid: str or int
                 :param pullrequestid: The pull request ID.
                 :type pullrequestid: int
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result : [
                         {
                           "comment_author": {
                             "active": true,
                             "full_name_or_username": "Tom Gore",
                             "username": "admin"
                           },
                           "comment_created_on": "2017-01-02T18:43:45.533",
                           "comment_f_path": null,
                           "comment_id": 25,
                           "comment_lineno": null,
                           "comment_status": {
                             "status": "under_review",
                             "status_lbl": "Under Review"
                           },
                           "comment_text": "Example text",
                           "comment_type": null,
                           "pull_request_version": null
                         }
                     ],
                     error :  null
                 """
                 pull_request = get_pull_request_or_error(pullrequestid)
                 if Optional.extract(repoid):
                     repo = get_repo_or_error(repoid)
                 else:
                     repo = pull_request.target_repo
                 if not PullRequestModel().check_user_read(
                         pull_request, apiuser, api=True):
                     raise JSONRPCError('repository `%s` or pull request `%s` '
                                        'does not exist' % (repoid, pullrequestid))
                 (pull_request_latest,
                  pull_request_at_ver,
                  pull_request_display_obj,
                  at_version) = PullRequestModel().get_pr_version(
                     pull_request.pull_request_id, version=None)
                 versions = pull_request_display_obj.versions()
                 ver_map = {
                     ver.pull_request_version_id: cnt
                     for cnt, ver in enumerate(versions, 1)
                 }
                 # GENERAL COMMENTS with versions #
                 q = CommentsModel()._all_general_comments_of_pull_request(pull_request)
                 q = q.order_by(ChangesetComment.comment_id.asc())
                 general_comments = q.all()
                 # INLINE COMMENTS with versions  #
                 q = CommentsModel()._all_inline_comments_of_pull_request(pull_request)
                 q = q.order_by(ChangesetComment.comment_id.asc())
                 inline_comments = q.all()
                 data = []
                 for comment in inline_comments + general_comments:
                     full_data = comment.get_api_data()
                     pr_version_id = None
                     if comment.pull_request_version_id:
                         pr_version_id = 'v{}'.format(
                             ver_map[comment.pull_request_version_id])
                     # sanitize some entries
                     full_data['pull_request_version'] = pr_version_id
                     full_data['comment_author'] = {
                         'username': full_data['comment_author'].username,
                         'full_name_or_username': full_data['comment_author'].full_name_or_username,
                         'active': full_data['comment_author'].active,
                     }
                     if full_data['comment_status']:
                         full_data['comment_status'] = {
                             'status': full_data['comment_status'][0].status,
                             'status_lbl': full_data['comment_status'][0].status_lbl,
                         }
                     else:
                         full_data['comment_status'] = {}
                     data.append(full_data)
                 return data
             @jsonrpc_method()
             def comment_pull_request(
                     request, apiuser, pullrequestid, repoid=Optional(None),
                     message=Optional(None), commit_id=Optional(None), status=Optional(None),
                     comment_type=Optional(ChangesetComment.COMMENT_TYPE_NOTE),
                     resolves_comment_id=Optional(None), extra_recipients=Optional([]),
-                    userid=Optional(OAttr('apiuser'))):
+                    userid=Optional(OAttr('apiuser')), send_email=Optional(True)):
                 """
                 Comment on the pull request specified with the `pullrequestid`,
                 in the |repo| specified by the `repoid`, and optionally change the
                 review status.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Optional repository name or repository ID.
                 :type repoid: str or int
                 :param pullrequestid: The pull request ID.
                 :type pullrequestid: int
                 :param commit_id: Specify the commit_id for which to set a comment. If
                     given commit_id is different than latest in the PR status
                     change won't be performed.
                 :type commit_id: str
                 :param message: The text content of the comment.
                 :type message: str
                 :param status: (**Optional**) Set the approval status of the pull
                     request. One of: 'not_reviewed', 'approved', 'rejected',
                     'under_review'
                 :type status: str
                 :param comment_type: Comment type, one of: 'note', 'todo'
                 :type comment_type: Optional(str), default: 'note'
                 :param resolves_comment_id: id of comment which this one will resolve
                 :type resolves_comment_id: Optional(int)
                 :param extra_recipients: list of user ids or usernames to add
                     notifications for this comment. Acts like a CC for notification
                 :type extra_recipients: Optional(list)
                 :param userid: Comment on the pull request as this user
                 :type userid: Optional(str or int)
+                :param send_email: Define if this comment should also send email notification
+                :type send_email: Optional(bool)
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result : {
                         "pull_request_id":  "<Integer>",
                         "comment_id":       "<Integer>",
                         "status": {"given": <given_status>,
                                    "was_changed": <bool status_was_actually_changed> },
                     },
                     error :  null
                 """
                 pull_request = get_pull_request_or_error(pullrequestid)
                 if Optional.extract(repoid):
                     repo = get_repo_or_error(repoid)
                 else:
                     repo = pull_request.target_repo
                 auth_user = apiuser
                 if not isinstance(userid, Optional):
                     if (has_superadmin_permission(apiuser) or
                             HasRepoPermissionAnyApi('repository.admin')(
                                 user=apiuser, repo_name=repo.repo_name)):
                         apiuser = get_user_or_error(userid)
                         auth_user = apiuser.AuthUser()
                     else:
                         raise JSONRPCError('userid is not the same as your user')
                 if pull_request.is_closed():
                     raise JSONRPCError(
                         'pull request `%s` comment failed, pull request is closed' % (
                             pullrequestid,))
                 if not PullRequestModel().check_user_read(
                         pull_request, apiuser, api=True):
                     raise JSONRPCError('repository `%s` does not exist' % (repoid,))
                 message = Optional.extract(message)
                 status = Optional.extract(status)
                 commit_id = Optional.extract(commit_id)
                 comment_type = Optional.extract(comment_type)
                 resolves_comment_id = Optional.extract(resolves_comment_id)
                 extra_recipients = Optional.extract(extra_recipients)
+                send_email = Optional.extract(send_email, binary=True)
                 if not message and not status:
                     raise JSONRPCError(
                         'Both message and status parameters are missing. '
                         'At least one is required.')
                 if (status not in (st[0] for st in ChangesetStatus.STATUSES) and
                         status is not None):
                     raise JSONRPCError('Unknown comment status: `%s`' % status)
                 if commit_id and commit_id not in pull_request.revisions:
                     raise JSONRPCError(
                         'Invalid commit_id `%s` for this pull request.' % commit_id)
                 allowed_to_change_status = PullRequestModel().check_user_change_status(
                     pull_request, apiuser)
                 # if commit_id is passed re-validated if user is allowed to change status
                 # based on latest commit_id from the PR
                 if commit_id:
                     commit_idx = pull_request.revisions.index(commit_id)
                     if commit_idx != 0:
                         allowed_to_change_status = False
                 if resolves_comment_id:
                     comment = ChangesetComment.get(resolves_comment_id)
                     if not comment:
                         raise JSONRPCError(
                             'Invalid resolves_comment_id `%s` for this pull request.'
                             % resolves_comment_id)
                     if comment.comment_type != ChangesetComment.COMMENT_TYPE_TODO:
                         raise JSONRPCError(
                             'Comment `%s` is wrong type for setting status to resolved.'
                             % resolves_comment_id)
                 text = message
                 status_label = ChangesetStatus.get_status_lbl(status)
                 if status and allowed_to_change_status:
                     st_message = ('Status change %(transition_icon)s %(status)s'
                                   % {'transition_icon': '>', 'status': status_label})
                     text = message or st_message
                 rc_config = SettingsModel().get_all_settings()
                 renderer = rc_config.get('rhodecode_markup_renderer', 'rst')
                 status_change = status and allowed_to_change_status
                 comment = CommentsModel().create(
                     text=text,
                     repo=pull_request.target_repo.repo_id,
                     user=apiuser.user_id,
                     pull_request=pull_request.pull_request_id,
                     f_path=None,
                     line_no=None,
                     status_change=(status_label if status_change else None),
                     status_change_type=(status if status_change else None),
                     closing_pr=False,
                     renderer=renderer,
                     comment_type=comment_type,
                     resolves_comment_id=resolves_comment_id,
                     auth_user=auth_user,
-                    extra_recipients=extra_recipients
+                    extra_recipients=extra_recipients,
+                    send_email=send_email
                 )
                 if allowed_to_change_status and status:
                     old_calculated_status = pull_request.calculated_review_status()
                     ChangesetStatusModel().set_status(
                         pull_request.target_repo.repo_id,
                         status,
                         apiuser.user_id,
                         comment,
                         pull_request=pull_request.pull_request_id
                     )
                     Session().flush()
                 Session().commit()
                 PullRequestModel().trigger_pull_request_hook(
                     pull_request, apiuser, 'comment',
                     data={'comment': comment})
                 if allowed_to_change_status and status:
                     # we now calculate the status of pull request, and based on that
                     # calculation we set the commits status
                     calculated_status = pull_request.calculated_review_status()
                     if old_calculated_status != calculated_status:
                         PullRequestModel().trigger_pull_request_hook(
                             pull_request, apiuser, 'review_status_change',
                             data={'status': calculated_status})
                 data = {
                     'pull_request_id': pull_request.pull_request_id,
                     'comment_id': comment.comment_id if comment else None,
                     'status': {'given': status, 'was_changed': status_change},
                 }
                 return data
             @jsonrpc_method()
             def create_pull_request(
                     request, apiuser, source_repo, target_repo, source_ref, target_ref,
                     owner=Optional(OAttr('apiuser')), title=Optional(''), description=Optional(''),
                     description_renderer=Optional(''), reviewers=Optional(None)):
                 """
                 Creates a new pull request.
                 Accepts refs in the following formats:
                     * branch:<branch_name>:<sha>
                     * branch:<branch_name>
                     * bookmark:<bookmark_name>:<sha> (Mercurial only)
                     * bookmark:<bookmark_name> (Mercurial only)
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param source_repo: Set the source repository name.
                 :type source_repo: str
                 :param target_repo: Set the target repository name.
                 :type target_repo: str
                 :param source_ref: Set the source ref name.
                 :type source_ref: str
                 :param target_ref: Set the target ref name.
                 :type target_ref: str
                 :param owner: user_id or username
                 :type owner: Optional(str)
                 :param title: Optionally Set the pull request title, it's generated otherwise
                 :type title: str
                 :param description: Set the pull request description.
                 :type description: Optional(str)
                 :type description_renderer: Optional(str)
                 :param description_renderer: Set pull request renderer for the description.
                     It should be 'rst', 'markdown' or 'plain'. If not give default
                     system renderer will be used
                 :param reviewers: Set the new pull request reviewers list.
                     Reviewer defined by review rules will be added automatically to the
                     defined list.
                 :type reviewers: Optional(list)
                     Accepts username strings or objects of the format:
                         [{'username': 'nick', 'reasons': ['original author'], 'mandatory': <bool>}]
                 """
                 source_db_repo = get_repo_or_error(source_repo)
                 target_db_repo = get_repo_or_error(target_repo)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin', 'repository.write', 'repository.read',)
                     validate_repo_permissions(apiuser, source_repo, source_db_repo, _perms)
                 owner = validate_set_owner_permissions(apiuser, owner)
                 full_source_ref = resolve_ref_or_error(source_ref, source_db_repo)
                 full_target_ref = resolve_ref_or_error(target_ref, target_db_repo)
                 source_scm = source_db_repo.scm_instance()
                 target_scm = target_db_repo.scm_instance()
                 source_commit = get_commit_or_error(full_source_ref, source_db_repo)
                 target_commit = get_commit_or_error(full_target_ref, target_db_repo)
                 ancestor = source_scm.get_common_ancestor(
                     source_commit.raw_id, target_commit.raw_id, target_scm)
                 if not ancestor:
                     raise JSONRPCError('no common ancestor found')
                 # recalculate target ref based on ancestor
                 target_ref_type, target_ref_name, __ = full_target_ref.split(':')
                 full_target_ref = ':'.join((target_ref_type, target_ref_name, ancestor))
                 commit_ranges = target_scm.compare(
                     target_commit.raw_id, source_commit.raw_id, source_scm,
                     merge=True, pre_load=[])
                 if not commit_ranges:
                     raise JSONRPCError('no commits found')
                 reviewer_objects = Optional.extract(reviewers) or []
                 # serialize and validate passed in given reviewers
                 if reviewer_objects:
                     schema = ReviewerListSchema()
                     try:
                         reviewer_objects = schema.deserialize(reviewer_objects)
                     except Invalid as err:
                         raise JSONRPCValidationError(colander_exc=err)
                     # validate users
                     for reviewer_object in reviewer_objects:
                         user = get_user_or_error(reviewer_object['username'])
                         reviewer_object['user_id'] = user.user_id
                 get_default_reviewers_data, validate_default_reviewers = \
                     PullRequestModel().get_reviewer_functions()
                 # recalculate reviewers logic, to make sure we can validate this
                 reviewer_rules = get_default_reviewers_data(
                     owner, source_db_repo,
                     source_commit, target_db_repo, target_commit)
                 # now MERGE our given with the calculated
                 reviewer_objects = reviewer_rules['reviewers'] + reviewer_objects
                 try:
                     reviewers = validate_default_reviewers(
                         reviewer_objects, reviewer_rules)
                 except ValueError as e:
                     raise JSONRPCError('Reviewers Validation: {}'.format(e))
                 title = Optional.extract(title)
                 if not title:
                     title_source_ref = source_ref.split(':', 2)[1]
                     title = PullRequestModel().generate_pullrequest_title(
                         source=source_repo,
                         source_ref=title_source_ref,
                         target=target_repo
                     )
                 # fetch renderer, if set fallback to plain in case of PR
                 rc_config = SettingsModel().get_all_settings()
                 default_system_renderer = rc_config.get('rhodecode_markup_renderer', 'plain')
                 description = Optional.extract(description)
                 description_renderer = Optional.extract(description_renderer) or default_system_renderer
                 pull_request = PullRequestModel().create(
                     created_by=owner.user_id,
                     source_repo=source_repo,
                     source_ref=full_source_ref,
                     target_repo=target_repo,
                     target_ref=full_target_ref,
                     revisions=[commit.raw_id for commit in reversed(commit_ranges)],
                     reviewers=reviewers,
                     title=title,
                     description=description,
                     description_renderer=description_renderer,
                     reviewer_data=reviewer_rules,
                     auth_user=apiuser
                 )
                 Session().commit()
                 data = {
                     'msg': 'Created new pull request `{}`'.format(title),
                     'pull_request_id': pull_request.pull_request_id,
                 }
                 return data
             @jsonrpc_method()
             def update_pull_request(
                     request, apiuser, pullrequestid, repoid=Optional(None),
                     title=Optional(''), description=Optional(''), description_renderer=Optional(''),
                     reviewers=Optional(None), update_commits=Optional(None)):
                 """
                 Updates a pull request.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Optional repository name or repository ID.
                 :type repoid: str or int
                 :param pullrequestid: The pull request ID.
                 :type pullrequestid: int
                 :param title: Set the pull request title.
                 :type title: str
                 :param description: Update pull request description.
                 :type description: Optional(str)
                 :type description_renderer: Optional(str)
                 :param description_renderer: Update pull request renderer for the description.
                     It should be 'rst', 'markdown' or 'plain'
                 :param reviewers: Update pull request reviewers list with new value.
                 :type reviewers: Optional(list)
                     Accepts username strings or objects of the format:
                         [{'username': 'nick', 'reasons': ['original author'], 'mandatory': <bool>}]
                 :param update_commits: Trigger update of commits for this pull request
                 :type: update_commits: Optional(bool)
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result : {
                         "msg": "Updated pull request `63`",
                         "pull_request": <pull_request_object>,
                         "updated_reviewers": {
                           "added": [
                             "username"
                           ],
                           "removed": []
                         },
                         "updated_commits": {
                           "added": [
                             "<sha1_hash>"
                           ],
                           "common": [
                             "<sha1_hash>",
                             "<sha1_hash>",
                           ],
                           "removed": []
                         }
                     }
                     error :  null
                 """
                 pull_request = get_pull_request_or_error(pullrequestid)
                 if Optional.extract(repoid):
                     repo = get_repo_or_error(repoid)
                 else:
                     repo = pull_request.target_repo
                 if not PullRequestModel().check_user_update(
                         pull_request, apiuser, api=True):
                     raise JSONRPCError(
                         'pull request `%s` update failed, no permission to update.' % (
                             pullrequestid,))
                 if pull_request.is_closed():
                     raise JSONRPCError(
                         'pull request `%s` update failed, pull request is closed' % (
                             pullrequestid,))
                 reviewer_objects = Optional.extract(reviewers) or []
                 if reviewer_objects:
                     schema = ReviewerListSchema()
                     try:
                         reviewer_objects = schema.deserialize(reviewer_objects)
                     except Invalid as err:
                         raise JSONRPCValidationError(colander_exc=err)
                     # validate users
                     for reviewer_object in reviewer_objects:
                         user = get_user_or_error(reviewer_object['username'])
                         reviewer_object['user_id'] = user.user_id
                     get_default_reviewers_data, get_validated_reviewers = \
                         PullRequestModel().get_reviewer_functions()
                     # re-use stored rules
                     reviewer_rules = pull_request.reviewer_data
                     try:
                         reviewers = get_validated_reviewers(
                             reviewer_objects, reviewer_rules)
                     except ValueError as e:
                         raise JSONRPCError('Reviewers Validation: {}'.format(e))
                 else:
                     reviewers = []
                 title = Optional.extract(title)
                 description = Optional.extract(description)
                 description_renderer = Optional.extract(description_renderer)
                 if title or description:
                     PullRequestModel().edit(
                         pull_request,
                         title or pull_request.title,
                         description or pull_request.description,
                         description_renderer or pull_request.description_renderer,
                         apiuser)
                     Session().commit()
                 commit_changes = {"added": [], "common": [], "removed": []}
                 if str2bool(Optional.extract(update_commits)):
                     if pull_request.pull_request_state != PullRequest.STATE_CREATED:
                         raise JSONRPCError(
                             'Operation forbidden because pull request is in state {}, '
                             'only state {} is allowed.'.format(
                                 pull_request.pull_request_state, PullRequest.STATE_CREATED))
                     with pull_request.set_state(PullRequest.STATE_UPDATING):
                         if PullRequestModel().has_valid_update_type(pull_request):
                             db_user = apiuser.get_instance()
                             update_response = PullRequestModel().update_commits(
                                 pull_request, db_user)
                             commit_changes = update_response.changes or commit_changes
                         Session().commit()
                 reviewers_changes = {"added": [], "removed": []}
                 if reviewers:
                     old_calculated_status = pull_request.calculated_review_status()
                     added_reviewers, removed_reviewers = \
                         PullRequestModel().update_reviewers(pull_request, reviewers, apiuser)
                     reviewers_changes['added'] = sorted(
                         [get_user_or_error(n).username for n in added_reviewers])
                     reviewers_changes['removed'] = sorted(
                         [get_user_or_error(n).username for n in removed_reviewers])
                     Session().commit()
                     # trigger status changed if change in reviewers changes the status
                     calculated_status = pull_request.calculated_review_status()
                     if old_calculated_status != calculated_status:
                         PullRequestModel().trigger_pull_request_hook(
                             pull_request, apiuser, 'review_status_change',
                             data={'status': calculated_status})
                 data = {
                     'msg': 'Updated pull request `{}`'.format(
                         pull_request.pull_request_id),
                     'pull_request': pull_request.get_api_data(),
                     'updated_commits': commit_changes,
                     'updated_reviewers': reviewers_changes
                 }
                 return data
             @jsonrpc_method()
             def close_pull_request(
                     request, apiuser, pullrequestid, repoid=Optional(None),
                     userid=Optional(OAttr('apiuser')), message=Optional('')):
                 """
                 Close the pull request specified by `pullrequestid`.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Repository name or repository ID to which the pull
                     request belongs.
                 :type repoid: str or int
                 :param pullrequestid: ID of the pull request to be closed.
                 :type pullrequestid: int
                 :param userid: Close the pull request as this user.
                 :type userid: Optional(str or int)
                 :param message: Optional message to close the Pull Request with. If not
                     specified it will be generated automatically.
                 :type message: Optional(str)
                 Example output:
                 .. code-block:: bash
                     "id": <id_given_in_input>,
                     "result": {
                         "pull_request_id":  "<int>",
                         "close_status":     "<str:status_lbl>,
                         "closed":           "<bool>"
                     },
                     "error": null
                 """
                 _ = request.translate
                 pull_request = get_pull_request_or_error(pullrequestid)
                 if Optional.extract(repoid):
                     repo = get_repo_or_error(repoid)
                 else:
                     repo = pull_request.target_repo
                 if not isinstance(userid, Optional):
                     if (has_superadmin_permission(apiuser) or
                             HasRepoPermissionAnyApi('repository.admin')(
                                 user=apiuser, repo_name=repo.repo_name)):
                         apiuser = get_user_or_error(userid)
                     else:
                         raise JSONRPCError('userid is not the same as your user')
                 if pull_request.is_closed():
                     raise JSONRPCError(
                         'pull request `%s` is already closed' % (pullrequestid,))
                 # only owner or admin or person with write permissions
                 allowed_to_close = PullRequestModel().check_user_update(
                         pull_request, apiuser, api=True)
                 if not allowed_to_close:
                     raise JSONRPCError(
                         'pull request `%s` close failed, no permission to close.' % (
                             pullrequestid,))
                 # message we're using to close the PR, else it's automatically generated
                 message = Optional.extract(message)
                 # finally close the PR, with proper message comment
                 comment, status = PullRequestModel().close_pull_request_with_comment(
                     pull_request, apiuser, repo, message=message, auth_user=apiuser)
                 status_lbl = ChangesetStatus.get_status_lbl(status)
                 Session().commit()
                 data = {
                     'pull_request_id': pull_request.pull_request_id,
                     'close_status': status_lbl,
                     'closed': True,
                 }
                 return data

rhodecode/api/views/repo_api.py

0 +6 -2

             # -*- coding: utf-8 -*-
             # Copyright (C) 2011-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import time
             import rhodecode
             from rhodecode.api import (
                 jsonrpc_method, JSONRPCError, JSONRPCForbidden, JSONRPCValidationError)
             from rhodecode.api.utils import (
                 has_superadmin_permission, Optional, OAttr, get_repo_or_error,
                 get_user_group_or_error, get_user_or_error, validate_repo_permissions,
                 get_perm_or_error, parse_args, get_origin, build_commit_data,
                 validate_set_owner_permissions)
             from rhodecode.lib import audit_logger, rc_cache
             from rhodecode.lib import repo_maintenance
             from rhodecode.lib.auth import HasPermissionAnyApi, HasUserGroupPermissionAnyApi
             from rhodecode.lib.celerylib.utils import get_task_id
             from rhodecode.lib.utils2 import str2bool, time_to_datetime, safe_str, safe_int
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.exceptions import StatusChangeOnClosedPullRequestError
             from rhodecode.lib.vcs import RepositoryError
             from rhodecode.lib.vcs.exceptions import NodeDoesNotExistError
             from rhodecode.model.changeset_status import ChangesetStatusModel
             from rhodecode.model.comment import CommentsModel
             from rhodecode.model.db import (
                 Session, ChangesetStatus, RepositoryField, Repository, RepoGroup,
                 ChangesetComment)
             from rhodecode.model.permission import PermissionModel
             from rhodecode.model.repo import RepoModel
             from rhodecode.model.scm import ScmModel, RepoList
             from rhodecode.model.settings import SettingsModel, VcsSettingsModel
             from rhodecode.model import validation_schema
             from rhodecode.model.validation_schema.schemas import repo_schema
             log = logging.getLogger(__name__)
             @jsonrpc_method()
             def get_repo(request, apiuser, repoid, cache=Optional(True)):
                 """
                 Gets an existing repository by its name or repository_id.
                 The members section so the output returns users groups or users
                 associated with that repository.
                 This command can only be run using an |authtoken| with admin rights,
                 or users with at least read rights to the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository id.
                 :type repoid: str or int
                 :param cache: use the cached value for last changeset
                 :type: cache: Optional(bool)
                 Example output:
                 .. code-block:: bash
                     {
                       "error": null,
                       "id": <repo_id>,
                       "result": {
                         "clone_uri": null,
                         "created_on": "timestamp",
                         "description": "repo description",
                         "enable_downloads": false,
                         "enable_locking": false,
                         "enable_statistics": false,
                         "followers": [
                           {
                             "active": true,
                             "admin": false,
                             "api_key": "****************************************",
                             "api_keys": [
                               "****************************************"
                             ],
                             "email": "user@example.com",
                             "emails": [
                               "user@example.com"
                             ],
                             "extern_name": "rhodecode",
                             "extern_type": "rhodecode",
                             "firstname": "username",
                             "ip_addresses": [],
                             "language": null,
                             "last_login": "2015-09-16T17:16:35.854",
                             "lastname": "surname",
                             "user_id": <user_id>,
                             "username": "name"
                           }
                         ],
                         "fork_of": "parent-repo",
                         "landing_rev": [
                           "rev",
                           "tip"
                         ],
                         "last_changeset": {
                           "author": "User <user@example.com>",
                           "branch": "default",
                           "date": "timestamp",
                           "message": "last commit message",
                           "parents": [
                             {
                               "raw_id": "commit-id"
                             }
                           ],
                           "raw_id": "commit-id",
                           "revision": <revision number>,
                           "short_id": "short id"
                         },
                         "lock_reason": null,
                         "locked_by": null,
                         "locked_date": null,
                         "owner": "owner-name",
                         "permissions": [
                           {
                             "name": "super-admin-name",
                             "origin": "super-admin",
                             "permission": "repository.admin",
                             "type": "user"
                           },
                           {
                             "name": "owner-name",
                             "origin": "owner",
                             "permission": "repository.admin",
                             "type": "user"
                           },
                           {
                             "name": "user-group-name",
                             "origin": "permission",
                             "permission": "repository.write",
                             "type": "user_group"
                           }
                         ],
                         "private": true,
                         "repo_id": 676,
                         "repo_name": "user-group/repo-name",
                         "repo_type": "hg"
                       }
                     }
                 """
                 repo = get_repo_or_error(repoid)
                 cache = Optional.extract(cache)
                 include_secrets = False
                 if has_superadmin_permission(apiuser):
                     include_secrets = True
                 else:
                     # check if we have at least read permission for this repo !
                     _perms = (
                         'repository.admin', 'repository.write', 'repository.read',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 permissions = []
                 for _user in repo.permissions():
                     user_data = {
                         'name': _user.username,
                         'permission': _user.permission,
                         'origin': get_origin(_user),
                         'type': "user",
                     }
                     permissions.append(user_data)
                 for _user_group in repo.permission_user_groups():
                     user_group_data = {
                         'name': _user_group.users_group_name,
                         'permission': _user_group.permission,
                         'origin': get_origin(_user_group),
                         'type': "user_group",
                     }
                     permissions.append(user_group_data)
                 following_users = [
                     user.user.get_api_data(include_secrets=include_secrets)
                     for user in repo.followers]
                 if not cache:
                     repo.update_commit_cache()
                 data = repo.get_api_data(include_secrets=include_secrets)
                 data['permissions'] = permissions
                 data['followers'] = following_users
                 return data
             @jsonrpc_method()
             def get_repos(request, apiuser, root=Optional(None), traverse=Optional(True)):
                 """
                 Lists all existing repositories.
                 This command can only be run using an |authtoken| with admin rights,
                 or users with at least read rights to |repos|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param root: specify root repository group to fetch repositories.
                     filters the returned repositories to be members of given root group.
                 :type root: Optional(None)
                 :param traverse: traverse given root into subrepositories. With this flag
                     set to False, it will only return top-level repositories from `root`.
                     if root is empty it will return just top-level repositories.
                 :type traverse: Optional(True)
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: [
                               {
                                 "repo_id" :          "<repo_id>",
                                 "repo_name" :        "<reponame>"
                                 "repo_type" :        "<repo_type>",
                                 "clone_uri" :        "<clone_uri>",
                                 "private": :         "<bool>",
                                 "created_on" :       "<datetimecreated>",
                                 "description" :      "<description>",
                                 "landing_rev":       "<landing_rev>",
                                 "owner":             "<repo_owner>",
                                 "fork_of":           "<name_of_fork_parent>",
                                 "enable_downloads":  "<bool>",
                                 "enable_locking":    "<bool>",
                                 "enable_statistics": "<bool>",
                               },
                               ...
                             ]
                     error:  null
                 """
                 include_secrets = has_superadmin_permission(apiuser)
                 _perms = ('repository.read', 'repository.write', 'repository.admin',)
                 extras = {'user': apiuser}
                 root = Optional.extract(root)
                 traverse = Optional.extract(traverse, binary=True)
                 if root:
                     # verify parent existance, if it's empty return an error
                     parent = RepoGroup.get_by_group_name(root)
                     if not parent:
                         raise JSONRPCError(
                             'Root repository group `{}` does not exist'.format(root))
                     if traverse:
                         repos = RepoModel().get_repos_for_root(root=root, traverse=traverse)
                     else:
                         repos = RepoModel().get_repos_for_root(root=parent)
                 else:
                     if traverse:
                         repos = RepoModel().get_all()
                     else:
                         # return just top-level
                         repos = RepoModel().get_repos_for_root(root=None)
                 repo_list = RepoList(repos, perm_set=_perms, extra_kwargs=extras)
                 return [repo.get_api_data(include_secrets=include_secrets)
                         for repo in repo_list]
             @jsonrpc_method()
             def get_repo_changeset(request, apiuser, repoid, revision,
                                    details=Optional('basic')):
                 """
                 Returns information about a changeset.
                 Additionally parameters define the amount of details returned by
                 this function.
                 This command can only be run using an |authtoken| with admin rights,
                 or users with at least read rights to the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository id
                 :type repoid: str or int
                 :param revision: revision for which listing should be done
                 :type revision: str
                 :param details: details can be 'basic|extended|full' full gives diff
                     info details like the diff itself, and number of changed files etc.
                 :type details: Optional(str)
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = (
                         'repository.admin', 'repository.write', 'repository.read',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 changes_details = Optional.extract(details)
                 _changes_details_types = ['basic', 'extended', 'full']
                 if changes_details not in _changes_details_types:
                     raise JSONRPCError(
                         'ret_type must be one of %s' % (
                             ','.join(_changes_details_types)))
                 pre_load = ['author', 'branch', 'date', 'message', 'parents',
                             'status', '_commit', '_file_paths']
                 try:
                     cs = repo.get_commit(commit_id=revision, pre_load=pre_load)
                 except TypeError as e:
                     raise JSONRPCError(safe_str(e))
                 _cs_json = cs.__json__()
                 _cs_json['diff'] = build_commit_data(cs, changes_details)
                 if changes_details == 'full':
                     _cs_json['refs'] = cs._get_refs()
                 return _cs_json
             @jsonrpc_method()
             def get_repo_changesets(request, apiuser, repoid, start_rev, limit,
                                     details=Optional('basic')):
                 """
                 Returns a set of commits limited by the number starting
                 from the `start_rev` option.
                 Additional parameters define the amount of details returned by this
                 function.
                 This command can only be run using an |authtoken| with admin rights,
                 or users with at least read rights to |repos|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository ID.
                 :type repoid: str or int
                 :param start_rev: The starting revision from where to get changesets.
                 :type start_rev: str
                 :param limit: Limit the number of commits to this amount
                 :type limit: str or int
                 :param details: Set the level of detail returned. Valid option are:
                     ``basic``, ``extended`` and ``full``.
                 :type details: Optional(str)
                 .. note::
                    Setting the parameter `details` to the value ``full`` is extensive
                    and returns details like the diff itself, and the number
                    of changed files.
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = (
                         'repository.admin', 'repository.write', 'repository.read',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 changes_details = Optional.extract(details)
                 _changes_details_types = ['basic', 'extended', 'full']
                 if changes_details not in _changes_details_types:
                     raise JSONRPCError(
                         'ret_type must be one of %s' % (
                             ','.join(_changes_details_types)))
                 limit = int(limit)
                 pre_load = ['author', 'branch', 'date', 'message', 'parents',
                             'status', '_commit', '_file_paths']
                 vcs_repo = repo.scm_instance()
                 # SVN needs a special case to distinguish its index and commit id
                 if vcs_repo and vcs_repo.alias == 'svn' and (start_rev == '0'):
                     start_rev = vcs_repo.commit_ids[0]
                 try:
                     commits = vcs_repo.get_commits(
                         start_id=start_rev, pre_load=pre_load, translate_tags=False)
                 except TypeError as e:
                     raise JSONRPCError(safe_str(e))
                 except Exception:
                     log.exception('Fetching of commits failed')
                     raise JSONRPCError('Error occurred during commit fetching')
                 ret = []
                 for cnt, commit in enumerate(commits):
                     if cnt >= limit != -1:
                         break
                     _cs_json = commit.__json__()
                     _cs_json['diff'] = build_commit_data(commit, changes_details)
                     if changes_details == 'full':
                         _cs_json['refs'] = {
                             'branches': [commit.branch],
                             'bookmarks': getattr(commit, 'bookmarks', []),
                             'tags': commit.tags
                         }
                     ret.append(_cs_json)
                 return ret
             @jsonrpc_method()
             def get_repo_nodes(request, apiuser, repoid, revision, root_path,
                                ret_type=Optional('all'), details=Optional('basic'),
                                max_file_bytes=Optional(None)):
                 """
                 Returns a list of nodes and children in a flat list for a given
                 path at given revision.
                 It's possible to specify ret_type to show only `files` or `dirs`.
                 This command can only be run using an |authtoken| with admin rights,
                 or users with at least read rights to |repos|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository ID.
                 :type repoid: str or int
                 :param revision: The revision for which listing should be done.
                 :type revision: str
                 :param root_path: The path from which to start displaying.
                 :type root_path: str
                 :param ret_type: Set the return type. Valid options are
                     ``all`` (default), ``files`` and ``dirs``.
                 :type ret_type: Optional(str)
                 :param details: Returns extended information about nodes, such as
                     md5, binary, and or content.
                     The valid options are ``basic`` and ``full``.
                 :type details: Optional(str)
                 :param max_file_bytes: Only return file content under this file size bytes
                 :type details: Optional(int)
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: [
                                 {
                                   "binary": false,
                                   "content": "File line",
                                   "extension": "md",
                                   "lines": 2,
                                   "md5": "059fa5d29b19c0657e384749480f6422",
                                   "mimetype": "text/x-minidsrc",
                                   "name": "file.md",
                                   "size": 580,
                                   "type": "file"
                                 },
                               ...
                             ]
                     error:  null
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin', 'repository.write', 'repository.read',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 ret_type = Optional.extract(ret_type)
                 details = Optional.extract(details)
                 _extended_types = ['basic', 'full']
                 if details not in _extended_types:
                     raise JSONRPCError('ret_type must be one of %s' % (','.join(_extended_types)))
                 extended_info = False
                 content = False
                 if details == 'basic':
                     extended_info = True
                 if details == 'full':
                     extended_info = content = True
                 _map = {}
                 try:
                     # check if repo is not empty by any chance, skip quicker if it is.
                     _scm = repo.scm_instance()
                     if _scm.is_empty():
                         return []
                     _d, _f = ScmModel().get_nodes(
                         repo, revision, root_path, flat=False,
                         extended_info=extended_info, content=content,
                         max_file_bytes=max_file_bytes)
                     _map = {
                         'all': _d + _f,
                         'files': _f,
                         'dirs': _d,
                     }
                     return _map[ret_type]
                 except KeyError:
                     raise JSONRPCError(
                         'ret_type must be one of %s' % (','.join(sorted(_map.keys()))))
                 except Exception:
                     log.exception("Exception occurred while trying to get repo nodes")
                     raise JSONRPCError(
                         'failed to get repo: `%s` nodes' % repo.repo_name
                     )
             @jsonrpc_method()
             def get_repo_file(request, apiuser, repoid, commit_id, file_path,
                               max_file_bytes=Optional(None), details=Optional('basic'),
                               cache=Optional(True)):
                 """
                 Returns a single file from repository at given revision.
                 This command can only be run using an |authtoken| with admin rights,
                 or users with at least read rights to |repos|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository ID.
                 :type repoid: str or int
                 :param commit_id: The revision for which listing should be done.
                 :type commit_id: str
                 :param file_path: The path from which to start displaying.
                 :type file_path: str
                 :param details: Returns different set of information about nodes.
                     The valid options are ``minimal`` ``basic`` and ``full``.
                 :type details: Optional(str)
                 :param max_file_bytes: Only return file content under this file size bytes
                 :type max_file_bytes: Optional(int)
                 :param cache: Use internal caches for fetching files. If disabled fetching
                     files is slower but more memory efficient
                 :type cache: Optional(bool)
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                         "binary": false,
                         "extension": "py",
                         "lines": 35,
                         "content": "....",
                         "md5": "76318336366b0f17ee249e11b0c99c41",
                         "mimetype": "text/x-python",
                         "name": "python.py",
                         "size": 817,
                         "type": "file",
                     }
                     error:  null
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin', 'repository.write', 'repository.read',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 cache = Optional.extract(cache, binary=True)
                 details = Optional.extract(details)
                 _extended_types = ['minimal', 'minimal+search', 'basic', 'full']
                 if details not in _extended_types:
                     raise JSONRPCError(
                         'ret_type must be one of %s, got %s' % (','.join(_extended_types)), details)
                 extended_info = False
                 content = False
                 if details == 'minimal':
                     extended_info = False
                 elif details == 'basic':
                     extended_info = True
                 elif details == 'full':
                     extended_info = content = True
                 try:
                     # check if repo is not empty by any chance, skip quicker if it is.
                     _scm = repo.scm_instance()
                     if _scm.is_empty():
                         return None
                     node = ScmModel().get_node(
                         repo, commit_id, file_path, extended_info=extended_info,
                         content=content, max_file_bytes=max_file_bytes, cache=cache)
                 except NodeDoesNotExistError:
                     raise JSONRPCError('There is no file in repo: `{}` at path `{}` for commit: `{}`'.format(
                         repo.repo_name, file_path, commit_id))
                 except Exception:
                     log.exception("Exception occurred while trying to get repo %s file",
                                   repo.repo_name)
                     raise JSONRPCError('failed to get repo: `{}` file at path {}'.format(
                         repo.repo_name, file_path))
                 return node
             @jsonrpc_method()
             def get_repo_fts_tree(request, apiuser, repoid, commit_id, root_path):
                 """
                 Returns a list of tree nodes for path at given revision. This api is built
                 strictly for usage in full text search building, and shouldn't be consumed
                 This command can only be run using an |authtoken| with admin rights,
                 or users with at least read rights to |repos|.
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin', 'repository.write', 'repository.read',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 repo_id = repo.repo_id
                 cache_seconds = safe_int(rhodecode.CONFIG.get('rc_cache.cache_repo.expiration_time'))
                 cache_on = cache_seconds > 0
                 cache_namespace_uid = 'cache_repo.{}'.format(repo_id)
                 region = rc_cache.get_or_create_region('cache_repo', cache_namespace_uid)
                 def compute_fts_tree(cache_ver, repo_id, commit_id, root_path):
                     return ScmModel().get_fts_data(repo_id, commit_id, root_path)
                 try:
                     # check if repo is not empty by any chance, skip quicker if it is.
                     _scm = repo.scm_instance()
                     if _scm.is_empty():
                         return []
                 except RepositoryError:
                     log.exception("Exception occurred while trying to get repo nodes")
                     raise JSONRPCError('failed to get repo: `%s` nodes' % repo.repo_name)
                 try:
                     # we need to resolve commit_id to a FULL sha for cache to work correctly.
                     # sending 'master' is a pointer that needs to be translated to current commit.
                     commit_id = _scm.get_commit(commit_id=commit_id).raw_id
                     log.debug(
                         'Computing FTS REPO TREE for repo_id %s commit_id `%s` '
                         'with caching: %s[TTL: %ss]' % (
                             repo_id, commit_id, cache_on, cache_seconds or 0))
                     tree_files = compute_fts_tree(rc_cache.FILE_TREE_CACHE_VER, repo_id, commit_id, root_path)
                     return tree_files
                 except Exception:
                     log.exception("Exception occurred while trying to get repo nodes")
                     raise JSONRPCError('failed to get repo: `%s` nodes' % repo.repo_name)
             @jsonrpc_method()
             def get_repo_refs(request, apiuser, repoid):
                 """
                 Returns a dictionary of current references. It returns
                 bookmarks, branches, closed_branches, and tags for given repository
                 It's possible to specify ret_type to show only `files` or `dirs`.
                 This command can only be run using an |authtoken| with admin rights,
                 or users with at least read rights to |repos|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository ID.
                 :type repoid: str or int
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     "result": {
                         "bookmarks": {
                           "dev": "5611d30200f4040ba2ab4f3d64e5b06408a02188",
                           "master": "367f590445081d8ec8c2ea0456e73ae1f1c3d6cf"
                         },
                         "branches": {
                           "default": "5611d30200f4040ba2ab4f3d64e5b06408a02188",
                           "stable": "367f590445081d8ec8c2ea0456e73ae1f1c3d6cf"
                         },
                         "branches_closed": {},
                         "tags": {
                           "tip": "5611d30200f4040ba2ab4f3d64e5b06408a02188",
                           "v4.4.0": "1232313f9e6adac5ce5399c2a891dc1e72b79022",
                           "v4.4.1": "cbb9f1d329ae5768379cdec55a62ebdd546c4e27",
                           "v4.4.2": "24ffe44a27fcd1c5b6936144e176b9f6dd2f3a17",
                         }
                     }
                     error:  null
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin', 'repository.write', 'repository.read',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 try:
                     # check if repo is not empty by any chance, skip quicker if it is.
                     vcs_instance = repo.scm_instance()
                     refs = vcs_instance.refs()
                     return refs
                 except Exception:
                     log.exception("Exception occurred while trying to get repo refs")
                     raise JSONRPCError(
                         'failed to get repo: `%s` references' % repo.repo_name
                     )
             @jsonrpc_method()
             def create_repo(
                     request, apiuser, repo_name, repo_type,
                     owner=Optional(OAttr('apiuser')),
                     description=Optional(''),
                     private=Optional(False),
                     clone_uri=Optional(None),
                     push_uri=Optional(None),
                     landing_rev=Optional(None),
                     enable_statistics=Optional(False),
                     enable_locking=Optional(False),
                     enable_downloads=Optional(False),
                     copy_permissions=Optional(False)):
                 """
                 Creates a repository.
                 * If the repository name contains "/", repository will be created inside
                   a repository group or nested repository groups
                   For example "foo/bar/repo1" will create |repo| called "repo1" inside
                   group "foo/bar". You have to have permissions to access and write to
                   the last repository group ("bar" in this example)
                 This command can only be run using an |authtoken| with at least
                 permissions to create repositories, or write permissions to
                 parent repository groups.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repo_name: Set the repository name.
                 :type repo_name: str
                 :param repo_type: Set the repository type; 'hg','git', or 'svn'.
                 :type repo_type: str
                 :param owner: user_id or username
                 :type owner: Optional(str)
                 :param description: Set the repository description.
                 :type description: Optional(str)
                 :param private: set repository as private
                 :type private: bool
                 :param clone_uri: set clone_uri
                 :type clone_uri: str
                 :param push_uri: set push_uri
                 :type push_uri: str
                 :param landing_rev: <rev_type>:<rev>, e.g branch:default, book:dev, rev:abcd
                 :type landing_rev: str
                 :param enable_locking:
                 :type enable_locking: bool
                 :param enable_downloads:
                 :type enable_downloads: bool
                 :param enable_statistics:
                 :type enable_statistics: bool
                 :param copy_permissions: Copy permission from group in which the
                     repository is being created.
                 :type copy_permissions: bool
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                               "msg": "Created new repository `<reponame>`",
                               "success": true,
                               "task": "<celery task id or None if done sync>"
                             }
                     error:  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                      'failed to create repository `<repo_name>`'
                   }
                 """
                 owner = validate_set_owner_permissions(apiuser, owner)
                 description = Optional.extract(description)
                 copy_permissions = Optional.extract(copy_permissions)
                 clone_uri = Optional.extract(clone_uri)
                 push_uri = Optional.extract(push_uri)
                 defs = SettingsModel().get_default_repo_settings(strip_prefix=True)
                 if isinstance(private, Optional):
                     private = defs.get('repo_private') or Optional.extract(private)
                 if isinstance(repo_type, Optional):
                     repo_type = defs.get('repo_type')
                 if isinstance(enable_statistics, Optional):
                     enable_statistics = defs.get('repo_enable_statistics')
                 if isinstance(enable_locking, Optional):
                     enable_locking = defs.get('repo_enable_locking')
                 if isinstance(enable_downloads, Optional):
                     enable_downloads = defs.get('repo_enable_downloads')
                 landing_ref, _label = ScmModel.backend_landing_ref(repo_type)
                 ref_choices, _labels = ScmModel().get_repo_landing_revs(request.translate)
                 ref_choices = list(set(ref_choices + [landing_ref]))
                 landing_commit_ref = Optional.extract(landing_rev) or landing_ref
                 schema = repo_schema.RepoSchema().bind(
                     repo_type_options=rhodecode.BACKENDS.keys(),
                     repo_ref_options=ref_choices,
                     repo_type=repo_type,
                     # user caller
                     user=apiuser)
                 try:
                     schema_data = schema.deserialize(dict(
                         repo_name=repo_name,
                         repo_type=repo_type,
                         repo_owner=owner.username,
                         repo_description=description,
                         repo_landing_commit_ref=landing_commit_ref,
                         repo_clone_uri=clone_uri,
                         repo_push_uri=push_uri,
                         repo_private=private,
                         repo_copy_permissions=copy_permissions,
                         repo_enable_statistics=enable_statistics,
                         repo_enable_downloads=enable_downloads,
                         repo_enable_locking=enable_locking))
                 except validation_schema.Invalid as err:
                     raise JSONRPCValidationError(colander_exc=err)
                 try:
                     data = {
                         'owner': owner,
                         'repo_name': schema_data['repo_group']['repo_name_without_group'],
                         'repo_name_full': schema_data['repo_name'],
                         'repo_group': schema_data['repo_group']['repo_group_id'],
                         'repo_type': schema_data['repo_type'],
                         'repo_description': schema_data['repo_description'],
                         'repo_private': schema_data['repo_private'],
                         'clone_uri': schema_data['repo_clone_uri'],
                         'push_uri': schema_data['repo_push_uri'],
                         'repo_landing_rev': schema_data['repo_landing_commit_ref'],
                         'enable_statistics': schema_data['repo_enable_statistics'],
                         'enable_locking': schema_data['repo_enable_locking'],
                         'enable_downloads': schema_data['repo_enable_downloads'],
                         'repo_copy_permissions': schema_data['repo_copy_permissions'],
                     }
                     task = RepoModel().create(form_data=data, cur_user=owner.user_id)
                     task_id = get_task_id(task)
                     # no commit, it's done in RepoModel, or async via celery
                     return {
                         'msg': "Created new repository `%s`" % (schema_data['repo_name'],),
                         'success': True,  # cannot return the repo data here since fork
                         # can be done async
                         'task': task_id
                     }
                 except Exception:
                     log.exception(
                         u"Exception while trying to create the repository %s",
                         schema_data['repo_name'])
                     raise JSONRPCError(
                         'failed to create repository `%s`' % (schema_data['repo_name'],))
             @jsonrpc_method()
             def add_field_to_repo(request, apiuser, repoid, key, label=Optional(''),
                                   description=Optional('')):
                 """
                 Adds an extra field to a repository.
                 This command can only be run using an |authtoken| with at least
                 write permissions to the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository id.
                 :type repoid: str or int
                 :param key: Create a unique field key for this repository.
                 :type key: str
                 :param label:
                 :type label: Optional(str)
                 :param description:
                 :type description: Optional(str)
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 label = Optional.extract(label) or key
                 description = Optional.extract(description)
                 field = RepositoryField.get_by_key_name(key, repo)
                 if field:
                     raise JSONRPCError('Field with key '
                                        '`%s` exists for repo `%s`' % (key, repoid))
                 try:
                     RepoModel().add_repo_field(repo, key, field_label=label,
                                                field_desc=description)
                     Session().commit()
                     return {
                         'msg': "Added new repository field `%s`" % (key,),
                         'success': True,
                     }
                 except Exception:
                     log.exception("Exception occurred while trying to add field to repo")
                     raise JSONRPCError(
                         'failed to create new field for repository `%s`' % (repoid,))
             @jsonrpc_method()
             def remove_field_from_repo(request, apiuser, repoid, key):
                 """
                 Removes an extra field from a repository.
                 This command can only be run using an |authtoken| with at least
                 write permissions to the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param key: Set the unique field key for this repository.
                 :type key: str
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 field = RepositoryField.get_by_key_name(key, repo)
                 if not field:
                     raise JSONRPCError('Field with key `%s` does not '
                                        'exists for repo `%s`' % (key, repoid))
                 try:
                     RepoModel().delete_repo_field(repo, field_key=key)
                     Session().commit()
                     return {
                         'msg': "Deleted repository field `%s`" % (key,),
                         'success': True,
                     }
                 except Exception:
                     log.exception(
                         "Exception occurred while trying to delete field from repo")
                     raise JSONRPCError(
                         'failed to delete field for repository `%s`' % (repoid,))
             @jsonrpc_method()
             def update_repo(
                     request, apiuser, repoid, repo_name=Optional(None),
                     owner=Optional(OAttr('apiuser')), description=Optional(''),
                     private=Optional(False),
                     clone_uri=Optional(None), push_uri=Optional(None),
                     landing_rev=Optional(None), fork_of=Optional(None),
                     enable_statistics=Optional(False),
                     enable_locking=Optional(False),
                     enable_downloads=Optional(False), fields=Optional('')):
                 """
                 Updates a repository with the given information.
                 This command can only be run using an |authtoken| with at least
                 admin permissions to the |repo|.
                 * If the repository name contains "/", repository will be updated
                   accordingly with a repository group or nested repository groups
                   For example repoid=repo-test name="foo/bar/repo-test" will update |repo|
                   called "repo-test" and place it inside group "foo/bar".
                   You have to have permissions to access and write to the last repository
                   group ("bar" in this example)
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: repository name or repository ID.
                 :type repoid: str or int
                 :param repo_name: Update the |repo| name, including the
                     repository group it's in.
                 :type repo_name: str
                 :param owner: Set the |repo| owner.
                 :type owner: str
                 :param fork_of: Set the |repo| as fork of another |repo|.
                 :type fork_of: str
                 :param description: Update the |repo| description.
                 :type description: str
                 :param private: Set the |repo| as private. (True | False)
                 :type private: bool
                 :param clone_uri: Update the |repo| clone URI.
                 :type clone_uri: str
                 :param landing_rev: Set the |repo| landing revision. e.g branch:default, book:dev, rev:abcd
                 :type landing_rev: str
                 :param enable_statistics: Enable statistics on the |repo|, (True | False).
                 :type enable_statistics: bool
                 :param enable_locking: Enable |repo| locking.
                 :type enable_locking: bool
                 :param enable_downloads: Enable downloads from the |repo|, (True | False).
                 :type enable_downloads: bool
                 :param fields: Add extra fields to the |repo|. Use the following
                     example format: ``field_key=field_val,field_key2=fieldval2``.
                     Escape ', ' with \,
                 :type fields: str
                 """
                 repo = get_repo_or_error(repoid)
                 include_secrets = False
                 if not has_superadmin_permission(apiuser):
                     validate_repo_permissions(apiuser, repoid, repo, ('repository.admin',))
                 else:
                     include_secrets = True
                 updates = dict(
                     repo_name=repo_name
                     if not isinstance(repo_name, Optional) else repo.repo_name,
                     fork_id=fork_of
                     if not isinstance(fork_of, Optional) else repo.fork.repo_name if repo.fork else None,
                     user=owner
                     if not isinstance(owner, Optional) else repo.user.username,
                     repo_description=description
                     if not isinstance(description, Optional) else repo.description,
                     repo_private=private
                     if not isinstance(private, Optional) else repo.private,
                     clone_uri=clone_uri
                     if not isinstance(clone_uri, Optional) else repo.clone_uri,
                     push_uri=push_uri
                     if not isinstance(push_uri, Optional) else repo.push_uri,
                     repo_landing_rev=landing_rev
                     if not isinstance(landing_rev, Optional) else repo._landing_revision,
                     repo_enable_statistics=enable_statistics
                     if not isinstance(enable_statistics, Optional) else repo.enable_statistics,
                     repo_enable_locking=enable_locking
                     if not isinstance(enable_locking, Optional) else repo.enable_locking,
                     repo_enable_downloads=enable_downloads
                     if not isinstance(enable_downloads, Optional) else repo.enable_downloads)
                 landing_ref, _label = ScmModel.backend_landing_ref(repo.repo_type)
                 ref_choices, _labels = ScmModel().get_repo_landing_revs(
                     request.translate, repo=repo)
                 ref_choices = list(set(ref_choices + [landing_ref]))
                 old_values = repo.get_api_data()
                 repo_type = repo.repo_type
                 schema = repo_schema.RepoSchema().bind(
                     repo_type_options=rhodecode.BACKENDS.keys(),
                     repo_ref_options=ref_choices,
                     repo_type=repo_type,
                     # user caller
                     user=apiuser,
                     old_values=old_values)
                 try:
                     schema_data = schema.deserialize(dict(
                         # we save old value, users cannot change type
                         repo_type=repo_type,
                         repo_name=updates['repo_name'],
                         repo_owner=updates['user'],
                         repo_description=updates['repo_description'],
                         repo_clone_uri=updates['clone_uri'],
                         repo_push_uri=updates['push_uri'],
                         repo_fork_of=updates['fork_id'],
                         repo_private=updates['repo_private'],
                         repo_landing_commit_ref=updates['repo_landing_rev'],
                         repo_enable_statistics=updates['repo_enable_statistics'],
                         repo_enable_downloads=updates['repo_enable_downloads'],
                         repo_enable_locking=updates['repo_enable_locking']))
                 except validation_schema.Invalid as err:
                     raise JSONRPCValidationError(colander_exc=err)
                 # save validated data back into the updates dict
                 validated_updates = dict(
                     repo_name=schema_data['repo_group']['repo_name_without_group'],
                     repo_group=schema_data['repo_group']['repo_group_id'],
                     user=schema_data['repo_owner'],
                     repo_description=schema_data['repo_description'],
                     repo_private=schema_data['repo_private'],
                     clone_uri=schema_data['repo_clone_uri'],
                     push_uri=schema_data['repo_push_uri'],
                     repo_landing_rev=schema_data['repo_landing_commit_ref'],
                     repo_enable_statistics=schema_data['repo_enable_statistics'],
                     repo_enable_locking=schema_data['repo_enable_locking'],
                     repo_enable_downloads=schema_data['repo_enable_downloads'],
                 )
                 if schema_data['repo_fork_of']:
                     fork_repo = get_repo_or_error(schema_data['repo_fork_of'])
                     validated_updates['fork_id'] = fork_repo.repo_id
                 # extra fields
                 fields = parse_args(Optional.extract(fields), key_prefix='ex_')
                 if fields:
                     validated_updates.update(fields)
                 try:
                     RepoModel().update(repo, **validated_updates)
                     audit_logger.store_api(
                         'repo.edit', action_data={'old_data': old_values},
                         user=apiuser, repo=repo)
                     Session().commit()
                     return {
                         'msg': 'updated repo ID:%s %s' % (repo.repo_id, repo.repo_name),
                         'repository': repo.get_api_data(include_secrets=include_secrets)
                     }
                 except Exception:
                     log.exception(
                         u"Exception while trying to update the repository %s",
                         repoid)
                     raise JSONRPCError('failed to update repo `%s`' % repoid)
             @jsonrpc_method()
             def fork_repo(request, apiuser, repoid, fork_name,
                           owner=Optional(OAttr('apiuser')),
                           description=Optional(''),
                           private=Optional(False),
                           clone_uri=Optional(None),
                           landing_rev=Optional(None),
                           copy_permissions=Optional(False)):
                 """
                 Creates a fork of the specified |repo|.
                 * If the fork_name contains "/", fork will be created inside
                   a repository group or nested repository groups
                   For example "foo/bar/fork-repo" will create fork called "fork-repo"
                   inside group "foo/bar". You have to have permissions to access and
                   write to the last repository group ("bar" in this example)
                 This command can only be run using an |authtoken| with minimum
                 read permissions of the forked repo, create fork permissions for an user.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set repository name or repository ID.
                 :type repoid: str or int
                 :param fork_name: Set the fork name, including it's repository group membership.
                 :type fork_name: str
                 :param owner: Set the fork owner.
                 :type owner: str
                 :param description: Set the fork description.
                 :type description: str
                 :param copy_permissions: Copy permissions from parent |repo|. The
                     default is False.
                 :type copy_permissions: bool
                 :param private: Make the fork private. The default is False.
                 :type private: bool
                 :param landing_rev: Set the landing revision. E.g branch:default, book:dev, rev:abcd
                 Example output:
                 .. code-block:: bash
                     id : <id_for_response>
                     api_key : "<api_key>"
                     args:     {
                                 "repoid" :          "<reponame or repo_id>",
                                 "fork_name":        "<forkname>",
                                 "owner":            "<username or user_id = Optional(=apiuser)>",
                                 "description":      "<description>",
                                 "copy_permissions": "<bool>",
                                 "private":          "<bool>",
                                 "landing_rev":      "<landing_rev>"
                               }
                 Example error output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                               "msg": "Created fork of `<reponame>` as `<forkname>`",
                               "success": true,
                               "task": "<celery task id or None if done sync>"
                             }
                     error:  null
                 """
                 repo = get_repo_or_error(repoid)
                 repo_name = repo.repo_name
                 if not has_superadmin_permission(apiuser):
                     # check if we have at least read permission for
                     # this repo that we fork !
                     _perms = (
                         'repository.admin', 'repository.write', 'repository.read')
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                     # check if the regular user has at least fork permissions as well
                     if not HasPermissionAnyApi('hg.fork.repository')(user=apiuser):
                         raise JSONRPCForbidden()
                 # check if user can set owner parameter
                 owner = validate_set_owner_permissions(apiuser, owner)
                 description = Optional.extract(description)
                 copy_permissions = Optional.extract(copy_permissions)
                 clone_uri = Optional.extract(clone_uri)
                 landing_ref, _label = ScmModel.backend_landing_ref(repo.repo_type)
                 ref_choices, _labels = ScmModel().get_repo_landing_revs(request.translate)
                 ref_choices = list(set(ref_choices + [landing_ref]))
                 landing_commit_ref = Optional.extract(landing_rev) or landing_ref
                 private = Optional.extract(private)
                 schema = repo_schema.RepoSchema().bind(
                     repo_type_options=rhodecode.BACKENDS.keys(),
                     repo_ref_options=ref_choices,
                     repo_type=repo.repo_type,
                     # user caller
                     user=apiuser)
                 try:
                     schema_data = schema.deserialize(dict(
                         repo_name=fork_name,
                         repo_type=repo.repo_type,
                         repo_owner=owner.username,
                         repo_description=description,
                         repo_landing_commit_ref=landing_commit_ref,
                         repo_clone_uri=clone_uri,
                         repo_private=private,
                         repo_copy_permissions=copy_permissions))
                 except validation_schema.Invalid as err:
                     raise JSONRPCValidationError(colander_exc=err)
                 try:
                     data = {
                         'fork_parent_id': repo.repo_id,
                         'repo_name': schema_data['repo_group']['repo_name_without_group'],
                         'repo_name_full': schema_data['repo_name'],
                         'repo_group': schema_data['repo_group']['repo_group_id'],
                         'repo_type': schema_data['repo_type'],
                         'description': schema_data['repo_description'],
                         'private': schema_data['repo_private'],
                         'copy_permissions': schema_data['repo_copy_permissions'],
                         'landing_rev': schema_data['repo_landing_commit_ref'],
                     }
                     task = RepoModel().create_fork(data, cur_user=owner.user_id)
                     # no commit, it's done in RepoModel, or async via celery
                     task_id = get_task_id(task)
                     return {
                         'msg': 'Created fork of `%s` as `%s`' % (
                             repo.repo_name, schema_data['repo_name']),
                         'success': True,  # cannot return the repo data here since fork
                         # can be done async
                         'task': task_id
                     }
                 except Exception:
                     log.exception(
                         u"Exception while trying to create fork %s",
                         schema_data['repo_name'])
                     raise JSONRPCError(
                         'failed to fork repository `%s` as `%s`' % (
                             repo_name, schema_data['repo_name']))
             @jsonrpc_method()
             def delete_repo(request, apiuser, repoid, forks=Optional('')):
                 """
                 Deletes a repository.
                 * When the `forks` parameter is set it's possible to detach or delete
                   forks of deleted repository.
                 This command can only be run using an |authtoken| with admin
                 permissions on the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param forks: Set to `detach` or `delete` forks from the |repo|.
                 :type forks: Optional(str)
                 Example error output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                               "msg": "Deleted repository `<reponame>`",
                               "success": true
                             }
                     error:  null
                 """
                 repo = get_repo_or_error(repoid)
                 repo_name = repo.repo_name
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 try:
                     handle_forks = Optional.extract(forks)
                     _forks_msg = ''
                     _forks = [f for f in repo.forks]
                     if handle_forks == 'detach':
                         _forks_msg = ' ' + 'Detached %s forks' % len(_forks)
                     elif handle_forks == 'delete':
                         _forks_msg = ' ' + 'Deleted %s forks' % len(_forks)
                     elif _forks:
                         raise JSONRPCError(
                             'Cannot delete `%s` it still contains attached forks' %
                             (repo.repo_name,)
                         )
                     old_data = repo.get_api_data()
                     RepoModel().delete(repo, forks=forks)
                     repo = audit_logger.RepoWrap(repo_id=None,
                                                  repo_name=repo.repo_name)
                     audit_logger.store_api(
                         'repo.delete', action_data={'old_data': old_data},
                         user=apiuser, repo=repo)
                     ScmModel().mark_for_invalidation(repo_name, delete=True)
                     Session().commit()
                     return {
                         'msg': 'Deleted repository `%s`%s' % (repo_name, _forks_msg),
                         'success': True
                     }
                 except Exception:
                     log.exception("Exception occurred while trying to delete repo")
                     raise JSONRPCError(
                         'failed to delete repository `%s`' % (repo_name,)
                     )
             #TODO: marcink, change name ?
             @jsonrpc_method()
             def invalidate_cache(request, apiuser, repoid, delete_keys=Optional(False)):
                 """
                 Invalidates the cache for the specified repository.
                 This command can only be run using an |authtoken| with admin rights to
                 the specified repository.
                 This command takes the following options:
                 :param apiuser: This is filled automatically from |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Sets the repository name or repository ID.
                 :type repoid: str or int
                 :param delete_keys: This deletes the invalidated keys instead of
                     just flagging them.
                 :type delete_keys: Optional(``True`` | ``False``)
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     'msg': Cache for repository `<repository name>` was invalidated,
                     'repository': <repository name>
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error : {
                      'Error occurred during cache invalidation action'
                   }
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin', 'repository.write',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 delete = Optional.extract(delete_keys)
                 try:
                     ScmModel().mark_for_invalidation(repo.repo_name, delete=delete)
                     return {
                         'msg': 'Cache for repository `%s` was invalidated' % (repoid,),
                         'repository': repo.repo_name
                     }
                 except Exception:
                     log.exception(
                         "Exception occurred while trying to invalidate repo cache")
                     raise JSONRPCError(
                         'Error occurred during cache invalidation action'
                     )
             #TODO: marcink, change name ?
             @jsonrpc_method()
             def lock(request, apiuser, repoid, locked=Optional(None),
                      userid=Optional(OAttr('apiuser'))):
                 """
                 Sets the lock state of the specified |repo| by the given user.
                 From more information, see :ref:`repo-locking`.
                 * If the ``userid`` option is not set, the repository is locked to the
                   user who called the method.
                 * If the ``locked`` parameter is not set, the current lock state of the
                   repository is displayed.
                 This command can only be run using an |authtoken| with admin rights to
                 the specified repository.
                 This command takes the following options:
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Sets the repository name or repository ID.
                 :type repoid: str or int
                 :param locked: Sets the lock state.
                 :type locked: Optional(``True`` | ``False``)
                 :param userid: Set the repository lock to this user.
                 :type userid: Optional(str or int)
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     'repo': '<reponame>',
                     'locked': <bool: lock state>,
                     'locked_since': <int: lock timestamp>,
                     'locked_by': <username of person who made the lock>,
                     'lock_reason': <str: reason for locking>,
                     'lock_state_changed': <bool: True if lock state has been changed in this request>,
                     'msg': 'Repo `<reponame>` locked by `<username>` on <timestamp>.'
                     or
                     'msg': 'Repo `<repository name>` not locked.'
                     or
                     'msg': 'User `<user name>` set lock state for repo `<repository name>` to `<new lock state>`'
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     'Error occurred locking repository `<reponame>`'
                   }
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     # check if we have at least write permission for this repo !
                     _perms = ('repository.admin', 'repository.write',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                     # make sure normal user does not pass someone else userid,
                     # he is not allowed to do that
                     if not isinstance(userid, Optional) and userid != apiuser.user_id:
                         raise JSONRPCError('userid is not the same as your user')
                 if isinstance(userid, Optional):
                     userid = apiuser.user_id
                 user = get_user_or_error(userid)
                 if isinstance(locked, Optional):
                     lockobj = repo.locked
                     if lockobj[0] is None:
                         _d = {
                             'repo': repo.repo_name,
                             'locked': False,
                             'locked_since': None,
                             'locked_by': None,
                             'lock_reason': None,
                             'lock_state_changed': False,
                             'msg': 'Repo `%s` not locked.' % repo.repo_name
                         }
                         return _d
                     else:
                         _user_id, _time, _reason = lockobj
                         lock_user = get_user_or_error(userid)
                         _d = {
                             'repo': repo.repo_name,
                             'locked': True,
                             'locked_since': _time,
                             'locked_by': lock_user.username,
                             'lock_reason': _reason,
                             'lock_state_changed': False,
                             'msg': ('Repo `%s` locked by `%s` on `%s`.'
                                     % (repo.repo_name, lock_user.username,
                                        json.dumps(time_to_datetime(_time))))
                         }
                         return _d
                 # force locked state through a flag
                 else:
                     locked = str2bool(locked)
                     lock_reason = Repository.LOCK_API
                     try:
                         if locked:
                             lock_time = time.time()
                             Repository.lock(repo, user.user_id, lock_time, lock_reason)
                         else:
                             lock_time = None
                             Repository.unlock(repo)
                         _d = {
                             'repo': repo.repo_name,
                             'locked': locked,
                             'locked_since': lock_time,
                             'locked_by': user.username,
                             'lock_reason': lock_reason,
                             'lock_state_changed': True,
                             'msg': ('User `%s` set lock state for repo `%s` to `%s`'
                                     % (user.username, repo.repo_name, locked))
                         }
                         return _d
                     except Exception:
                         log.exception(
                             "Exception occurred while trying to lock repository")
                         raise JSONRPCError(
                             'Error occurred locking repository `%s`' % repo.repo_name
                         )
             @jsonrpc_method()
             def comment_commit(
                     request, apiuser, repoid, commit_id, message, status=Optional(None),
                     comment_type=Optional(ChangesetComment.COMMENT_TYPE_NOTE),
                     resolves_comment_id=Optional(None), extra_recipients=Optional([]),
-                    userid=Optional(OAttr('apiuser'))):
+                    userid=Optional(OAttr('apiuser')), send_email=Optional(True)):
                 """
                 Set a commit comment, and optionally change the status of the commit.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param commit_id: Specify the commit_id for which to set a comment.
                 :type commit_id: str
                 :param message: The comment text.
                 :type message: str
                 :param status: (**Optional**) status of commit, one of: 'not_reviewed',
                     'approved', 'rejected', 'under_review'
                 :type status: str
                 :param comment_type: Comment type, one of: 'note', 'todo'
                 :type comment_type: Optional(str), default: 'note'
                 :param resolves_comment_id: id of comment which this one will resolve
                 :type resolves_comment_id: Optional(int)
                 :param extra_recipients: list of user ids or usernames to add
                     notifications for this comment. Acts like a CC for notification
                 :type extra_recipients: Optional(list)
                 :param userid: Set the user name of the comment creator.
                 :type userid: Optional(str or int)
+                :param send_email: Define if this comment should also send email notification
+                :type send_email: Optional(bool)
                 Example error output:
                 .. code-block:: bash
                     {
                         "id" : <id_given_in_input>,
                         "result" : {
                             "msg": "Commented on commit `<commit_id>` for repository `<repoid>`",
                             "status_change": null or <status>,
                             "success": true
                         },
                         "error" :  null
                     }
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.read', 'repository.write', 'repository.admin')
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 try:
                     commit_id = repo.scm_instance().get_commit(commit_id=commit_id).raw_id
                 except Exception as e:
                     log.exception('Failed to fetch commit')
                     raise JSONRPCError(safe_str(e))
                 if isinstance(userid, Optional):
                     userid = apiuser.user_id
                 user = get_user_or_error(userid)
                 status = Optional.extract(status)
                 comment_type = Optional.extract(comment_type)
                 resolves_comment_id = Optional.extract(resolves_comment_id)
                 extra_recipients = Optional.extract(extra_recipients)
+                send_email = Optional.extract(send_email, binary=True)
                 allowed_statuses = [x[0] for x in ChangesetStatus.STATUSES]
                 if status and status not in allowed_statuses:
                     raise JSONRPCError('Bad status, must be on '
                                        'of %s got %s' % (allowed_statuses, status,))
                 if resolves_comment_id:
                     comment = ChangesetComment.get(resolves_comment_id)
                     if not comment:
                         raise JSONRPCError(
                             'Invalid resolves_comment_id `%s` for this commit.'
                             % resolves_comment_id)
                     if comment.comment_type != ChangesetComment.COMMENT_TYPE_TODO:
                         raise JSONRPCError(
                             'Comment `%s` is wrong type for setting status to resolved.'
                             % resolves_comment_id)
                 try:
                     rc_config = SettingsModel().get_all_settings()
                     renderer = rc_config.get('rhodecode_markup_renderer', 'rst')
                     status_change_label = ChangesetStatus.get_status_lbl(status)
                     comment = CommentsModel().create(
                         message, repo, user, commit_id=commit_id,
                         status_change=status_change_label,
                         status_change_type=status,
                         renderer=renderer,
                         comment_type=comment_type,
                         resolves_comment_id=resolves_comment_id,
                         auth_user=apiuser,
-                        extra_recipients=extra_recipients
+                        extra_recipients=extra_recipients,
+                        send_email=send_email
                     )
                     if status:
                         # also do a status change
                         try:
                             ChangesetStatusModel().set_status(
                                 repo, status, user, comment, revision=commit_id,
                                 dont_allow_on_closed_pull_request=True
                             )
                         except StatusChangeOnClosedPullRequestError:
                             log.exception(
                                 "Exception occurred while trying to change repo commit status")
                             msg = ('Changing status on a changeset associated with '
                                    'a closed pull request is not allowed')
                             raise JSONRPCError(msg)
                     Session().commit()
                     return {
                         'msg': (
                             'Commented on commit `%s` for repository `%s`' % (
                                 comment.revision, repo.repo_name)),
                         'status_change': status,
                         'success': True,
                     }
                 except JSONRPCError:
                     # catch any inside errors, and re-raise them to prevent from
                     # below global catch to silence them
                     raise
                 except Exception:
                     log.exception("Exception occurred while trying to comment on commit")
                     raise JSONRPCError(
                         'failed to set comment on repository `%s`' % (repo.repo_name,)
                     )
             @jsonrpc_method()
             def get_repo_comments(request, apiuser, repoid,
                                   commit_id=Optional(None), comment_type=Optional(None),
                                   userid=Optional(None)):
                 """
                 Get all comments for a repository
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param commit_id: Optionally filter the comments by the commit_id
                 :type commit_id: Optional(str), default: None
                 :param comment_type: Optionally filter the comments by the comment_type
                     one of: 'note', 'todo'
                 :type comment_type: Optional(str), default: None
                 :param userid: Optionally filter the comments by the author of comment
                 :type userid: Optional(str or int), Default: None
                 Example error output:
                 .. code-block:: bash
                     {
                         "id" : <id_given_in_input>,
                         "result" : [
                             {
                               "comment_author": <USER_DETAILS>,
                               "comment_created_on": "2017-02-01T14:38:16.309",
                               "comment_f_path": "file.txt",
                               "comment_id": 282,
                               "comment_lineno": "n1",
                               "comment_resolved_by": null,
                               "comment_status": [],
                               "comment_text": "This file needs a header",
                               "comment_type": "todo"
                             }
                         ],
                         "error" :  null
                     }
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.read', 'repository.write', 'repository.admin')
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 commit_id = Optional.extract(commit_id)
                 userid = Optional.extract(userid)
                 if userid:
                     user = get_user_or_error(userid)
                 else:
                     user = None
                 comment_type = Optional.extract(comment_type)
                 if comment_type and comment_type not in ChangesetComment.COMMENT_TYPES:
                     raise JSONRPCError(
                             'comment_type must be one of `{}` got {}'.format(
                                 ChangesetComment.COMMENT_TYPES, comment_type)
                         )
                 comments = CommentsModel().get_repository_comments(
                     repo=repo, comment_type=comment_type, user=user, commit_id=commit_id)
                 return comments
             @jsonrpc_method()
             def grant_user_permission(request, apiuser, repoid, userid, perm):
                 """
                 Grant permissions for the specified user on the given repository,
                 or update existing permissions if found.
                 This command can only be run using an |authtoken| with admin
                 permissions on the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param userid: Set the user name.
                 :type userid: str
                 :param perm: Set the user permissions, using the following format
                     ``(repository.(none|read|write|admin))``
                 :type perm: str
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                               "msg" : "Granted perm: `<perm>` for user: `<username>` in repo: `<reponame>`",
                               "success": true
                             }
                     error:  null
                 """
                 repo = get_repo_or_error(repoid)
                 user = get_user_or_error(userid)
                 perm = get_perm_or_error(perm)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 perm_additions = [[user.user_id, perm.permission_name, "user"]]
                 try:
                     changes = RepoModel().update_permissions(
                         repo=repo, perm_additions=perm_additions, cur_user=apiuser)
                     action_data = {
                         'added': changes['added'],
                         'updated': changes['updated'],
                         'deleted': changes['deleted'],
                     }
                     audit_logger.store_api(
                         'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
                     Session().commit()
                     PermissionModel().flush_user_permission_caches(changes)
                     return {
                         'msg': 'Granted perm: `%s` for user: `%s` in repo: `%s`' % (
                             perm.permission_name, user.username, repo.repo_name
                         ),
                         'success': True
                     }
                 except Exception:
                     log.exception("Exception occurred while trying edit permissions for repo")
                     raise JSONRPCError(
                         'failed to edit permission for user: `%s` in repo: `%s`' % (
                             userid, repoid
                         )
                     )
             @jsonrpc_method()
             def revoke_user_permission(request, apiuser, repoid, userid):
                 """
                 Revoke permission for a user on the specified repository.
                 This command can only be run using an |authtoken| with admin
                 permissions on the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param userid: Set the user name of revoked user.
                 :type userid: str or int
                 Example error output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                               "msg" : "Revoked perm for user: `<username>` in repo: `<reponame>`",
                               "success": true
                             }
                     error:  null
                 """
                 repo = get_repo_or_error(repoid)
                 user = get_user_or_error(userid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 perm_deletions = [[user.user_id, None, "user"]]
                 try:
                     changes = RepoModel().update_permissions(
                         repo=repo, perm_deletions=perm_deletions, cur_user=user)
                     action_data = {
                         'added': changes['added'],
                         'updated': changes['updated'],
                         'deleted': changes['deleted'],
                     }
                     audit_logger.store_api(
                         'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
                     Session().commit()
                     PermissionModel().flush_user_permission_caches(changes)
                     return {
                         'msg': 'Revoked perm for user: `%s` in repo: `%s`' % (
                             user.username, repo.repo_name
                         ),
                         'success': True
                     }
                 except Exception:
                     log.exception("Exception occurred while trying revoke permissions to repo")
                     raise JSONRPCError(
                         'failed to edit permission for user: `%s` in repo: `%s`' % (
                             userid, repoid
                         )
                     )
             @jsonrpc_method()
             def grant_user_group_permission(request, apiuser, repoid, usergroupid, perm):
                 """
                 Grant permission for a user group on the specified repository,
                 or update existing permissions.
                 This command can only be run using an |authtoken| with admin
                 permissions on the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param usergroupid: Specify the ID of the user group.
                 :type usergroupid: str or int
                 :param perm: Set the user group permissions using the following
                     format: (repository.(none|read|write|admin))
                 :type perm: str
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     "msg" : "Granted perm: `<perm>` for group: `<usersgroupname>` in repo: `<reponame>`",
                     "success": true
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     "failed to edit permission for user group: `<usergroup>` in repo `<repo>`'
                   }
                 """
                 repo = get_repo_or_error(repoid)
                 perm = get_perm_or_error(perm)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 user_group = get_user_group_or_error(usergroupid)
                 if not has_superadmin_permission(apiuser):
                     # check if we have at least read permission for this user group !
                     _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
                     if not HasUserGroupPermissionAnyApi(*_perms)(
                             user=apiuser, user_group_name=user_group.users_group_name):
                         raise JSONRPCError(
                             'user group `%s` does not exist' % (usergroupid,))
                 perm_additions = [[user_group.users_group_id, perm.permission_name, "user_group"]]
                 try:
                     changes = RepoModel().update_permissions(
                         repo=repo, perm_additions=perm_additions, cur_user=apiuser)
                     action_data = {
                         'added': changes['added'],
                         'updated': changes['updated'],
                         'deleted': changes['deleted'],
                     }
                     audit_logger.store_api(
                         'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
                     Session().commit()
                     PermissionModel().flush_user_permission_caches(changes)
                     return {
                         'msg': 'Granted perm: `%s` for user group: `%s` in '
                                'repo: `%s`' % (
                                    perm.permission_name, user_group.users_group_name,
                                    repo.repo_name
                                ),
                         'success': True
                     }
                 except Exception:
                     log.exception(
                         "Exception occurred while trying change permission on repo")
                     raise JSONRPCError(
                         'failed to edit permission for user group: `%s` in '
                         'repo: `%s`' % (
                             usergroupid, repo.repo_name
                         )
                     )
             @jsonrpc_method()
             def revoke_user_group_permission(request, apiuser, repoid, usergroupid):
                 """
                 Revoke the permissions of a user group on a given repository.
                 This command can only be run using an |authtoken| with admin
                 permissions on the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param usergroupid: Specify the user group ID.
                 :type usergroupid: str or int
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                               "msg" : "Revoked perm for group: `<usersgroupname>` in repo: `<reponame>`",
                               "success": true
                             }
                     error:  null
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 user_group = get_user_group_or_error(usergroupid)
                 if not has_superadmin_permission(apiuser):
                     # check if we have at least read permission for this user group !
                     _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
                     if not HasUserGroupPermissionAnyApi(*_perms)(
                             user=apiuser, user_group_name=user_group.users_group_name):
                         raise JSONRPCError(
                             'user group `%s` does not exist' % (usergroupid,))
                 perm_deletions = [[user_group.users_group_id, None, "user_group"]]
                 try:
                     changes = RepoModel().update_permissions(
                         repo=repo, perm_deletions=perm_deletions, cur_user=apiuser)
                     action_data = {
                         'added': changes['added'],
                         'updated': changes['updated'],
                         'deleted': changes['deleted'],
                     }
                     audit_logger.store_api(
                         'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
                     Session().commit()
                     PermissionModel().flush_user_permission_caches(changes)
                     return {
                         'msg': 'Revoked perm for user group: `%s` in repo: `%s`' % (
                             user_group.users_group_name, repo.repo_name
                         ),
                         'success': True
                     }
                 except Exception:
                     log.exception("Exception occurred while trying revoke "
                                   "user group permission on repo")
                     raise JSONRPCError(
                         'failed to edit permission for user group: `%s` in '
                         'repo: `%s`' % (
                             user_group.users_group_name, repo.repo_name
                         )
                     )
             @jsonrpc_method()
             def pull(request, apiuser, repoid, remote_uri=Optional(None)):
                 """
                 Triggers a pull on the given repository from a remote location. You
                 can use this to keep remote repositories up-to-date.
                 This command can only be run using an |authtoken| with admin
                 rights to the specified repository. For more information,
                 see :ref:`config-token-ref`.
                 This command takes the following options:
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository ID.
                 :type repoid: str or int
                 :param remote_uri: Optional remote URI to pass in for pull
                 :type remote_uri: str
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     "msg": "Pulled from url `<remote_url>` on repo `<repository name>`"
                     "repository": "<repository name>"
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     "Unable to push changes from `<remote_url>`"
                   }
                 """
                 repo = get_repo_or_error(repoid)
                 remote_uri = Optional.extract(remote_uri)
                 remote_uri_display = remote_uri or repo.clone_uri_hidden
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 try:
                     ScmModel().pull_changes(
                         repo.repo_name, apiuser.username, remote_uri=remote_uri)
                     return {
                         'msg': 'Pulled from url `%s` on repo `%s`' % (
                             remote_uri_display, repo.repo_name),
                         'repository': repo.repo_name
                     }
                 except Exception:
                     log.exception("Exception occurred while trying to "
                                   "pull changes from remote location")
                     raise JSONRPCError(
                         'Unable to pull changes from `%s`' % remote_uri_display
                     )
             @jsonrpc_method()
             def strip(request, apiuser, repoid, revision, branch):
                 """
                 Strips the given revision from the specified repository.
                 * This will remove the revision and all of its decendants.
                 This command can only be run using an |authtoken| with admin rights to
                 the specified repository.
                 This command takes the following options:
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository ID.
                 :type repoid: str or int
                 :param revision: The revision you wish to strip.
                 :type revision: str
                 :param branch: The branch from which to strip the revision.
                 :type branch: str
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     "msg": "'Stripped commit <commit_hash> from repo `<repository name>`'"
                     "repository": "<repository name>"
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     "Unable to strip commit <commit_hash> from repo `<repository name>`"
                   }
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 try:
                     ScmModel().strip(repo, revision, branch)
                     audit_logger.store_api(
                         'repo.commit.strip', action_data={'commit_id': revision},
                         repo=repo,
                         user=apiuser, commit=True)
                     return {
                         'msg': 'Stripped commit %s from repo `%s`' % (
                             revision, repo.repo_name),
                         'repository': repo.repo_name
                     }
                 except Exception:
                     log.exception("Exception while trying to strip")
                     raise JSONRPCError(
                         'Unable to strip commit %s from repo `%s`' % (
                             revision, repo.repo_name)
                     )
             @jsonrpc_method()
             def get_repo_settings(request, apiuser, repoid, key=Optional(None)):
                 """
                 Returns all settings for a repository. If key is given it only returns the
                 setting identified by the key or null.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository id.
                 :type repoid: str or int
                 :param key: Key of the setting to return.
                 :type: key: Optional(str)
                 Example output:
                 .. code-block:: bash
                     {
                         "error": null,
                         "id": 237,
                         "result": {
                             "extensions_largefiles": true,
                             "extensions_evolve": true,
                             "hooks_changegroup_push_logger": true,
                             "hooks_changegroup_repo_size": false,
                             "hooks_outgoing_pull_logger": true,
                             "phases_publish": "True",
                             "rhodecode_hg_use_rebase_for_merging": true,
                             "rhodecode_pr_merge_enabled": true,
                             "rhodecode_use_outdated_comments": true
                         }
                     }
                 """
                 # Restrict access to this api method to admins only.
                 if not has_superadmin_permission(apiuser):
                     raise JSONRPCForbidden()
                 try:
                     repo = get_repo_or_error(repoid)
                     settings_model = VcsSettingsModel(repo=repo)
                     settings = settings_model.get_global_settings()
                     settings.update(settings_model.get_repo_settings())
                     # If only a single setting is requested fetch it from all settings.
                     key = Optional.extract(key)
                     if key is not None:
                         settings = settings.get(key, None)
                 except Exception:
                     msg = 'Failed to fetch settings for repository `{}`'.format(repoid)
                     log.exception(msg)
                     raise JSONRPCError(msg)
                 return settings
             @jsonrpc_method()
             def set_repo_settings(request, apiuser, repoid, settings):
                 """
                 Update repository settings. Returns true on success.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository id.
                 :type repoid: str or int
                 :param settings: The new settings for the repository.
                 :type: settings: dict
                 Example output:
                 .. code-block:: bash
                     {
                         "error": null,
                         "id": 237,
                         "result": true
                     }
                 """
                 # Restrict access to this api method to admins only.
                 if not has_superadmin_permission(apiuser):
                     raise JSONRPCForbidden()
                 if type(settings) is not dict:
                     raise JSONRPCError('Settings have to be a JSON Object.')
                 try:
                     settings_model = VcsSettingsModel(repo=repoid)
                     # Merge global, repo and incoming settings.
                     new_settings = settings_model.get_global_settings()
                     new_settings.update(settings_model.get_repo_settings())
                     new_settings.update(settings)
                     # Update the settings.
                     inherit_global_settings = new_settings.get(
                         'inherit_global_settings', False)
                     settings_model.create_or_update_repo_settings(
                         new_settings, inherit_global_settings=inherit_global_settings)
                     Session().commit()
                 except Exception:
                     msg = 'Failed to update settings for repository `{}`'.format(repoid)
                     log.exception(msg)
                     raise JSONRPCError(msg)
                 # Indicate success.
                 return True
             @jsonrpc_method()
             def maintenance(request, apiuser, repoid):
                 """
                 Triggers a maintenance on the given repository.
                 This command can only be run using an |authtoken| with admin
                 rights to the specified repository. For more information,
                 see :ref:`config-token-ref`.
                 This command takes the following options:
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository ID.
                 :type repoid: str or int
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     "msg": "executed maintenance command",
                     "executed_actions": [
                        <action_message>, <action_message2>...
                     ],
                     "repository": "<repository name>"
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     "Unable to execute maintenance on `<reponame>`"
                   }
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     validate_repo_permissions(apiuser, repoid, repo, _perms)
                 try:
                     maintenance = repo_maintenance.RepoMaintenance()
                     executed_actions = maintenance.execute(repo)
                     return {
                         'msg': 'executed maintenance command',
                         'executed_actions': executed_actions,
                         'repository': repo.repo_name
                     }
                 except Exception:
                     log.exception("Exception occurred while trying to run maintenance")
                     raise JSONRPCError(
                         'Unable to execute maintenance on `%s`' % repo.repo_name)

rhodecode/api/views/server_api.py

0 +3 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2011-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
-            import inspect
             import logging
             import itertools
             import base64
             from pyramid import compat
             from rhodecode.api import (
                 jsonrpc_method, JSONRPCError, JSONRPCForbidden, find_methods)
             from rhodecode.api.utils import (
                 Optional, OAttr, has_superadmin_permission, get_user_or_error)
             from rhodecode.lib.utils import repo2db_mapper
             from rhodecode.lib import system_info
             from rhodecode.lib import user_sessions
             from rhodecode.lib import exc_tracking
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.utils2 import safe_int
             from rhodecode.model.db import UserIpMap
             from rhodecode.model.scm import ScmModel
             from rhodecode.model.settings import VcsSettingsModel
             from rhodecode.apps.file_store import utils
             from rhodecode.apps.file_store.exceptions import FileNotAllowedException, \
                 FileOverSizeException
             log = logging.getLogger(__name__)
             @jsonrpc_method()
             def get_server_info(request, apiuser):
                 """
                 Returns the |RCE| server information.
                 This includes the running version of |RCE| and all installed
                 packages. This command takes the following options:
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     'modules': [<module name>,...]
                     'py_version': <python version>,
                     'platform': <platform type>,
                     'rhodecode_version': <rhodecode version>
                   }
                   error :  null
                 """
                 if not has_superadmin_permission(apiuser):
                     raise JSONRPCForbidden()
                 server_info = ScmModel().get_server_info(request.environ)
                 # rhodecode-index requires those
                 server_info['index_storage'] = server_info['search']['value']['location']
                 server_info['storage'] = server_info['storage']['value']['path']
                 return server_info
             @jsonrpc_method()
             def get_repo_store(request, apiuser):
                 """
                 Returns the |RCE| repository storage information.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     'modules': [<module name>,...]
                     'py_version': <python version>,
                     'platform': <platform type>,
                     'rhodecode_version': <rhodecode version>
                   }
                   error :  null
                 """
                 if not has_superadmin_permission(apiuser):
                     raise JSONRPCForbidden()
                 path = VcsSettingsModel().get_repos_location()
                 return {"path": path}
             @jsonrpc_method()
             def get_ip(request, apiuser, userid=Optional(OAttr('apiuser'))):
                 """
                 Displays the IP Address as seen from the |RCE| server.
                 * This command displays the IP Address, as well as all the defined IP
                   addresses for the specified user. If the ``userid`` is not set, the
                   data returned is for the user calling the method.
                 This command can only be run using an |authtoken| with admin rights to
                 the specified repository.
                 This command takes the following options:
                 :param apiuser: This is filled automatically from |authtoken|.
                 :type apiuser: AuthUser
                 :param userid: Sets the userid for which associated IP Address data
                     is returned.
                 :type userid: Optional(str or int)
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result : {
                                  "server_ip_addr": "<ip_from_clien>",
                                  "user_ips": [
                                                 {
                                                    "ip_addr": "<ip_with_mask>",
                                                    "ip_range": ["<start_ip>", "<end_ip>"],
                                                 },
                                                 ...
                                              ]
                     }
                 """
                 if not has_superadmin_permission(apiuser):
                     raise JSONRPCForbidden()
                 userid = Optional.extract(userid, evaluate_locals=locals())
                 userid = getattr(userid, 'user_id', userid)
                 user = get_user_or_error(userid)
                 ips = UserIpMap.query().filter(UserIpMap.user == user).all()
                 return {
                     'server_ip_addr': request.rpc_ip_addr,
                     'user_ips': ips
                 }
             @jsonrpc_method()
             def rescan_repos(request, apiuser, remove_obsolete=Optional(False)):
                 """
                 Triggers a rescan of the specified repositories.
                 * If the ``remove_obsolete`` option is set, it also deletes repositories
                   that are found in the database but not on the file system, so called
                   "clean zombies".
                 This command can only be run using an |authtoken| with admin rights to
                 the specified repository.
                 This command takes the following options:
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param remove_obsolete: Deletes repositories from the database that
                     are not found on the filesystem.
                 :type remove_obsolete: Optional(``True`` | ``False``)
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     'added': [<added repository name>,...]
                     'removed': [<removed repository name>,...]
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     'Error occurred during rescan repositories action'
                   }
                 """
                 if not has_superadmin_permission(apiuser):
                     raise JSONRPCForbidden()
                 try:
                     rm_obsolete = Optional.extract(remove_obsolete)
                     added, removed = repo2db_mapper(ScmModel().repo_scan(),
                                                     remove_obsolete=rm_obsolete)
                     return {'added': added, 'removed': removed}
                 except Exception:
                     log.exception('Failed to run repo rescann')
                     raise JSONRPCError(
                         'Error occurred during rescan repositories action'
                     )
             @jsonrpc_method()
             def cleanup_sessions(request, apiuser, older_then=Optional(60)):
                 """
                 Triggers a session cleanup action.
                 If the ``older_then`` option is set, only sessions that hasn't been
                 accessed in the given number of days will be removed.
                 This command can only be run using an |authtoken| with admin rights to
                 the specified repository.
                 This command takes the following options:
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param older_then: Deletes session that hasn't been accessed
                     in given number of days.
                 :type older_then: Optional(int)
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result: {
                     "backend": "<type of backend>",
                     "sessions_removed": <number_of_removed_sessions>
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     'Error occurred during session cleanup'
                   }
                 """
                 if not has_superadmin_permission(apiuser):
                     raise JSONRPCForbidden()
                 older_then = safe_int(Optional.extract(older_then)) or 60
                 older_than_seconds = 60 * 60 * 24 * older_then
                 config = system_info.rhodecode_config().get_value()['value']['config']
                 session_model = user_sessions.get_session_handler(
                     config.get('beaker.session.type', 'memory'))(config)
                 backend = session_model.SESSION_TYPE
                 try:
                     cleaned = session_model.clean_sessions(
                         older_than_seconds=older_than_seconds)
                     return {'sessions_removed': cleaned, 'backend': backend}
                 except user_sessions.CleanupCommand as msg:
                     return {'cleanup_command': msg.message, 'backend': backend}
                 except Exception as e:
                     log.exception('Failed session cleanup')
                     raise JSONRPCError(
                         'Error occurred during session cleanup'
                     )
             @jsonrpc_method()
             def get_method(request, apiuser, pattern=Optional('*')):
                 """
                 Returns list of all available API methods. By default match pattern
                 os "*" but any other pattern can be specified. eg *comment* will return
                 all methods with comment inside them. If just single method is matched
                 returned data will also include method specification
                 This command can only be run using an |authtoken| with admin rights to
                 the specified repository.
                 This command takes the following options:
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param pattern: pattern to match method names against
                 :type pattern: Optional("*")
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   "result": [
                     "changeset_comment",
                     "comment_pull_request",
                     "comment_commit"
                   ]
                   error :  null
                 .. code-block:: bash
                   id : <id_given_in_input>
                   "result": [
                     "comment_commit",
                     {
                       "apiuser": "<RequiredType>",
                       "comment_type": "<Optional:u'note'>",
                       "commit_id": "<RequiredType>",
                       "message": "<RequiredType>",
                       "repoid": "<RequiredType>",
                       "request": "<RequiredType>",
                       "resolves_comment_id": "<Optional:None>",
                       "status": "<Optional:None>",
                       "userid": "<Optional:<OptionalAttr:apiuser>>"
                     }
                   ]
                   error :  null
                 """
+                from rhodecode.config.patches import inspect_getargspec
+                inspect = inspect_getargspec()
                 if not has_superadmin_permission(apiuser):
                     raise JSONRPCForbidden()
                 pattern = Optional.extract(pattern)
                 matches = find_methods(request.registry.jsonrpc_methods, pattern)
                 args_desc = []
                 if len(matches) == 1:
                     func = matches[matches.keys()[0]]
                     argspec = inspect.getargspec(func)
                     arglist = argspec[0]
                     defaults = map(repr, argspec[3] or [])
                     default_empty = '<RequiredType>'
                     # kw arguments required by this method
                     func_kwargs = dict(itertools.izip_longest(
                         reversed(arglist), reversed(defaults), fillvalue=default_empty))
                     args_desc.append(func_kwargs)
                 return matches.keys() + args_desc
             @jsonrpc_method()
             def store_exception(request, apiuser, exc_data_json, prefix=Optional('rhodecode')):
                 """
                 Stores sent exception inside the built-in exception tracker in |RCE| server.
                 This command can only be run using an |authtoken| with admin rights to
                 the specified repository.
                 This command takes the following options:
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param exc_data_json: JSON data with exception e.g
                     {"exc_traceback": "Value `1` is not allowed", "exc_type_name": "ValueError"}
                 :type exc_data_json: JSON data
                 :param prefix: prefix for error type, e.g 'rhodecode', 'vcsserver', 'rhodecode-tools'
                 :type prefix: Optional("rhodecode")
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   "result": {
                     "exc_id": 139718459226384,
                     "exc_url": "http://localhost:8080/_admin/settings/exceptions/139718459226384"
                   }
                   error :  null
                 """
                 if not has_superadmin_permission(apiuser):
                     raise JSONRPCForbidden()
                 prefix = Optional.extract(prefix)
                 exc_id = exc_tracking.generate_id()
                 try:
                     exc_data = json.loads(exc_data_json)
                 except Exception:
                     log.error('Failed to parse JSON: %r', exc_data_json)
                     raise JSONRPCError('Failed to parse JSON data from exc_data_json field. '
                                        'Please make sure it contains a valid JSON.')
                 try:
                     exc_traceback = exc_data['exc_traceback']
                     exc_type_name = exc_data['exc_type_name']
                 except KeyError as err:
                     raise JSONRPCError('Missing exc_traceback, or exc_type_name '
                                        'in exc_data_json field. Missing: {}'.format(err))
                 exc_tracking._store_exception(
                     exc_id=exc_id, exc_traceback=exc_traceback,
                     exc_type_name=exc_type_name, prefix=prefix)
                 exc_url = request.route_url(
                     'admin_settings_exception_tracker_show', exception_id=exc_id)
                 return {'exc_id': exc_id, 'exc_url': exc_url}

rhodecode/apps/_base/__init__.py

0 +2 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import time
             import logging
             import operator
             from pyramid import compat
             from pyramid.httpexceptions import HTTPFound, HTTPForbidden, HTTPBadRequest
             from rhodecode.lib import helpers as h, diffs, rc_cache
             from rhodecode.lib.utils2 import (
                 StrictAttributeDict, str2bool, safe_int, datetime_to_time, safe_unicode)
             from rhodecode.lib.markup_renderer import MarkupRenderer, relative_links
             from rhodecode.lib.vcs.backends.base import EmptyCommit
             from rhodecode.lib.vcs.exceptions import RepositoryRequirementError
             from rhodecode.model import repo
             from rhodecode.model import repo_group
             from rhodecode.model import user_group
             from rhodecode.model import user
             from rhodecode.model.db import User
             from rhodecode.model.scm import ScmModel
-            from rhodecode.model.settings import VcsSettingsModel
+            from rhodecode.model.settings import VcsSettingsModel, IssueTrackerSettingsModel
             from rhodecode.model.repo import ReadmeFinder
             log = logging.getLogger(__name__)
             ADMIN_PREFIX = '/_admin'
             STATIC_FILE_PREFIX = '/_static'
             URL_NAME_REQUIREMENTS = {
                 # group name can have a slash in them, but they must not end with a slash
                 'group_name': r'.*?[^/]',
                 'repo_group_name': r'.*?[^/]',
                 # repo names can have a slash in them, but they must not end with a slash
                 'repo_name': r'.*?[^/]',
                 # file path eats up everything at the end
                 'f_path': r'.*',
                 # reference types
                 'source_ref_type': '(branch|book|tag|rev|\%\(source_ref_type\)s)',
                 'target_ref_type': '(branch|book|tag|rev|\%\(target_ref_type\)s)',
             }
             def add_route_with_slash(config,name, pattern, **kw):
                 config.add_route(name, pattern, **kw)
                 if not pattern.endswith('/'):
                     config.add_route(name + '_slash', pattern + '/', **kw)
             def add_route_requirements(route_path, requirements=None):
                 """
                 Adds regex requirements to pyramid routes using a mapping dict
                 e.g::
                     add_route_requirements('{repo_name}/settings')
                 """
                 requirements = requirements or URL_NAME_REQUIREMENTS
                 for key, regex in requirements.items():
                     route_path = route_path.replace('{%s}' % key, '{%s:%s}' % (key, regex))
                 return route_path
             def get_format_ref_id(repo):
                 """Returns a `repo` specific reference formatter function"""
                 if h.is_svn(repo):
                     return _format_ref_id_svn
                 else:
                     return _format_ref_id
             def _format_ref_id(name, raw_id):
                 """Default formatting of a given reference `name`"""
                 return name
             def _format_ref_id_svn(name, raw_id):
                 """Special way of formatting a reference for Subversion including path"""
                 return '%s@%s' % (name, raw_id)
             class TemplateArgs(StrictAttributeDict):
                 pass
             class BaseAppView(object):
                 def __init__(self, context, request):
                     self.request = request
                     self.context = context
                     self.session = request.session
                     if not hasattr(request, 'user'):
                         # NOTE(marcink): edge case, we ended up in matched route
                         # but probably of web-app context, e.g API CALL/VCS CALL
                         if hasattr(request, 'vcs_call') or hasattr(request, 'rpc_method'):
                             log.warning('Unable to process request `%s` in this scope', request)
                             raise HTTPBadRequest()
                     self._rhodecode_user = request.user  # auth user
                     self._rhodecode_db_user = self._rhodecode_user.get_instance()
                     self._maybe_needs_password_change(
                         request.matched_route.name, self._rhodecode_db_user)
                 def _maybe_needs_password_change(self, view_name, user_obj):
                     log.debug('Checking if user %s needs password change on view %s',
                               user_obj, view_name)
                     skip_user_views = [
                         'logout', 'login',
                         'my_account_password', 'my_account_password_update'
                     ]
                     if not user_obj:
                         return
                     if user_obj.username == User.DEFAULT_USER:
                         return
                     now = time.time()
                     should_change = user_obj.user_data.get('force_password_change')
                     change_after = safe_int(should_change) or 0
                     if should_change and now > change_after:
                         log.debug('User %s requires password change', user_obj)
                         h.flash('You are required to change your password', 'warning',
                                 ignore_duplicate=True)
                         if view_name not in skip_user_views:
                             raise HTTPFound(
                                 self.request.route_path('my_account_password'))
                 def _log_creation_exception(self, e, repo_name):
                     _ = self.request.translate
                     reason = None
                     if len(e.args) == 2:
                         reason = e.args[1]
                     if reason == 'INVALID_CERTIFICATE':
                         log.exception(
                             'Exception creating a repository: invalid certificate')
                         msg = (_('Error creating repository %s: invalid certificate')
                                % repo_name)
                     else:
                         log.exception("Exception creating a repository")
                         msg = (_('Error creating repository %s')
                                % repo_name)
                     return msg
                 def _get_local_tmpl_context(self, include_app_defaults=True):
                     c = TemplateArgs()
                     c.auth_user = self.request.user
                     # TODO(marcink): migrate the usage of c.rhodecode_user to c.auth_user
                     c.rhodecode_user = self.request.user
                     if include_app_defaults:
                         from rhodecode.lib.base import attach_context_attributes
                         attach_context_attributes(c, self.request, self.request.user.user_id)
                     c.is_super_admin = c.auth_user.is_admin
                     c.can_create_repo = c.is_super_admin
                     c.can_create_repo_group = c.is_super_admin
                     c.can_create_user_group = c.is_super_admin
                     c.is_delegated_admin = False
                     if not c.auth_user.is_default and not c.is_super_admin:
                         c.can_create_repo = h.HasPermissionAny('hg.create.repository')(
                             user=self.request.user)
                         repositories = c.auth_user.repositories_admin or c.can_create_repo
                         c.can_create_repo_group = h.HasPermissionAny('hg.repogroup.create.true')(
                             user=self.request.user)
                         repository_groups = c.auth_user.repository_groups_admin or c.can_create_repo_group
                         c.can_create_user_group = h.HasPermissionAny('hg.usergroup.create.true')(
                             user=self.request.user)
                         user_groups = c.auth_user.user_groups_admin or c.can_create_user_group
                         # delegated admin can create, or manage some objects
                         c.is_delegated_admin = repositories or repository_groups or user_groups
                     return c
                 def _get_template_context(self, tmpl_args, **kwargs):
                     local_tmpl_args = {
                         'defaults': {},
                         'errors': {},
                         'c': tmpl_args
                     }
                     local_tmpl_args.update(kwargs)
                     return local_tmpl_args
                 def load_default_context(self):
                     """
                     example:
                     def load_default_context(self):
                         c = self._get_local_tmpl_context()
                         c.custom_var = 'foobar'
                         return c
                     """
                     raise NotImplementedError('Needs implementation in view class')
             class RepoAppView(BaseAppView):
                 def __init__(self, context, request):
                     super(RepoAppView, self).__init__(context, request)
                     self.db_repo = request.db_repo
                     self.db_repo_name = self.db_repo.repo_name
                     self.db_repo_pull_requests = ScmModel().get_pull_requests(self.db_repo)
                     self.db_repo_artifacts = ScmModel().get_artifacts(self.db_repo)
+                    self.db_repo_patterns = IssueTrackerSettingsModel(repo=self.db_repo)
                 def _handle_missing_requirements(self, error):
                     log.error(
                         'Requirements are missing for repository %s: %s',
                         self.db_repo_name, safe_unicode(error))
                 def _get_local_tmpl_context(self, include_app_defaults=True):
                     _ = self.request.translate
                     c = super(RepoAppView, self)._get_local_tmpl_context(
                         include_app_defaults=include_app_defaults)
                     # register common vars for this type of view
                     c.rhodecode_db_repo = self.db_repo
                     c.repo_name = self.db_repo_name
                     c.repository_pull_requests = self.db_repo_pull_requests
                     c.repository_artifacts = self.db_repo_artifacts
                     c.repository_is_user_following = ScmModel().is_following_repo(
                         self.db_repo_name, self._rhodecode_user.user_id)
                     self.path_filter = PathFilter(None)
                     c.repository_requirements_missing = {}
                     try:
                         self.rhodecode_vcs_repo = self.db_repo.scm_instance()
                         # NOTE(marcink):
                         # comparison to None since if it's an object __bool__ is expensive to
                         # calculate
                         if self.rhodecode_vcs_repo is not None:
                             path_perms = self.rhodecode_vcs_repo.get_path_permissions(
                                 c.auth_user.username)
                             self.path_filter = PathFilter(path_perms)
                     except RepositoryRequirementError as e:
                         c.repository_requirements_missing = {'error': str(e)}
                         self._handle_missing_requirements(e)
                         self.rhodecode_vcs_repo = None
                     c.path_filter = self.path_filter  # used by atom_feed_entry.mako
                     if self.rhodecode_vcs_repo is None:
                         # unable to fetch this repo as vcs instance, report back to user
                         h.flash(_(
                             "The repository `%(repo_name)s` cannot be loaded in filesystem. "
                             "Please check if it exist, or is not damaged.") %
                                 {'repo_name': c.repo_name},
                                 category='error', ignore_duplicate=True)
                         if c.repository_requirements_missing:
                             route = self.request.matched_route.name
                             if route.startswith(('edit_repo', 'repo_summary')):
                                 # allow summary and edit repo on missing requirements
                                 return c
                             raise HTTPFound(
                                 h.route_path('repo_summary', repo_name=self.db_repo_name))
                         else:  # redirect if we don't show missing requirements
                             raise HTTPFound(h.route_path('home'))
                     c.has_origin_repo_read_perm = False
                     if self.db_repo.fork:
                         c.has_origin_repo_read_perm = h.HasRepoPermissionAny(
                             'repository.write', 'repository.read', 'repository.admin')(
                             self.db_repo.fork.repo_name, 'summary fork link')
                     return c
                 def _get_f_path_unchecked(self, matchdict, default=None):
                     """
                     Should only be used by redirects, everything else should call _get_f_path
                     """
                     f_path = matchdict.get('f_path')
                     if f_path:
                         # fix for multiple initial slashes that causes errors for GIT
                         return f_path.lstrip('/')
                     return default
                 def _get_f_path(self, matchdict, default=None):
                     f_path_match = self._get_f_path_unchecked(matchdict, default)
                     return self.path_filter.assert_path_permissions(f_path_match)
                 def _get_general_setting(self, target_repo, settings_key, default=False):
                     settings_model = VcsSettingsModel(repo=target_repo)
                     settings = settings_model.get_general_settings()
                     return settings.get(settings_key, default)
                 def _get_repo_setting(self, target_repo, settings_key, default=False):
                     settings_model = VcsSettingsModel(repo=target_repo)
                     settings = settings_model.get_repo_settings_inherited()
                     return settings.get(settings_key, default)
                 def _get_readme_data(self, db_repo, renderer_type, commit_id=None, path='/'):
                     log.debug('Looking for README file at path %s', path)
                     if commit_id:
                         landing_commit_id = commit_id
                     else:
                         landing_commit = db_repo.get_landing_commit()
                         if isinstance(landing_commit, EmptyCommit):
                             return None, None
                         landing_commit_id = landing_commit.raw_id
                     cache_namespace_uid = 'cache_repo.{}'.format(db_repo.repo_id)
                     region = rc_cache.get_or_create_region('cache_repo', cache_namespace_uid)
                     start = time.time()
                     @region.conditional_cache_on_arguments(namespace=cache_namespace_uid)
                     def generate_repo_readme(repo_id, _commit_id, _repo_name, _readme_search_path, _renderer_type):
                         readme_data = None
                         readme_filename = None
                         commit = db_repo.get_commit(_commit_id)
                         log.debug("Searching for a README file at commit %s.", _commit_id)
                         readme_node = ReadmeFinder(_renderer_type).search(commit, path=_readme_search_path)
                         if readme_node:
                             log.debug('Found README node: %s', readme_node)
                             relative_urls = {
                                 'raw': h.route_path(
                                     'repo_file_raw', repo_name=_repo_name,
                                     commit_id=commit.raw_id, f_path=readme_node.path),
                                 'standard': h.route_path(
                                     'repo_files', repo_name=_repo_name,
                                     commit_id=commit.raw_id, f_path=readme_node.path),
                             }
                             readme_data = self._render_readme_or_none(commit, readme_node, relative_urls)
                             readme_filename = readme_node.unicode_path
                         return readme_data, readme_filename
                     readme_data, readme_filename = generate_repo_readme(
                         db_repo.repo_id, landing_commit_id, db_repo.repo_name, path, renderer_type,)
                     compute_time = time.time() - start
                     log.debug('Repo README for path %s generated and computed in %.4fs',
                               path, compute_time)
                     return readme_data, readme_filename
                 def _render_readme_or_none(self, commit, readme_node, relative_urls):
                     log.debug('Found README file `%s` rendering...', readme_node.path)
                     renderer = MarkupRenderer()
                     try:
                         html_source = renderer.render(
                             readme_node.content, filename=readme_node.path)
                         if relative_urls:
                             return relative_links(html_source, relative_urls)
                         return html_source
                     except Exception:
                         log.exception(
                             "Exception while trying to render the README")
                 def get_recache_flag(self):
                     for flag_name in ['force_recache', 'force-recache', 'no-cache']:
                         flag_val = self.request.GET.get(flag_name)
                         if str2bool(flag_val):
                             return True
                     return False
             class PathFilter(object):
                 # Expects and instance of BasePathPermissionChecker or None
                 def __init__(self, permission_checker):
                     self.permission_checker = permission_checker
                 def assert_path_permissions(self, path):
                     if self.path_access_allowed(path):
                         return path
                     raise HTTPForbidden()
                 def path_access_allowed(self, path):
                     log.debug('Checking ACL permissions for PathFilter for `%s`', path)
                     if self.permission_checker:
                         return path and self.permission_checker.has_access(path)
                     return True
                 def filter_patchset(self, patchset):
                     if not self.permission_checker or not patchset:
                         return patchset, False
                     had_filtered = False
                     filtered_patchset = []
                     for patch in patchset:
                         filename = patch.get('filename', None)
                         if not filename or self.permission_checker.has_access(filename):
                             filtered_patchset.append(patch)
                         else:
                             had_filtered = True
                     if had_filtered:
                         if isinstance(patchset, diffs.LimitedDiffContainer):
                             filtered_patchset = diffs.LimitedDiffContainer(patchset.diff_limit, patchset.cur_diff_size, filtered_patchset)
                         return filtered_patchset, True
                     else:
                         return patchset, False
                 def render_patchset_filtered(self, diffset, patchset, source_ref=None, target_ref=None):
                     filtered_patchset, has_hidden_changes = self.filter_patchset(patchset)
                     result = diffset.render_patchset(
                         filtered_patchset, source_ref=source_ref, target_ref=target_ref)
                     result.has_hidden_changes = has_hidden_changes
                     return result
                 def get_raw_patch(self, diff_processor):
                     if self.permission_checker is None:
                         return diff_processor.as_raw()
                     elif self.permission_checker.has_full_access:
                         return diff_processor.as_raw()
                     else:
                         return '# Repository has user-specific filters, raw patch generation is disabled.'
                 @property
                 def is_enabled(self):
                     return self.permission_checker is not None
             class RepoGroupAppView(BaseAppView):
                 def __init__(self, context, request):
                     super(RepoGroupAppView, self).__init__(context, request)
                     self.db_repo_group = request.db_repo_group
                     self.db_repo_group_name = self.db_repo_group.group_name
                 def _get_local_tmpl_context(self, include_app_defaults=True):
                     _ = self.request.translate
                     c = super(RepoGroupAppView, self)._get_local_tmpl_context(
                         include_app_defaults=include_app_defaults)
                     c.repo_group = self.db_repo_group
                     return c
                 def _revoke_perms_on_yourself(self, form_result):
                     _updates = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),
                                       form_result['perm_updates'])
                     _additions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),
                                         form_result['perm_additions'])
                     _deletions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),
                                         form_result['perm_deletions'])
                     admin_perm = 'group.admin'
                     if _updates and _updates[0][1] != admin_perm or \
                        _additions and _additions[0][1] != admin_perm or \
                        _deletions and _deletions[0][1] != admin_perm:
                         return True
                     return False
             class UserGroupAppView(BaseAppView):
                 def __init__(self, context, request):
                     super(UserGroupAppView, self).__init__(context, request)
                     self.db_user_group = request.db_user_group
                     self.db_user_group_name = self.db_user_group.users_group_name
             class UserAppView(BaseAppView):
                 def __init__(self, context, request):
                     super(UserAppView, self).__init__(context, request)
                     self.db_user = request.db_user
                     self.db_user_id = self.db_user.user_id
                     _ = self.request.translate
                     if not request.db_user_supports_default:
                         if self.db_user.username == User.DEFAULT_USER:
                             h.flash(_("Editing user `{}` is disabled.".format(
                                 User.DEFAULT_USER)), category='warning')
                             raise HTTPFound(h.route_path('users'))
             class DataGridAppView(object):
                 """
                 Common class to have re-usable grid rendering components
                 """
                 def _extract_ordering(self, request, column_map=None):
                     column_map = column_map or {}
                     column_index = safe_int(request.GET.get('order[0][column]'))
                     order_dir = request.GET.get(
                         'order[0][dir]', 'desc')
                     order_by = request.GET.get(
                         'columns[%s][data][sort]' % column_index, 'name_raw')
                     # translate datatable to DB columns
                     order_by = column_map.get(order_by) or order_by
                     search_q = request.GET.get('search[value]')
                     return search_q, order_by, order_dir
                 def _extract_chunk(self, request):
                     start = safe_int(request.GET.get('start'), 0)
                     length = safe_int(request.GET.get('length'), 25)
                     draw = safe_int(request.GET.get('draw'))
                     return draw, start, length
                 def _get_order_col(self, order_by, model):
                     if isinstance(order_by, compat.string_types):
                         try:
                             return operator.attrgetter(order_by)(model)
                         except AttributeError:
                             return None
                     else:
                         return order_by
             class BaseReferencesView(RepoAppView):
                 """
                 Base for reference view for branches, tags and bookmarks.
                 """
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     return c
                 def load_refs_context(self, ref_items, partials_template):
                     _render = self.request.get_partial_renderer(partials_template)
                     pre_load = ["author", "date", "message", "parents"]
                     is_svn = h.is_svn(self.rhodecode_vcs_repo)
                     is_hg = h.is_hg(self.rhodecode_vcs_repo)
                     format_ref_id = get_format_ref_id(self.rhodecode_vcs_repo)
                     closed_refs = {}
                     if is_hg:
                         closed_refs = self.rhodecode_vcs_repo.branches_closed
                     data = []
                     for ref_name, commit_id in ref_items:
                         commit = self.rhodecode_vcs_repo.get_commit(
                             commit_id=commit_id, pre_load=pre_load)
                         closed = ref_name in closed_refs
                         # TODO: johbo: Unify generation of reference links
                         use_commit_id = '/' in ref_name or is_svn
                         if use_commit_id:
                             files_url = h.route_path(
                                 'repo_files',
                                 repo_name=self.db_repo_name,
                                 f_path=ref_name if is_svn else '',
                                 commit_id=commit_id)
                         else:
                             files_url = h.route_path(
                                 'repo_files',
                                 repo_name=self.db_repo_name,
                                 f_path=ref_name if is_svn else '',
                                 commit_id=ref_name,
                                 _query=dict(at=ref_name))
                         data.append({
                             "name": _render('name', ref_name, files_url, closed),
                             "name_raw": ref_name,
                             "date": _render('date', commit.date),
                             "date_raw": datetime_to_time(commit.date),
                             "author": _render('author', commit.author),
                             "commit": _render(
                                 'commit', commit.message, commit.raw_id, commit.idx),
                             "commit_raw": commit.idx,
                             "compare": _render(
                                 'compare', format_ref_id(ref_name, commit.raw_id)),
                         })
                     return data
             class RepoRoutePredicate(object):
                 def __init__(self, val, config):
                     self.val = val
                 def text(self):
                     return 'repo_route = %s' % self.val
                 phash = text
                 def __call__(self, info, request):
                     if hasattr(request, 'vcs_call'):
                         # skip vcs calls
                         return
                     repo_name = info['match']['repo_name']
                     repo_model = repo.RepoModel()
                     by_name_match = repo_model.get_by_repo_name(repo_name, cache=False)
                     def redirect_if_creating(route_info, db_repo):
                         skip_views = ['edit_repo_advanced_delete']
                         route = route_info['route']
                         # we should skip delete view so we can actually "remove" repositories
                         # if they get stuck in creating state.
                         if route.name in skip_views:
                             return
                         if db_repo.repo_state in [repo.Repository.STATE_PENDING]:
                             repo_creating_url = request.route_path(
                                 'repo_creating', repo_name=db_repo.repo_name)
                             raise HTTPFound(repo_creating_url)
                     if by_name_match:
                         # register this as request object we can re-use later
                         request.db_repo = by_name_match
                         redirect_if_creating(info, by_name_match)
                         return True
                     by_id_match = repo_model.get_repo_by_id(repo_name)
                     if by_id_match:
                         request.db_repo = by_id_match
                         redirect_if_creating(info, by_id_match)
                         return True
                     return False
             class RepoForbidArchivedRoutePredicate(object):
                 def __init__(self, val, config):
                     self.val = val
                 def text(self):
                     return 'repo_forbid_archived = %s' % self.val
                 phash = text
                 def __call__(self, info, request):
                     _ = request.translate
                     rhodecode_db_repo = request.db_repo
                     log.debug(
                         '%s checking if archived flag for repo for %s',
                         self.__class__.__name__, rhodecode_db_repo.repo_name)
                     if rhodecode_db_repo.archived:
                         log.warning('Current view is not supported for archived repo:%s',
                                     rhodecode_db_repo.repo_name)
                         h.flash(
                             h.literal(_('Action not supported for archived repository.')),
                             category='warning')
                         summary_url = request.route_path(
                             'repo_summary', repo_name=rhodecode_db_repo.repo_name)
                         raise HTTPFound(summary_url)
                     return True
             class RepoTypeRoutePredicate(object):
                 def __init__(self, val, config):
                     self.val = val or ['hg', 'git', 'svn']
                 def text(self):
                     return 'repo_accepted_type = %s' % self.val
                 phash = text
                 def __call__(self, info, request):
                     if hasattr(request, 'vcs_call'):
                         # skip vcs calls
                         return
                     rhodecode_db_repo = request.db_repo
                     log.debug(
                         '%s checking repo type for %s in %s',
                         self.__class__.__name__, rhodecode_db_repo.repo_type, self.val)
                     if rhodecode_db_repo.repo_type in self.val:
                         return True
                     else:
                         log.warning('Current view is not supported for repo type:%s',
                                     rhodecode_db_repo.repo_type)
                         return False
             class RepoGroupRoutePredicate(object):
                 def __init__(self, val, config):
                     self.val = val
                 def text(self):
                     return 'repo_group_route = %s' % self.val
                 phash = text
                 def __call__(self, info, request):
                     if hasattr(request, 'vcs_call'):
                         # skip vcs calls
                         return
                     repo_group_name = info['match']['repo_group_name']
                     repo_group_model = repo_group.RepoGroupModel()
                     by_name_match = repo_group_model.get_by_group_name(repo_group_name, cache=False)
                     if by_name_match:
                         # register this as request object we can re-use later
                         request.db_repo_group = by_name_match
                         return True
                     return False
             class UserGroupRoutePredicate(object):
                 def __init__(self, val, config):
                     self.val = val
                 def text(self):
                     return 'user_group_route = %s' % self.val
                 phash = text
                 def __call__(self, info, request):
                     if hasattr(request, 'vcs_call'):
                         # skip vcs calls
                         return
                     user_group_id = info['match']['user_group_id']
                     user_group_model = user_group.UserGroup()
                     by_id_match = user_group_model.get(user_group_id, cache=False)
                     if by_id_match:
                         # register this as request object we can re-use later
                         request.db_user_group = by_id_match
                         return True
                     return False
             class UserRoutePredicateBase(object):
                 supports_default = None
                 def __init__(self, val, config):
                     self.val = val
                 def text(self):
                     raise NotImplementedError()
                 def __call__(self, info, request):
                     if hasattr(request, 'vcs_call'):
                         # skip vcs calls
                         return
                     user_id = info['match']['user_id']
                     user_model = user.User()
                     by_id_match = user_model.get(user_id, cache=False)
                     if by_id_match:
                         # register this as request object we can re-use later
                         request.db_user = by_id_match
                         request.db_user_supports_default = self.supports_default
                         return True
                     return False
             class UserRoutePredicate(UserRoutePredicateBase):
                 supports_default = False
                 def text(self):
                     return 'user_route = %s' % self.val
                 phash = text
             class UserRouteWithDefaultPredicate(UserRoutePredicateBase):
                 supports_default = True
                 def text(self):
                     return 'user_with_default_route = %s' % self.val
                 phash = text
             def includeme(config):
                 config.add_route_predicate(
                     'repo_route', RepoRoutePredicate)
                 config.add_route_predicate(
                     'repo_accepted_types', RepoTypeRoutePredicate)
                 config.add_route_predicate(
                     'repo_forbid_when_archived', RepoForbidArchivedRoutePredicate)
                 config.add_route_predicate(
                     'repo_group_route', RepoGroupRoutePredicate)
                 config.add_route_predicate(
                     'user_group_route', UserGroupRoutePredicate)
                 config.add_route_predicate(
                     'user_route_with_default', UserRouteWithDefaultPredicate)
                 config.add_route_predicate(
                     'user_route', UserRoutePredicate)

rhodecode/apps/admin/views/settings.py

0 +1 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import collections
             import datetime
             import formencode
             import formencode.htmlfill
             import rhodecode
             from pyramid.view import view_config
             from pyramid.httpexceptions import HTTPFound, HTTPNotFound
             from pyramid.renderers import render
             from pyramid.response import Response
             from rhodecode.apps._base import BaseAppView
             from rhodecode.apps._base.navigation import navigation_list
             from rhodecode.apps.svn_support.config_keys import generate_config
             from rhodecode.lib import helpers as h
             from rhodecode.lib.auth import (
                 LoginRequired, HasPermissionAllDecorator, CSRFRequired)
             from rhodecode.lib.celerylib import tasks, run_task
             from rhodecode.lib.utils import repo2db_mapper
             from rhodecode.lib.utils2 import str2bool, safe_unicode, AttributeDict
             from rhodecode.lib.index import searcher_from_config
             from rhodecode.model.db import RhodeCodeUi, Repository
             from rhodecode.model.forms import (ApplicationSettingsForm,
                 ApplicationUiSettingsForm, ApplicationVisualisationForm,
                 LabsSettingsForm, IssueTrackerPatternsForm)
             from rhodecode.model.repo_group import RepoGroupModel
             from rhodecode.model.scm import ScmModel
             from rhodecode.model.notification import EmailNotificationModel
             from rhodecode.model.meta import Session
             from rhodecode.model.settings import (
                 IssueTrackerSettingsModel, VcsSettingsModel, SettingNotFound,
                 SettingsModel)
             log = logging.getLogger(__name__)
             class AdminSettingsView(BaseAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     c.labs_active = str2bool(
                         rhodecode.CONFIG.get('labs_settings_active', 'true'))
                     c.navlist = navigation_list(self.request)
                     return c
                 @classmethod
                 def _get_ui_settings(cls):
                     ret = RhodeCodeUi.query().all()
                     if not ret:
                         raise Exception('Could not get application ui settings !')
                     settings = {}
                     for each in ret:
                         k = each.ui_key
                         v = each.ui_value
                         if k == '/':
                             k = 'root_path'
                         if k in ['push_ssl', 'publish', 'enabled']:
                             v = str2bool(v)
                         if k.find('.') != -1:
                             k = k.replace('.', '_')
                         if each.ui_section in ['hooks', 'extensions']:
                             v = each.ui_active
                         settings[each.ui_section + '_' + k] = v
                     return settings
                 @classmethod
                 def _form_defaults(cls):
                     defaults = SettingsModel().get_all_settings()
                     defaults.update(cls._get_ui_settings())
                     defaults.update({
                         'new_svn_branch': '',
                         'new_svn_tag': '',
                     })
                     return defaults
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_settings_vcs', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_vcs(self):
                     c = self.load_default_context()
                     c.active = 'vcs'
                     model = VcsSettingsModel()
                     c.svn_branch_patterns = model.get_global_svn_branch_patterns()
                     c.svn_tag_patterns = model.get_global_svn_tag_patterns()
                     settings = self.request.registry.settings
                     c.svn_proxy_generate_config = settings[generate_config]
                     defaults = self._form_defaults()
                     model.create_largeobjects_dirs_if_needed(defaults['paths_root_path'])
                     data = render('rhodecode:templates/admin/settings/settings.mako',
                                   self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_vcs_update', request_method='POST',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_vcs_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'vcs'
                     model = VcsSettingsModel()
                     c.svn_branch_patterns = model.get_global_svn_branch_patterns()
                     c.svn_tag_patterns = model.get_global_svn_tag_patterns()
                     settings = self.request.registry.settings
                     c.svn_proxy_generate_config = settings[generate_config]
                     application_form = ApplicationUiSettingsForm(self.request.translate)()
                     try:
                         form_result = application_form.to_python(dict(self.request.POST))
                     except formencode.Invalid as errors:
                         h.flash(
                             _("Some form inputs contain invalid data."),
                             category='error')
                         data = render('rhodecode:templates/admin/settings/settings.mako',
                                       self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     try:
                         if c.visual.allow_repo_location_change:
                             model.update_global_path_setting(form_result['paths_root_path'])
                         model.update_global_ssl_setting(form_result['web_push_ssl'])
                         model.update_global_hook_settings(form_result)
                         model.create_or_update_global_svn_settings(form_result)
                         model.create_or_update_global_hg_settings(form_result)
                         model.create_or_update_global_git_settings(form_result)
                         model.create_or_update_global_pr_settings(form_result)
                     except Exception:
                         log.exception("Exception while updating settings")
                         h.flash(_('Error occurred during updating '
                                   'application settings'), category='error')
                     else:
                         Session().commit()
                         h.flash(_('Updated VCS settings'), category='success')
                         raise HTTPFound(h.route_path('admin_settings_vcs'))
                     data = render('rhodecode:templates/admin/settings/settings.mako',
                                   self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=self._form_defaults(),
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_vcs_svn_pattern_delete', request_method='POST',
                     renderer='json_ext', xhr=True)
                 def settings_vcs_delete_svn_pattern(self):
                     delete_pattern_id = self.request.POST.get('delete_svn_pattern')
                     model = VcsSettingsModel()
                     try:
                         model.delete_global_svn_pattern(delete_pattern_id)
                     except SettingNotFound:
                         log.exception(
                             'Failed to delete svn_pattern with id %s', delete_pattern_id)
                         raise HTTPNotFound()
                     Session().commit()
                     return True
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_settings_mapping', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_mapping(self):
                     c = self.load_default_context()
                     c.active = 'mapping'
                     data = render('rhodecode:templates/admin/settings/settings.mako',
                                   self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=self._form_defaults(),
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_mapping_update', request_method='POST',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_mapping_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'mapping'
                     rm_obsolete = self.request.POST.get('destroy', False)
                     invalidate_cache = self.request.POST.get('invalidate', False)
                     log.debug(
                         'rescanning repo location with destroy obsolete=%s', rm_obsolete)
                     if invalidate_cache:
                         log.debug('invalidating all repositories cache')
                         for repo in Repository.get_all():
                             ScmModel().mark_for_invalidation(repo.repo_name, delete=True)
                     filesystem_repos = ScmModel().repo_scan()
                     added, removed = repo2db_mapper(filesystem_repos, rm_obsolete)
                     _repr = lambda l: ', '.join(map(safe_unicode, l)) or '-'
                     h.flash(_('Repositories successfully '
                               'rescanned added: %s ; removed: %s') %
                             (_repr(added), _repr(removed)),
                             category='success')
                     raise HTTPFound(h.route_path('admin_settings_mapping'))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_settings', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 @view_config(
                     route_name='admin_settings_global', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_global(self):
                     c = self.load_default_context()
                     c.active = 'global'
                     c.personal_repo_group_default_pattern = RepoGroupModel()\
                         .get_personal_group_name_pattern()
                     data = render('rhodecode:templates/admin/settings/settings.mako',
                                   self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=self._form_defaults(),
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_update', request_method='POST',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 @view_config(
                     route_name='admin_settings_global_update', request_method='POST',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_global_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'global'
                     c.personal_repo_group_default_pattern = RepoGroupModel()\
                         .get_personal_group_name_pattern()
                     application_form = ApplicationSettingsForm(self.request.translate)()
                     try:
                         form_result = application_form.to_python(dict(self.request.POST))
                     except formencode.Invalid as errors:
                         h.flash(
                             _("Some form inputs contain invalid data."),
                             category='error')
                         data = render('rhodecode:templates/admin/settings/settings.mako',
                                       self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     settings = [
                         ('title', 'rhodecode_title', 'unicode'),
                         ('realm', 'rhodecode_realm', 'unicode'),
                         ('pre_code', 'rhodecode_pre_code', 'unicode'),
                         ('post_code', 'rhodecode_post_code', 'unicode'),
                         ('captcha_public_key', 'rhodecode_captcha_public_key', 'unicode'),
                         ('captcha_private_key', 'rhodecode_captcha_private_key', 'unicode'),
                         ('create_personal_repo_group', 'rhodecode_create_personal_repo_group', 'bool'),
                         ('personal_repo_group_pattern', 'rhodecode_personal_repo_group_pattern', 'unicode'),
                     ]
                     try:
                         for setting, form_key, type_ in settings:
                             sett = SettingsModel().create_or_update_setting(
                                 setting, form_result[form_key], type_)
                             Session().add(sett)
                         Session().commit()
                         SettingsModel().invalidate_settings_cache()
                         h.flash(_('Updated application settings'), category='success')
                     except Exception:
                         log.exception("Exception while updating application settings")
                         h.flash(
                             _('Error occurred during updating application settings'),
                             category='error')
                     raise HTTPFound(h.route_path('admin_settings_global'))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_settings_visual', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_visual(self):
                     c = self.load_default_context()
                     c.active = 'visual'
                     data = render('rhodecode:templates/admin/settings/settings.mako',
                                   self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=self._form_defaults(),
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_visual_update', request_method='POST',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_visual_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'visual'
                     application_form = ApplicationVisualisationForm(self.request.translate)()
                     try:
                         form_result = application_form.to_python(dict(self.request.POST))
                     except formencode.Invalid as errors:
                         h.flash(
                             _("Some form inputs contain invalid data."),
                             category='error')
                         data = render('rhodecode:templates/admin/settings/settings.mako',
                                       self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     try:
                         settings = [
                             ('show_public_icon', 'rhodecode_show_public_icon', 'bool'),
                             ('show_private_icon', 'rhodecode_show_private_icon', 'bool'),
                             ('stylify_metatags', 'rhodecode_stylify_metatags', 'bool'),
                             ('repository_fields', 'rhodecode_repository_fields', 'bool'),
                             ('dashboard_items', 'rhodecode_dashboard_items', 'int'),
                             ('admin_grid_items', 'rhodecode_admin_grid_items', 'int'),
                             ('show_version', 'rhodecode_show_version', 'bool'),
                             ('use_gravatar', 'rhodecode_use_gravatar', 'bool'),
                             ('markup_renderer', 'rhodecode_markup_renderer', 'unicode'),
                             ('gravatar_url', 'rhodecode_gravatar_url', 'unicode'),
                             ('clone_uri_tmpl', 'rhodecode_clone_uri_tmpl', 'unicode'),
                             ('clone_uri_ssh_tmpl', 'rhodecode_clone_uri_ssh_tmpl', 'unicode'),
                             ('support_url', 'rhodecode_support_url', 'unicode'),
                             ('show_revision_number', 'rhodecode_show_revision_number', 'bool'),
                             ('show_sha_length', 'rhodecode_show_sha_length', 'int'),
                         ]
                         for setting, form_key, type_ in settings:
                             sett = SettingsModel().create_or_update_setting(
                                 setting, form_result[form_key], type_)
                             Session().add(sett)
                         Session().commit()
                         SettingsModel().invalidate_settings_cache()
                         h.flash(_('Updated visualisation settings'), category='success')
                     except Exception:
                         log.exception("Exception updating visualization settings")
                         h.flash(_('Error occurred during updating '
                                   'visualisation settings'),
                                 category='error')
                     raise HTTPFound(h.route_path('admin_settings_visual'))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_settings_issuetracker', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_issuetracker(self):
                     c = self.load_default_context()
                     c.active = 'issuetracker'
                     defaults = c.rc_config
                     entry_key = 'rhodecode_issuetracker_pat_'
                     c.issuetracker_entries = {}
                     for k, v in defaults.items():
                         if k.startswith(entry_key):
                             uid = k[len(entry_key):]
                             c.issuetracker_entries[uid] = None
                     for uid in c.issuetracker_entries:
                         c.issuetracker_entries[uid] = AttributeDict({
                             'pat': defaults.get('rhodecode_issuetracker_pat_' + uid),
                             'url': defaults.get('rhodecode_issuetracker_url_' + uid),
                             'pref': defaults.get('rhodecode_issuetracker_pref_' + uid),
                             'desc': defaults.get('rhodecode_issuetracker_desc_' + uid),
                         })
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_issuetracker_test', request_method='POST',
                     renderer='string', xhr=True)
                 def settings_issuetracker_test(self):
                     return h.urlify_commit_message(
                         self.request.POST.get('test_text', ''),
                         'repo_group/test_repo1')
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_issuetracker_update', request_method='POST',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_issuetracker_update(self):
                     _ = self.request.translate
                     self.load_default_context()
                     settings_model = IssueTrackerSettingsModel()
                     try:
                         form = IssueTrackerPatternsForm(self.request.translate)()
                         data = form.to_python(self.request.POST)
                     except formencode.Invalid as errors:
                         log.exception('Failed to add new pattern')
                         error = errors
                         h.flash(_('Invalid issue tracker pattern: {}'.format(error)),
                                 category='error')
                         raise HTTPFound(h.route_path('admin_settings_issuetracker'))
                     if data:
                         for uid in data.get('delete_patterns', []):
                             settings_model.delete_entries(uid)
                         for pattern in data.get('patterns', []):
                             for setting, value, type_ in pattern:
                                 sett = settings_model.create_or_update_setting(
                                     setting, value, type_)
                                 Session().add(sett)
                             Session().commit()
                         SettingsModel().invalidate_settings_cache()
                         h.flash(_('Updated issue tracker entries'), category='success')
                     raise HTTPFound(h.route_path('admin_settings_issuetracker'))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_issuetracker_delete', request_method='POST',
                     renderer='json_ext', xhr=True)
                 def settings_issuetracker_delete(self):
                     _ = self.request.translate
                     self.load_default_context()
                     uid = self.request.POST.get('uid')
                     try:
                         IssueTrackerSettingsModel().delete_entries(uid)
                     except Exception:
                         log.exception('Failed to delete issue tracker setting %s', uid)
                         raise HTTPNotFound()
                     SettingsModel().invalidate_settings_cache()
                     h.flash(_('Removed issue tracker entry.'), category='success')
                     return {'deleted': uid}
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_settings_email', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_email(self):
                     c = self.load_default_context()
                     c.active = 'email'
                     c.rhodecode_ini = rhodecode.CONFIG
                     data = render('rhodecode:templates/admin/settings/settings.mako',
                                   self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=self._form_defaults(),
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_email_update', request_method='POST',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_email_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'email'
                     test_email = self.request.POST.get('test_email')
                     if not test_email:
                         h.flash(_('Please enter email address'), category='error')
                         raise HTTPFound(h.route_path('admin_settings_email'))
                     email_kwargs = {
                         'date': datetime.datetime.now(),
-                        'user': c.rhodecode_user
+                        'user': self._rhodecode_db_user
                     }
                     (subject, headers, email_body,
                      email_body_plaintext) = EmailNotificationModel().render_email(
                         EmailNotificationModel.TYPE_EMAIL_TEST, **email_kwargs)
                     recipients = [test_email] if test_email else None
                     run_task(tasks.send_email, recipients, subject,
                              email_body_plaintext, email_body)
                     h.flash(_('Send email task created'), category='success')
                     raise HTTPFound(h.route_path('admin_settings_email'))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_settings_hooks', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_hooks(self):
                     c = self.load_default_context()
                     c.active = 'hooks'
                     model = SettingsModel()
                     c.hooks = model.get_builtin_hooks()
                     c.custom_hooks = model.get_custom_hooks()
                     data = render('rhodecode:templates/admin/settings/settings.mako',
                                   self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=self._form_defaults(),
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_hooks_update', request_method='POST',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 @view_config(
                     route_name='admin_settings_hooks_delete', request_method='POST',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_hooks_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'hooks'
                     if c.visual.allow_custom_hooks_settings:
                         ui_key = self.request.POST.get('new_hook_ui_key')
                         ui_value = self.request.POST.get('new_hook_ui_value')
                         hook_id = self.request.POST.get('hook_id')
                         new_hook = False
                         model = SettingsModel()
                         try:
                             if ui_value and ui_key:
                                 model.create_or_update_hook(ui_key, ui_value)
                                 h.flash(_('Added new hook'), category='success')
                                 new_hook = True
                             elif hook_id:
                                 RhodeCodeUi.delete(hook_id)
                                 Session().commit()
                             # check for edits
                             update = False
                             _d = self.request.POST.dict_of_lists()
                             for k, v in zip(_d.get('hook_ui_key', []),
                                             _d.get('hook_ui_value_new', [])):
                                 model.create_or_update_hook(k, v)
                                 update = True
                             if update and not new_hook:
                                 h.flash(_('Updated hooks'), category='success')
                             Session().commit()
                         except Exception:
                             log.exception("Exception during hook creation")
                             h.flash(_('Error occurred during hook creation'),
                                     category='error')
                     raise HTTPFound(h.route_path('admin_settings_hooks'))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_settings_search', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_search(self):
                     c = self.load_default_context()
                     c.active = 'search'
                     c.searcher = searcher_from_config(self.request.registry.settings)
                     c.statistics = c.searcher.statistics(self.request.translate)
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_settings_automation', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_automation(self):
                     c = self.load_default_context()
                     c.active = 'automation'
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_settings_labs', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_labs(self):
                     c = self.load_default_context()
                     if not c.labs_active:
                         raise HTTPFound(h.route_path('admin_settings'))
                     c.active = 'labs'
                     c.lab_settings = _LAB_SETTINGS
                     data = render('rhodecode:templates/admin/settings/settings.mako',
                                   self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=self._form_defaults(),
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_labs_update', request_method='POST',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_labs_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'labs'
                     application_form = LabsSettingsForm(self.request.translate)()
                     try:
                         form_result = application_form.to_python(dict(self.request.POST))
                     except formencode.Invalid as errors:
                         h.flash(
                             _("Some form inputs contain invalid data."),
                             category='error')
                         data = render('rhodecode:templates/admin/settings/settings.mako',
                                       self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     try:
                         session = Session()
                         for setting in _LAB_SETTINGS:
                             setting_name = setting.key[len('rhodecode_'):]
                             sett = SettingsModel().create_or_update_setting(
                                 setting_name, form_result[setting.key], setting.type)
                             session.add(sett)
                     except Exception:
                         log.exception('Exception while updating lab settings')
                         h.flash(_('Error occurred during updating labs settings'),
                                 category='error')
                     else:
                         Session().commit()
                         SettingsModel().invalidate_settings_cache()
                         h.flash(_('Updated Labs settings'), category='success')
                         raise HTTPFound(h.route_path('admin_settings_labs'))
                     data = render('rhodecode:templates/admin/settings/settings.mako',
                                   self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=self._form_defaults(),
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
             # :param key: name of the setting including the 'rhodecode_' prefix
             # :param type: the RhodeCodeSetting type to use.
             # :param group: the i18ned group in which we should dispaly this setting
             # :param label: the i18ned label we should display for this setting
             # :param help: the i18ned help we should dispaly for this setting
             LabSetting = collections.namedtuple(
                 'LabSetting', ('key', 'type', 'group', 'label', 'help'))
             # This list has to be kept in sync with the form
             # rhodecode.model.forms.LabsSettingsForm.
             _LAB_SETTINGS = [
             ]

rhodecode/apps/admin/views/users.py

0 +4 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import datetime
             import formencode
             import formencode.htmlfill
             from pyramid.httpexceptions import HTTPFound
             from pyramid.view import view_config
             from pyramid.renderers import render
             from pyramid.response import Response
             from rhodecode import events
             from rhodecode.apps._base import BaseAppView, DataGridAppView, UserAppView
             from rhodecode.apps.ssh_support import SshKeyFileChangeEvent
             from rhodecode.authentication.base import get_authn_registry, RhodeCodeExternalAuthPlugin
             from rhodecode.authentication.plugins import auth_rhodecode
             from rhodecode.events import trigger
             from rhodecode.model.db import true
             from rhodecode.lib import audit_logger, rc_cache
             from rhodecode.lib.exceptions import (
                 UserCreationError, UserOwnsReposException, UserOwnsRepoGroupsException,
                 UserOwnsUserGroupsException, DefaultUserException)
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.auth import (
                 LoginRequired, HasPermissionAllDecorator, CSRFRequired)
             from rhodecode.lib import helpers as h
             from rhodecode.lib.helpers import SqlPage
             from rhodecode.lib.utils2 import safe_int, safe_unicode, AttributeDict
             from rhodecode.model.auth_token import AuthTokenModel
             from rhodecode.model.forms import (
                 UserForm, UserIndividualPermissionsForm, UserPermissionsForm,
                 UserExtraEmailForm, UserExtraIpForm)
             from rhodecode.model.permission import PermissionModel
             from rhodecode.model.repo_group import RepoGroupModel
             from rhodecode.model.ssh_key import SshKeyModel
             from rhodecode.model.user import UserModel
             from rhodecode.model.user_group import UserGroupModel
             from rhodecode.model.db import (
                 or_, coalesce,IntegrityError, User, UserGroup, UserIpMap, UserEmailMap,
                 UserApiKeys, UserSshKeys, RepoGroup)
             from rhodecode.model.meta import Session
             log = logging.getLogger(__name__)
             class AdminUsersView(BaseAppView, DataGridAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     return c
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='users', request_method='GET',
                     renderer='rhodecode:templates/admin/users/users.mako')
                 def users_list(self):
                     c = self.load_default_context()
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     # renderer defined below
                     route_name='users_data', request_method='GET',
                     renderer='json_ext', xhr=True)
                 def users_list_data(self):
                     self.load_default_context()
                     column_map = {
                         'first_name': 'name',
                         'last_name': 'lastname',
                     }
                     draw, start, limit = self._extract_chunk(self.request)
                     search_q, order_by, order_dir = self._extract_ordering(
                         self.request, column_map=column_map)
                     _render = self.request.get_partial_renderer(
                         'rhodecode:templates/data_table/_dt_elements.mako')
                     def user_actions(user_id, username):
                         return _render("user_actions", user_id, username)
                     users_data_total_count = User.query()\
                         .filter(User.username != User.DEFAULT_USER) \
                         .count()
                     users_data_total_inactive_count = User.query()\
                         .filter(User.username != User.DEFAULT_USER) \
                         .filter(User.active != true())\
                         .count()
                     # json generate
                     base_q = User.query().filter(User.username != User.DEFAULT_USER)
                     base_inactive_q = base_q.filter(User.active != true())
                     if search_q:
                         like_expression = u'%{}%'.format(safe_unicode(search_q))
                         base_q = base_q.filter(or_(
                             User.username.ilike(like_expression),
                             User._email.ilike(like_expression),
                             User.name.ilike(like_expression),
                             User.lastname.ilike(like_expression),
                         ))
                         base_inactive_q = base_q.filter(User.active != true())
                     users_data_total_filtered_count = base_q.count()
                     users_data_total_filtered_inactive_count = base_inactive_q.count()
                     sort_col = getattr(User, order_by, None)
                     if sort_col:
                         if order_dir == 'asc':
                             # handle null values properly to order by NULL last
                             if order_by in ['last_activity']:
                                 sort_col = coalesce(sort_col, datetime.date.max)
                             sort_col = sort_col.asc()
                         else:
                             # handle null values properly to order by NULL last
                             if order_by in ['last_activity']:
                                 sort_col = coalesce(sort_col, datetime.date.min)
                             sort_col = sort_col.desc()
                     base_q = base_q.order_by(sort_col)
                     base_q = base_q.offset(start).limit(limit)
                     users_list = base_q.all()
                     users_data = []
                     for user in users_list:
                         users_data.append({
                             "username": h.gravatar_with_user(self.request, user.username),
                             "email": user.email,
                             "first_name": user.first_name,
                             "last_name": user.last_name,
                             "last_login": h.format_date(user.last_login),
                             "last_activity": h.format_date(user.last_activity),
                             "active": h.bool2icon(user.active),
                             "active_raw": user.active,
                             "admin": h.bool2icon(user.admin),
                             "extern_type": user.extern_type,
                             "extern_name": user.extern_name,
                             "action": user_actions(user.user_id, user.username),
                         })
                     data = ({
                         'draw': draw,
                         'data': users_data,
                         'recordsTotal': users_data_total_count,
                         'recordsFiltered': users_data_total_filtered_count,
                         'recordsTotalInactive': users_data_total_inactive_count,
                         'recordsFilteredInactive': users_data_total_filtered_inactive_count
                     })
                     return data
                 def _set_personal_repo_group_template_vars(self, c_obj):
                     DummyUser = AttributeDict({
                         'username': '${username}',
                         'user_id': '${user_id}',
                     })
                     c_obj.default_create_repo_group = RepoGroupModel() \
                         .get_default_create_personal_repo_group()
                     c_obj.personal_repo_group_name = RepoGroupModel() \
                         .get_personal_group_name(DummyUser)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='users_new', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_add.mako')
                 def users_new(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.uid
                     self._set_personal_repo_group_template_vars(c)
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='users_create', request_method='POST',
                     renderer='rhodecode:templates/admin/users/user_add.mako')
                 def users_create(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.uid
                     user_model = UserModel()
                     user_form = UserForm(self.request.translate)()
                     try:
                         form_result = user_form.to_python(dict(self.request.POST))
                         user = user_model.create(form_result)
                         Session().flush()
                         creation_data = user.get_api_data()
                         username = form_result['username']
                         audit_logger.store_web(
                             'user.create', action_data={'data': creation_data},
                             user=c.rhodecode_user)
                         user_link = h.link_to(
                             h.escape(username),
                             h.route_path('user_edit', user_id=user.user_id))
                         h.flash(h.literal(_('Created user %(user_link)s')
                                           % {'user_link': user_link}), category='success')
                         Session().commit()
                     except formencode.Invalid as errors:
                         self._set_personal_repo_group_template_vars(c)
                         data = render(
                             'rhodecode:templates/admin/users/user_add.mako',
                             self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     except UserCreationError as e:
                         h.flash(e, 'error')
                     except Exception:
                         log.exception("Exception creation of user")
                         h.flash(_('Error occurred during creation of user %s')
                                 % self.request.POST.get('username'), category='error')
                     raise HTTPFound(h.route_path('users'))
             class UsersView(UserAppView):
                 ALLOW_SCOPED_TOKENS = False
                 """
                 This view has alternative version inside EE, if modified please take a look
                 in there as well.
                 """
                 def get_auth_plugins(self):
                     valid_plugins = []
                     authn_registry = get_authn_registry(self.request.registry)
                     for plugin in authn_registry.get_plugins_for_authentication():
                         if isinstance(plugin, RhodeCodeExternalAuthPlugin):
                             valid_plugins.append(plugin)
                         elif plugin.name == 'rhodecode':
                             valid_plugins.append(plugin)
                     # extend our choices if user has set a bound plugin which isn't enabled at the
                     # moment
                     extern_type = self.db_user.extern_type
                     if extern_type not in [x.uid for x in valid_plugins]:
                         try:
                             plugin = authn_registry.get_plugin_by_uid(extern_type)
                             if plugin:
                                 valid_plugins.append(plugin)
                         except Exception:
                             log.exception(
                                 'Could not extend user plugins with `{}`'.format(extern_type))
                     return valid_plugins
                 def load_default_context(self):
                     req = self.request
                     c = self._get_local_tmpl_context()
                     c.allow_scoped_tokens = self.ALLOW_SCOPED_TOKENS
                     c.allowed_languages = [
                         ('en', 'English (en)'),
                         ('de', 'German (de)'),
                         ('fr', 'French (fr)'),
                         ('it', 'Italian (it)'),
                         ('ja', 'Japanese (ja)'),
                         ('pl', 'Polish (pl)'),
                         ('pt', 'Portuguese (pt)'),
                         ('ru', 'Russian (ru)'),
                         ('zh', 'Chinese (zh)'),
                     ]
                     c.allowed_extern_types = [
                         (x.uid, x.get_display_name()) for x in self.get_auth_plugins()
                     ]
                     c.available_permissions = req.registry.settings['available_permissions']
                     PermissionModel().set_global_permission_choices(
                         c, gettext_translator=req.translate)
                     return c
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='user_update', request_method='POST',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     c.active = 'profile'
                     c.extern_type = c.user.extern_type
                     c.extern_name = c.user.extern_name
                     c.perm_user = c.user.AuthUser(ip_addr=self.request.remote_addr)
                     available_languages = [x[0] for x in c.allowed_languages]
                     _form = UserForm(self.request.translate, edit=True,
                                      available_languages=available_languages,
                                      old_data={'user_id': user_id,
                                                'email': c.user.email})()
                     form_result = {}
                     old_values = c.user.get_api_data()
                     try:
                         form_result = _form.to_python(dict(self.request.POST))
                         skip_attrs = ['extern_name']
                         # TODO: plugin should define if username can be updated
                         if c.extern_type != "rhodecode":
                             # forbid updating username for external accounts
                             skip_attrs.append('username')
                         UserModel().update_user(
                             user_id, skip_attrs=skip_attrs, **form_result)
                         audit_logger.store_web(
                             'user.edit', action_data={'old_data': old_values},
                             user=c.rhodecode_user)
                         Session().commit()
                         h.flash(_('User updated successfully'), category='success')
                     except formencode.Invalid as errors:
                         data = render(
                             'rhodecode:templates/admin/users/user_edit.mako',
                             self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     except UserCreationError as e:
                         h.flash(e, 'error')
                     except Exception:
                         log.exception("Exception updating user")
                         h.flash(_('Error occurred during update of user %s')
                                 % form_result.get('username'), category='error')
                     raise HTTPFound(h.route_path('user_edit', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='user_delete', request_method='POST',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     _repos = c.user.repositories
                     _repo_groups = c.user.repository_groups
                     _user_groups = c.user.user_groups
                     _artifacts = c.user.artifacts
                     handle_repos = None
                     handle_repo_groups = None
                     handle_user_groups = None
                     handle_artifacts = None
                     # calls for flash of handle based on handle case detach or delete
                     def set_handle_flash_repos():
                         handle = handle_repos
                         if handle == 'detach':
                             h.flash(_('Detached %s repositories') % len(_repos),
                                     category='success')
                         elif handle == 'delete':
                             h.flash(_('Deleted %s repositories') % len(_repos),
                                     category='success')
                     def set_handle_flash_repo_groups():
                         handle = handle_repo_groups
                         if handle == 'detach':
                             h.flash(_('Detached %s repository groups') % len(_repo_groups),
                                     category='success')
                         elif handle == 'delete':
                             h.flash(_('Deleted %s repository groups') % len(_repo_groups),
                                     category='success')
                     def set_handle_flash_user_groups():
                         handle = handle_user_groups
                         if handle == 'detach':
                             h.flash(_('Detached %s user groups') % len(_user_groups),
                                     category='success')
                         elif handle == 'delete':
                             h.flash(_('Deleted %s user groups') % len(_user_groups),
                                     category='success')
                     def set_handle_flash_artifacts():
                         handle = handle_artifacts
                         if handle == 'detach':
                             h.flash(_('Detached %s artifacts') % len(_artifacts),
                                     category='success')
                         elif handle == 'delete':
                             h.flash(_('Deleted %s artifacts') % len(_artifacts),
                                     category='success')
                     if _repos and self.request.POST.get('user_repos'):
                         handle_repos = self.request.POST['user_repos']
                     if _repo_groups and self.request.POST.get('user_repo_groups'):
                         handle_repo_groups = self.request.POST['user_repo_groups']
                     if _user_groups and self.request.POST.get('user_user_groups'):
                         handle_user_groups = self.request.POST['user_user_groups']
                     if _artifacts and self.request.POST.get('user_artifacts'):
                         handle_artifacts = self.request.POST['user_artifacts']
                     old_values = c.user.get_api_data()
                     try:
                         UserModel().delete(c.user, handle_repos=handle_repos,
                                            handle_repo_groups=handle_repo_groups,
                                            handle_user_groups=handle_user_groups,
                                            handle_artifacts=handle_artifacts)
                         audit_logger.store_web(
                             'user.delete', action_data={'old_data': old_values},
                             user=c.rhodecode_user)
                         Session().commit()
                         set_handle_flash_repos()
                         set_handle_flash_repo_groups()
                         set_handle_flash_user_groups()
                         set_handle_flash_artifacts()
                         username = h.escape(old_values['username'])
                         h.flash(_('Successfully deleted user `{}`').format(username), category='success')
                     except (UserOwnsReposException, UserOwnsRepoGroupsException,
                             UserOwnsUserGroupsException, DefaultUserException) as e:
                         h.flash(e, category='warning')
                     except Exception:
                         log.exception("Exception during deletion of user")
                         h.flash(_('An error occurred during deletion of user'),
                                 category='error')
                     raise HTTPFound(h.route_path('users'))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='user_edit', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_edit(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'profile'
                     c.extern_type = c.user.extern_type
                     c.extern_name = c.user.extern_name
                     c.perm_user = c.user.AuthUser(ip_addr=self.request.remote_addr)
                     defaults = c.user.get_dict()
                     defaults.update({'language': c.user.user_data.get('language')})
                     data = render(
                         'rhodecode:templates/admin/users/user_edit.mako',
                         self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='user_edit_advanced', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_edit_advanced(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     c.active = 'advanced'
                     c.personal_repo_group = RepoGroup.get_user_personal_repo_group(user_id)
                     c.personal_repo_group_name = RepoGroupModel()\
                         .get_personal_group_name(c.user)
                     c.user_to_review_rules = sorted(
                         (x.user for x in c.user.user_review_rules),
                         key=lambda u: u.username.lower())
                     c.first_admin = User.get_first_super_admin()
                     defaults = c.user.get_dict()
                     # Interim workaround if the user participated on any pull requests as a
                     # reviewer.
                     has_review = len(c.user.reviewer_pull_requests)
                     c.can_delete_user = not has_review
                     c.can_delete_user_message = ''
                     inactive_link = h.link_to(
                         'inactive', h.route_path('user_edit', user_id=user_id, _anchor='active'))
                     if has_review == 1:
                         c.can_delete_user_message = h.literal(_(
                             'The user participates as reviewer in {} pull request and '
                             'cannot be deleted. \nYou can set the user to '
                             '"{}" instead of deleting it.').format(
                             has_review, inactive_link))
                     elif has_review:
                         c.can_delete_user_message = h.literal(_(
                             'The user participates as reviewer in {} pull requests and '
                             'cannot be deleted. \nYou can set the user to '
                             '"{}" instead of deleting it.').format(
                             has_review, inactive_link))
                     data = render(
                         'rhodecode:templates/admin/users/user_edit.mako',
                         self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='user_edit_global_perms', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_edit_global_perms(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'global_perms'
                     c.default_user = User.get_default_user()
                     defaults = c.user.get_dict()
                     defaults.update(c.default_user.get_default_perms(suffix='_inherited'))
                     defaults.update(c.default_user.get_default_perms())
                     defaults.update(c.user.get_default_perms())
                     data = render(
                         'rhodecode:templates/admin/users/user_edit.mako',
                         self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='user_edit_global_perms_update', request_method='POST',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_edit_global_perms_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     c.active = 'global_perms'
                     try:
                         # first stage that verifies the checkbox
                         _form = UserIndividualPermissionsForm(self.request.translate)
                         form_result = _form.to_python(dict(self.request.POST))
                         inherit_perms = form_result['inherit_default_permissions']
                         c.user.inherit_default_permissions = inherit_perms
                         Session().add(c.user)
                         if not inherit_perms:
                             # only update the individual ones if we un check the flag
                             _form = UserPermissionsForm(
                                 self.request.translate,
                                 [x[0] for x in c.repo_create_choices],
                                 [x[0] for x in c.repo_create_on_write_choices],
                                 [x[0] for x in c.repo_group_create_choices],
                                 [x[0] for x in c.user_group_create_choices],
                                 [x[0] for x in c.fork_choices],
                                 [x[0] for x in c.inherit_default_permission_choices])()
                             form_result = _form.to_python(dict(self.request.POST))
                             form_result.update({'perm_user_id': c.user.user_id})
                             PermissionModel().update_user_permissions(form_result)
                         # TODO(marcink): implement global permissions
                         # audit_log.store_web('user.edit.permissions')
                         Session().commit()
                         h.flash(_('User global permissions updated successfully'),
                                 category='success')
                     except formencode.Invalid as errors:
                         data = render(
                             'rhodecode:templates/admin/users/user_edit.mako',
                             self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     except Exception:
                         log.exception("Exception during permissions saving")
                         h.flash(_('An error occurred during permissions saving'),
                                 category='error')
                     affected_user_ids = [user_id]
                     PermissionModel().trigger_permission_flush(affected_user_ids)
                     raise HTTPFound(h.route_path('user_edit_global_perms', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='user_enable_force_password_reset', request_method='POST',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_enable_force_password_reset(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     try:
                         c.user.update_userdata(force_password_change=True)
                         msg = _('Force password change enabled for user')
                         audit_logger.store_web('user.edit.password_reset.enabled',
                                                user=c.rhodecode_user)
                         Session().commit()
                         h.flash(msg, category='success')
                     except Exception:
                         log.exception("Exception during password reset for user")
                         h.flash(_('An error occurred during password reset for user'),
                                 category='error')
                     raise HTTPFound(h.route_path('user_edit_advanced', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='user_disable_force_password_reset', request_method='POST',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_disable_force_password_reset(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     try:
                         c.user.update_userdata(force_password_change=False)
                         msg = _('Force password change disabled for user')
                         audit_logger.store_web(
                             'user.edit.password_reset.disabled',
                             user=c.rhodecode_user)
                         Session().commit()
                         h.flash(msg, category='success')
                     except Exception:
                         log.exception("Exception during password reset for user")
                         h.flash(_('An error occurred during password reset for user'),
                                 category='error')
                     raise HTTPFound(h.route_path('user_edit_advanced', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='user_create_personal_repo_group', request_method='POST',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_create_personal_repo_group(self):
                     """
                     Create personal repository group for this user
                     """
                     from rhodecode.model.repo_group import RepoGroupModel
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     personal_repo_group = RepoGroup.get_user_personal_repo_group(
                         c.user.user_id)
                     if personal_repo_group:
                         raise HTTPFound(h.route_path('user_edit_advanced', user_id=user_id))
                     personal_repo_group_name = RepoGroupModel().get_personal_group_name(c.user)
                     named_personal_group = RepoGroup.get_by_group_name(
                         personal_repo_group_name)
                     try:
                         if named_personal_group and named_personal_group.user_id == c.user.user_id:
                             # migrate the same named group, and mark it as personal
                             named_personal_group.personal = True
                             Session().add(named_personal_group)
                             Session().commit()
                             msg = _('Linked repository group `%s` as personal' % (
                                 personal_repo_group_name,))
                             h.flash(msg, category='success')
                         elif not named_personal_group:
                             RepoGroupModel().create_personal_repo_group(c.user)
                             msg = _('Created repository group `%s`' % (
                                 personal_repo_group_name,))
                             h.flash(msg, category='success')
                         else:
                             msg = _('Repository group `%s` is already taken' % (
                                 personal_repo_group_name,))
                             h.flash(msg, category='warning')
                     except Exception:
                         log.exception("Exception during repository group creation")
                         msg = _(
                             'An error occurred during repository group creation for user')
                         h.flash(msg, category='error')
                         Session().rollback()
                     raise HTTPFound(h.route_path('user_edit_advanced', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_auth_tokens', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def auth_tokens(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'auth_tokens'
                     c.lifetime_values = AuthTokenModel.get_lifetime_values(translator=_)
                     c.role_values = [
                         (x, AuthTokenModel.cls._get_role_name(x))
                         for x in AuthTokenModel.cls.ROLES]
                     c.role_options = [(c.role_values, _("Role"))]
                     c.user_auth_tokens = AuthTokenModel().get_auth_tokens(
                         c.user.user_id, show_expired=True)
                     c.role_vcs = AuthTokenModel.cls.ROLE_VCS
                     return self._get_template_context(c)
                 def maybe_attach_token_scope(self, token):
                     # implemented in EE edition
                     pass
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_auth_tokens_add', request_method='POST')
                 def auth_tokens_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     user_data = c.user.get_api_data()
                     lifetime = safe_int(self.request.POST.get('lifetime'), -1)
                     description = self.request.POST.get('description')
                     role = self.request.POST.get('role')
                     token = UserModel().add_auth_token(
                         user=c.user.user_id,
                         lifetime_minutes=lifetime, role=role, description=description,
                         scope_callback=self.maybe_attach_token_scope)
                     token_data = token.get_api_data()
                     audit_logger.store_web(
                         'user.edit.token.add', action_data={
                             'data': {'token': token_data, 'user': user_data}},
                         user=self._rhodecode_user, )
                     Session().commit()
                     h.flash(_("Auth token successfully created"), category='success')
                     return HTTPFound(h.route_path('edit_user_auth_tokens', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_auth_tokens_delete', request_method='POST')
                 def auth_tokens_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     user_data = c.user.get_api_data()
                     del_auth_token = self.request.POST.get('del_auth_token')
                     if del_auth_token:
                         token = UserApiKeys.get_or_404(del_auth_token)
                         token_data = token.get_api_data()
                         AuthTokenModel().delete(del_auth_token, c.user.user_id)
                         audit_logger.store_web(
                             'user.edit.token.delete', action_data={
                                 'data': {'token': token_data, 'user': user_data}},
                             user=self._rhodecode_user,)
                         Session().commit()
                         h.flash(_("Auth token successfully deleted"), category='success')
                     return HTTPFound(h.route_path('edit_user_auth_tokens', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_ssh_keys', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def ssh_keys(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'ssh_keys'
                     c.default_key = self.request.GET.get('default_key')
                     c.user_ssh_keys = SshKeyModel().get_ssh_keys(c.user.user_id)
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_ssh_keys_generate_keypair', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def ssh_keys_generate_keypair(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'ssh_keys_generate'
                     comment = 'RhodeCode-SSH {}'.format(c.user.email or '')
-                    c.private, c.public = SshKeyModel().generate_keypair(comment=comment)
+                    private_format = self.request.GET.get('private_format') \
+                                     or SshKeyModel.DEFAULT_PRIVATE_KEY_FORMAT
+                    c.private, c.public = SshKeyModel().generate_keypair(
+                        comment=comment, private_format=private_format)
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_ssh_keys_add', request_method='POST')
                 def ssh_keys_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     user_data = c.user.get_api_data()
                     key_data = self.request.POST.get('key_data')
                     description = self.request.POST.get('description')
                     fingerprint = 'unknown'
                     try:
                         if not key_data:
                             raise ValueError('Please add a valid public key')
                         key = SshKeyModel().parse_key(key_data.strip())
                         fingerprint = key.hash_md5()
                         ssh_key = SshKeyModel().create(
                             c.user.user_id, fingerprint, key.keydata, description)
                         ssh_key_data = ssh_key.get_api_data()
                         audit_logger.store_web(
                             'user.edit.ssh_key.add', action_data={
                                 'data': {'ssh_key': ssh_key_data, 'user': user_data}},
                             user=self._rhodecode_user, )
                         Session().commit()
                         # Trigger an event on change of keys.
                         trigger(SshKeyFileChangeEvent(), self.request.registry)
                         h.flash(_("Ssh Key successfully created"), category='success')
                     except IntegrityError:
                         log.exception("Exception during ssh key saving")
                         err = 'Such key with fingerprint `{}` already exists, ' \
                               'please use a different one'.format(fingerprint)
                         h.flash(_('An error occurred during ssh key saving: {}').format(err),
                                 category='error')
                     except Exception as e:
                         log.exception("Exception during ssh key saving")
                         h.flash(_('An error occurred during ssh key saving: {}').format(e),
                                 category='error')
                     return HTTPFound(
                         h.route_path('edit_user_ssh_keys', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_ssh_keys_delete', request_method='POST')
                 def ssh_keys_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     user_data = c.user.get_api_data()
                     del_ssh_key = self.request.POST.get('del_ssh_key')
                     if del_ssh_key:
                         ssh_key = UserSshKeys.get_or_404(del_ssh_key)
                         ssh_key_data = ssh_key.get_api_data()
                         SshKeyModel().delete(del_ssh_key, c.user.user_id)
                         audit_logger.store_web(
                             'user.edit.ssh_key.delete', action_data={
                                 'data': {'ssh_key': ssh_key_data, 'user': user_data}},
                             user=self._rhodecode_user,)
                         Session().commit()
                         # Trigger an event on change of keys.
                         trigger(SshKeyFileChangeEvent(), self.request.registry)
                         h.flash(_("Ssh key successfully deleted"), category='success')
                     return HTTPFound(h.route_path('edit_user_ssh_keys', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_emails', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def emails(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'emails'
                     c.user_email_map = UserEmailMap.query() \
                         .filter(UserEmailMap.user == c.user).all()
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_emails_add', request_method='POST')
                 def emails_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     email = self.request.POST.get('new_email')
                     user_data = c.user.get_api_data()
                     try:
                         form = UserExtraEmailForm(self.request.translate)()
                         data = form.to_python({'email': email})
                         email = data['email']
                         UserModel().add_extra_email(c.user.user_id, email)
                         audit_logger.store_web(
                             'user.edit.email.add',
                             action_data={'email': email, 'user': user_data},
                             user=self._rhodecode_user)
                         Session().commit()
                         h.flash(_("Added new email address `%s` for user account") % email,
                                 category='success')
                     except formencode.Invalid as error:
                         h.flash(h.escape(error.error_dict['email']), category='error')
                     except IntegrityError:
                         log.warning("Email %s already exists", email)
                         h.flash(_('Email `{}` is already registered for another user.').format(email),
                                 category='error')
                     except Exception:
                         log.exception("Exception during email saving")
                         h.flash(_('An error occurred during email saving'),
                                 category='error')
                     raise HTTPFound(h.route_path('edit_user_emails', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_emails_delete', request_method='POST')
                 def emails_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     email_id = self.request.POST.get('del_email_id')
                     user_model = UserModel()
                     email = UserEmailMap.query().get(email_id).email
                     user_data = c.user.get_api_data()
                     user_model.delete_extra_email(c.user.user_id, email_id)
                     audit_logger.store_web(
                         'user.edit.email.delete',
                         action_data={'email': email, 'user': user_data},
                         user=self._rhodecode_user)
                     Session().commit()
                     h.flash(_("Removed email address from user account"),
                             category='success')
                     raise HTTPFound(h.route_path('edit_user_emails', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_ips', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def ips(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'ips'
                     c.user_ip_map = UserIpMap.query() \
                         .filter(UserIpMap.user == c.user).all()
                     c.inherit_default_ips = c.user.inherit_default_permissions
                     c.default_user_ip_map = UserIpMap.query() \
                         .filter(UserIpMap.user == User.get_default_user()).all()
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_ips_add', request_method='POST')
                 # NOTE(marcink): this view is allowed for default users, as we can
                 # edit their IP white list
                 def ips_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     user_model = UserModel()
                     desc = self.request.POST.get('description')
                     try:
                         ip_list = user_model.parse_ip_range(
                             self.request.POST.get('new_ip'))
                     except Exception as e:
                         ip_list = []
                         log.exception("Exception during ip saving")
                         h.flash(_('An error occurred during ip saving:%s' % (e,)),
                                 category='error')
                     added = []
                     user_data = c.user.get_api_data()
                     for ip in ip_list:
                         try:
                             form = UserExtraIpForm(self.request.translate)()
                             data = form.to_python({'ip': ip})
                             ip = data['ip']
                             user_model.add_extra_ip(c.user.user_id, ip, desc)
                             audit_logger.store_web(
                                 'user.edit.ip.add',
                                 action_data={'ip': ip, 'user': user_data},
                                 user=self._rhodecode_user)
                             Session().commit()
                             added.append(ip)
                         except formencode.Invalid as error:
                             msg = error.error_dict['ip']
                             h.flash(msg, category='error')
                         except Exception:
                             log.exception("Exception during ip saving")
                             h.flash(_('An error occurred during ip saving'),
                                     category='error')
                     if added:
                         h.flash(
                             _("Added ips %s to user whitelist") % (', '.join(ip_list), ),
                             category='success')
                     if 'default_user' in self.request.POST:
                         # case for editing global IP list we do it for 'DEFAULT' user
                         raise HTTPFound(h.route_path('admin_permissions_ips'))
                     raise HTTPFound(h.route_path('edit_user_ips', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_ips_delete', request_method='POST')
                 # NOTE(marcink): this view is allowed for default users, as we can
                 # edit their IP white list
                 def ips_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     ip_id = self.request.POST.get('del_ip_id')
                     user_model = UserModel()
                     user_data = c.user.get_api_data()
                     ip = UserIpMap.query().get(ip_id).ip_addr
                     user_model.delete_extra_ip(c.user.user_id, ip_id)
                     audit_logger.store_web(
                         'user.edit.ip.delete', action_data={'ip': ip, 'user': user_data},
                         user=self._rhodecode_user)
                     Session().commit()
                     h.flash(_("Removed ip address from user whitelist"), category='success')
                     if 'default_user' in self.request.POST:
                         # case for editing global IP list we do it for 'DEFAULT' user
                         raise HTTPFound(h.route_path('admin_permissions_ips'))
                     raise HTTPFound(h.route_path('edit_user_ips', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_groups_management', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def groups_management(self):
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.data = c.user.group_member
                     groups = [UserGroupModel.get_user_groups_as_dict(group.users_group)
                               for group in c.user.group_member]
                     c.groups = json.dumps(groups)
                     c.active = 'groups'
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_groups_management_updates', request_method='POST')
                 def groups_management_updates(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.db_user_id
                     c.user = self.db_user
                     user_groups = set(self.request.POST.getall('users_group_id'))
                     user_groups_objects = []
                     for ugid in user_groups:
                         user_groups_objects.append(
                             UserGroupModel().get_group(safe_int(ugid)))
                     user_group_model = UserGroupModel()
                     added_to_groups, removed_from_groups = \
                         user_group_model.change_groups(c.user, user_groups_objects)
                     user_data = c.user.get_api_data()
                     for user_group_id in added_to_groups:
                         user_group = UserGroup.get(user_group_id)
                         old_values = user_group.get_api_data()
                         audit_logger.store_web(
                             'user_group.edit.member.add',
                             action_data={'user': user_data, 'old_data': old_values},
                             user=self._rhodecode_user)
                     for user_group_id in removed_from_groups:
                         user_group = UserGroup.get(user_group_id)
                         old_values = user_group.get_api_data()
                         audit_logger.store_web(
                             'user_group.edit.member.delete',
                             action_data={'user': user_data, 'old_data': old_values},
                             user=self._rhodecode_user)
                     Session().commit()
                     c.active = 'user_groups_management'
                     h.flash(_("Groups successfully changed"), category='success')
                     return HTTPFound(h.route_path(
                         'edit_user_groups_management', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_audit_logs', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_audit_logs(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'audit'
                     p = safe_int(self.request.GET.get('page', 1), 1)
                     filter_term = self.request.GET.get('filter')
                     user_log = UserModel().get_user_log(c.user, filter_term)
                     def url_generator(page_num):
                         query_params = {
                             'page': page_num
                         }
                         if filter_term:
                             query_params['filter'] = filter_term
                         return self.request.current_route_path(_query=query_params)
                     c.audit_logs = SqlPage(
                         user_log, page=p, items_per_page=10, url_maker=url_generator)
                     c.filter_term = filter_term
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_audit_logs_download', request_method='GET',
                     renderer='string')
                 def user_audit_logs_download(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     user_log = UserModel().get_user_log(c.user, filter_term=None)
                     audit_log_data = {}
                     for entry in user_log:
                         audit_log_data[entry.user_log_id] = entry.get_dict()
                     response = Response(json.dumps(audit_log_data, indent=4))
                     response.content_disposition = str(
                         'attachment; filename=%s' % 'user_{}_audit_logs.json'.format(c.user.user_id))
                     response.content_type = 'application/json'
                     return response
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_perms_summary', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_perms_summary(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'perms_summary'
                     c.perm_user = c.user.AuthUser(ip_addr=self.request.remote_addr)
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_perms_summary_json', request_method='GET',
                     renderer='json_ext')
                 def user_perms_summary_json(self):
                     self.load_default_context()
                     perm_user = self.db_user.AuthUser(ip_addr=self.request.remote_addr)
                     return perm_user.permissions
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_caches', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def user_caches(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'caches'
                     c.perm_user = c.user.AuthUser(ip_addr=self.request.remote_addr)
                     cache_namespace_uid = 'cache_user_auth.{}'.format(self.db_user.user_id)
                     c.region = rc_cache.get_or_create_region('cache_perms', cache_namespace_uid)
                     c.backend = c.region.backend
                     c.user_keys = sorted(c.region.backend.list_keys(prefix=cache_namespace_uid))
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_caches_update', request_method='POST')
                 def user_caches_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.user = self.db_user
                     c.active = 'caches'
                     c.perm_user = c.user.AuthUser(ip_addr=self.request.remote_addr)
                     cache_namespace_uid = 'cache_user_auth.{}'.format(self.db_user.user_id)
                     del_keys = rc_cache.clear_cache_namespace('cache_perms', cache_namespace_uid)
                     h.flash(_("Deleted {} cache keys").format(del_keys), category='success')
                     return HTTPFound(h.route_path(
                         'edit_user_caches', user_id=c.user.user_id))

rhodecode/apps/file_store/views.py

0 +22 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             from pyramid.view import view_config
             from pyramid.response import FileResponse
             from pyramid.httpexceptions import HTTPFound, HTTPNotFound
             from rhodecode.apps._base import BaseAppView
             from rhodecode.apps.file_store import utils
             from rhodecode.apps.file_store.exceptions import (
                 FileNotAllowedException, FileOverSizeException)
             from rhodecode.lib import helpers as h
             from rhodecode.lib import audit_logger
             from rhodecode.lib.auth import (
                 CSRFRequired, NotAnonymous, HasRepoPermissionAny, HasRepoGroupPermissionAny,
                 LoginRequired)
+            from rhodecode.lib.vcs.conf.mtypes import get_mimetypes_db
             from rhodecode.model.db import Session, FileStore, UserApiKeys
             log = logging.getLogger(__name__)
             class FileStoreView(BaseAppView):
                 upload_key = 'store_file'
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     self.storage = utils.get_file_storage(self.request.registry.settings)
                     return c
+                def _guess_type(self, file_name):
+                    """
+                    Our own type guesser for mimetypes using the rich DB
+                    """
+                    if not hasattr(self, 'db'):
+                        self.db = get_mimetypes_db()
+                    _content_type, _encoding = self.db.guess_type(file_name, strict=False)
+                    return _content_type, _encoding
                 def _serve_file(self, file_uid):
                     if not self.storage.exists(file_uid):
                         store_path = self.storage.store_path(file_uid)
                         log.debug('File with FID:%s not found in the store under `%s`',
                                   file_uid, store_path)
                         raise HTTPNotFound()
                     db_obj = FileStore().query().filter(FileStore.file_uid == file_uid).scalar()
                     if not db_obj:
                         raise HTTPNotFound()
                     # private upload for user
                     if db_obj.check_acl and db_obj.scope_user_id:
                         log.debug('Artifact: checking scope access for bound artifact user: `%s`',
                                   db_obj.scope_user_id)
                         user = db_obj.user
                         if self._rhodecode_db_user.user_id != user.user_id:
                             log.warning('Access to file store object forbidden')
                             raise HTTPNotFound()
                     # scoped to repository permissions
                     if db_obj.check_acl and db_obj.scope_repo_id:
                         log.debug('Artifact: checking scope access for bound artifact repo: `%s`',
                                   db_obj.scope_repo_id)
                         repo = db_obj.repo
                         perm_set = ['repository.read', 'repository.write', 'repository.admin']
                         has_perm = HasRepoPermissionAny(*perm_set)(repo.repo_name, 'FileStore check')
                         if not has_perm:
                             log.warning('Access to file store object `%s` forbidden', file_uid)
                             raise HTTPNotFound()
                     # scoped to repository group permissions
                     if db_obj.check_acl and db_obj.scope_repo_group_id:
                         log.debug('Artifact: checking scope access for bound artifact repo group: `%s`',
                                   db_obj.scope_repo_group_id)
                         repo_group = db_obj.repo_group
                         perm_set = ['group.read', 'group.write', 'group.admin']
                         has_perm = HasRepoGroupPermissionAny(*perm_set)(repo_group.group_name, 'FileStore check')
                         if not has_perm:
                             log.warning('Access to file store object `%s` forbidden', file_uid)
                             raise HTTPNotFound()
                     FileStore.bump_access_counter(file_uid)
                     file_path = self.storage.store_path(file_uid)
-                    return FileResponse(file_path)
+                    content_type = 'application/octet-stream'
+                    content_encoding = None
+                    _content_type, _encoding = self._guess_type(file_path)
+                    if _content_type:
+                        content_type = _content_type
+                    # For file store we don't submit any session data, this logic tells the
+                    # Session lib to skip it
+                    setattr(self.request, '_file_response', True)
+                    return FileResponse(file_path, request=self.request,
+                                        content_type=content_type, content_encoding=content_encoding)
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 @view_config(route_name='upload_file', request_method='POST', renderer='json_ext')
                 def upload_file(self):
                     self.load_default_context()
                     file_obj = self.request.POST.get(self.upload_key)
                     if file_obj is None:
                         return {'store_fid': None,
                                 'access_path': None,
                                 'error': '{} data field is missing'.format(self.upload_key)}
                     if not hasattr(file_obj, 'filename'):
                         return {'store_fid': None,
                                 'access_path': None,
                                 'error': 'filename cannot be read from the data field'}
                     filename = file_obj.filename
                     metadata = {
                         'user_uploaded': {'username': self._rhodecode_user.username,
                                           'user_id': self._rhodecode_user.user_id,
                                           'ip': self._rhodecode_user.ip_addr}}
                     try:
                         store_uid, metadata = self.storage.save_file(
                             file_obj.file, filename, extra_metadata=metadata)
                     except FileNotAllowedException:
                         return {'store_fid': None,
                                 'access_path': None,
                                 'error': 'File {} is not allowed.'.format(filename)}
                     except FileOverSizeException:
                         return {'store_fid': None,
                                 'access_path': None,
                                 'error': 'File {} is exceeding allowed limit.'.format(filename)}
                     try:
                         entry = FileStore.create(
                             file_uid=store_uid, filename=metadata["filename"],
                             file_hash=metadata["sha256"], file_size=metadata["size"],
                             file_description=u'upload attachment',
                             check_acl=False, user_id=self._rhodecode_user.user_id
                         )
                         Session().add(entry)
                         Session().commit()
                         log.debug('Stored upload in DB as %s', entry)
                     except Exception:
                         log.exception('Failed to store file %s', filename)
                         return {'store_fid': None,
                                 'access_path': None,
                                 'error': 'File {} failed to store in DB.'.format(filename)}
                     return {'store_fid': store_uid,
                             'access_path': h.route_path('download_file', fid=store_uid)}
                 # ACL is checked by scopes, if no scope the file is accessible to all
                 @view_config(route_name='download_file')
                 def download_file(self):
                     self.load_default_context()
                     file_uid = self.request.matchdict['fid']
                     log.debug('Requesting FID:%s from store %s', file_uid, self.storage)
                     return self._serve_file(file_uid)
                 # in addition to @LoginRequired ACL is checked by scopes
                 @LoginRequired(auth_token_access=[UserApiKeys.ROLE_ARTIFACT_DOWNLOAD])
                 @NotAnonymous()
                 @view_config(route_name='download_file_by_token')
                 def download_file_by_token(self):
                     """
                     Special view that allows to access the download file by special URL that
                     is stored inside the URL.
                     http://example.com/_file_store/token-download/TOKEN/FILE_UID
                     """
                     self.load_default_context()
                     file_uid = self.request.matchdict['fid']
                     return self._serve_file(file_uid)

rhodecode/apps/gist/tests/test_admin_gists.py

0 +7 -7

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import mock
             import pytest
             from rhodecode.lib import helpers as h
             from rhodecode.model.db import User, Gist
             from rhodecode.model.gist import GistModel
             from rhodecode.model.meta import Session
             from rhodecode.tests import (
                 TEST_USER_ADMIN_LOGIN, TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS,
                 TestController, assert_session_flash)
             def route_path(name, params=None, **kwargs):
                 import urllib
                 from rhodecode.apps._base import ADMIN_PREFIX
                 base_url = {
                     'gists_show': ADMIN_PREFIX + '/gists',
                     'gists_new': ADMIN_PREFIX + '/gists/new',
                     'gists_create': ADMIN_PREFIX + '/gists/create',
                     'gist_show': ADMIN_PREFIX + '/gists/{gist_id}',
                     'gist_delete': ADMIN_PREFIX + '/gists/{gist_id}/delete',
                     'gist_edit': ADMIN_PREFIX + '/gists/{gist_id}/edit',
                     'gist_edit_check_revision': ADMIN_PREFIX + '/gists/{gist_id}/edit/check_revision',
                     'gist_update': ADMIN_PREFIX + '/gists/{gist_id}/update',
                     'gist_show_rev': ADMIN_PREFIX + '/gists/{gist_id}/{revision}',
                     'gist_show_formatted': ADMIN_PREFIX + '/gists/{gist_id}/{revision}/{format}',
                     'gist_show_formatted_path': ADMIN_PREFIX + '/gists/{gist_id}/{revision}/{format}/{f_path}',
                 }[name].format(**kwargs)
                 if params:
                     base_url = '{}?{}'.format(base_url, urllib.urlencode(params))
                 return base_url
             class GistUtility(object):
                 def __init__(self):
                     self._gist_ids = []
                 def __call__(
                         self, f_name, content='some gist', lifetime=-1,
                         description='gist-desc', gist_type='public',
                         acl_level=Gist.GIST_PUBLIC, owner=TEST_USER_ADMIN_LOGIN):
                     gist_mapping = {
                         f_name: {'content': content}
                     }
                     user = User.get_by_username(owner)
                     gist = GistModel().create(
                         description, owner=user, gist_mapping=gist_mapping,
                         gist_type=gist_type, lifetime=lifetime, gist_acl_level=acl_level)
                     Session().commit()
                     self._gist_ids.append(gist.gist_id)
                     return gist
                 def cleanup(self):
                     for gist_id in self._gist_ids:
                         gist = Gist.get(gist_id)
                         if gist:
                             Session().delete(gist)
                     Session().commit()
             @pytest.fixture()
             def create_gist(request):
                 gist_utility = GistUtility()
                 request.addfinalizer(gist_utility.cleanup)
                 return gist_utility
             class TestGistsController(TestController):
                 def test_index_empty(self, create_gist):
                     self.log_user()
                     response = self.app.get(route_path('gists_show'))
                     response.mustcontain('data: [],')
                 def test_index(self, create_gist):
                     self.log_user()
                     g1 = create_gist('gist1')
                     g2 = create_gist('gist2', lifetime=1400)
                     g3 = create_gist('gist3', description='gist3-desc')
                     g4 = create_gist('gist4', gist_type='private').gist_access_id
                     response = self.app.get(route_path('gists_show'))
-                    response.mustcontain('gist: %s' % g1.gist_access_id)
+                    response.mustcontain(g1.gist_access_id)
-                    response.mustcontain('gist: %s' % g2.gist_access_id)
+                    response.mustcontain(g2.gist_access_id)
-                    response.mustcontain('gist: %s' % g3.gist_access_id)
+                    response.mustcontain(g3.gist_access_id)
                     response.mustcontain('gist3-desc')
-                    response.mustcontain(no=['gist: %s' % g4])
+                    response.mustcontain(no=[g4])
                     # Expiration information should be visible
                     expires_tag = '%s' % h.age_component(
                         h.time_to_utcdatetime(g2.gist_expires))
                     response.mustcontain(expires_tag.replace('"', '\\"'))
                 def test_index_private_gists(self, create_gist):
                     self.log_user()
                     gist = create_gist('gist5', gist_type='private')
                     response = self.app.get(route_path('gists_show', params=dict(private=1)))
                     # and privates
-                    response.mustcontain('gist: %s' % gist.gist_access_id)
+                    response.mustcontain(gist.gist_access_id)
                 def test_index_show_all(self, create_gist):
                     self.log_user()
                     create_gist('gist1')
                     create_gist('gist2', lifetime=1400)
                     create_gist('gist3', description='gist3-desc')
                     create_gist('gist4', gist_type='private')
                     response = self.app.get(route_path('gists_show', params=dict(all=1)))
                     assert len(GistModel.get_all()) == 4
                     # and privates
                     for gist in GistModel.get_all():
-                        response.mustcontain('gist: %s' % gist.gist_access_id)
+                        response.mustcontain(gist.gist_access_id)
                 def test_index_show_all_hidden_from_regular(self, create_gist):
                     self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
                     create_gist('gist2', gist_type='private')
                     create_gist('gist3', gist_type='private')
                     create_gist('gist4', gist_type='private')
                     response = self.app.get(route_path('gists_show', params=dict(all=1)))
                     assert len(GistModel.get_all()) == 3
                     # since we don't have access to private in this view, we
                     # should see nothing
                     for gist in GistModel.get_all():
-                        response.mustcontain(no=['gist: %s' % gist.gist_access_id])
+                        response.mustcontain(no=[gist.gist_access_id])
                 def test_create(self):
                     self.log_user()
                     response = self.app.post(
                         route_path('gists_create'),
                         params={'lifetime': -1,
                                 'content': 'gist test',
                                 'filename': 'foo',
                                 'gist_type': 'public',
                                 'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
                                 'csrf_token': self.csrf_token},
                         status=302)
                     response = response.follow()
                     response.mustcontain('added file: foo')
                     response.mustcontain('gist test')
                 def test_create_with_path_with_dirs(self):
                     self.log_user()
                     response = self.app.post(
                         route_path('gists_create'),
                         params={'lifetime': -1,
                                 'content': 'gist test',
                                 'filename': '/home/foo',
                                 'gist_type': 'public',
                                 'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
                                 'csrf_token': self.csrf_token},
                         status=200)
                     response.mustcontain('Filename /home/foo cannot be inside a directory')
                 def test_access_expired_gist(self, create_gist):
                     self.log_user()
                     gist = create_gist('never-see-me')
                     gist.gist_expires = 0  # 1970
                     Session().add(gist)
                     Session().commit()
                     self.app.get(route_path('gist_show', gist_id=gist.gist_access_id),
                                  status=404)
                 def test_create_private(self):
                     self.log_user()
                     response = self.app.post(
                         route_path('gists_create'),
                         params={'lifetime': -1,
                                 'content': 'private gist test',
                                 'filename': 'private-foo',
                                 'gist_type': 'private',
                                 'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
                                 'csrf_token': self.csrf_token},
                         status=302)
                     response = response.follow()
                     response.mustcontain('added file: private-foo<')
                     response.mustcontain('private gist test')
                     response.mustcontain('Private Gist')
                     # Make sure private gists are not indexed by robots
                     response.mustcontain(
                         '<meta name="robots" content="noindex, nofollow">')
                 def test_create_private_acl_private(self):
                     self.log_user()
                     response = self.app.post(
                         route_path('gists_create'),
                         params={'lifetime': -1,
                                 'content': 'private gist test',
                                 'filename': 'private-foo',
                                 'gist_type': 'private',
                                 'gist_acl_level': Gist.ACL_LEVEL_PRIVATE,
                                 'csrf_token': self.csrf_token},
                         status=302)
                     response = response.follow()
                     response.mustcontain('added file: private-foo<')
                     response.mustcontain('private gist test')
                     response.mustcontain('Private Gist')
                     # Make sure private gists are not indexed by robots
                     response.mustcontain(
                         '<meta name="robots" content="noindex, nofollow">')
                 def test_create_with_description(self):
                     self.log_user()
                     response = self.app.post(
                         route_path('gists_create'),
                         params={'lifetime': -1,
                                 'content': 'gist test',
                                 'filename': 'foo-desc',
                                 'description': 'gist-desc',
                                 'gist_type': 'public',
                                 'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
                                 'csrf_token': self.csrf_token},
                          status=302)
                     response = response.follow()
                     response.mustcontain('added file: foo-desc')
                     response.mustcontain('gist test')
                     response.mustcontain('gist-desc')
                 def test_create_public_with_anonymous_access(self):
                     self.log_user()
                     params = {
                         'lifetime': -1,
                         'content': 'gist test',
                         'filename': 'foo-desc',
                         'description': 'gist-desc',
                         'gist_type': 'public',
                         'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
                         'csrf_token': self.csrf_token
                     }
                     response = self.app.post(
                         route_path('gists_create'), params=params, status=302)
                     self.logout_user()
                     response = response.follow()
                     response.mustcontain('added file: foo-desc')
                     response.mustcontain('gist test')
                     response.mustcontain('gist-desc')
                 def test_new(self):
                     self.log_user()
                     self.app.get(route_path('gists_new'))
                 def test_delete(self, create_gist):
                     self.log_user()
                     gist = create_gist('delete-me')
                     response = self.app.post(
                         route_path('gist_delete', gist_id=gist.gist_id),
                         params={'csrf_token': self.csrf_token})
                     assert_session_flash(response, 'Deleted gist %s' % gist.gist_id)
                 def test_delete_normal_user_his_gist(self, create_gist):
                     self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
                     gist = create_gist('delete-me', owner=TEST_USER_REGULAR_LOGIN)
                     response = self.app.post(
                         route_path('gist_delete', gist_id=gist.gist_id),
                         params={'csrf_token': self.csrf_token})
                     assert_session_flash(response, 'Deleted gist %s' % gist.gist_id)
                 def test_delete_normal_user_not_his_own_gist(self, create_gist):
                     self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
                     gist = create_gist('delete-me-2')
                     self.app.post(
                         route_path('gist_delete', gist_id=gist.gist_id),
                         params={'csrf_token': self.csrf_token}, status=404)
                 def test_show(self, create_gist):
                     gist = create_gist('gist-show-me')
                     response = self.app.get(route_path('gist_show', gist_id=gist.gist_access_id))
                     response.mustcontain('added file: gist-show-me<')
                     assert_response = response.assert_response()
                     assert_response.element_equals_to(
                         'div.rc-user span.user',
                         '<a href="/_profiles/test_admin">test_admin</a></span>')
                     response.mustcontain('gist-desc')
                 def test_show_without_hg(self, create_gist):
                     with mock.patch(
                             'rhodecode.lib.vcs.settings.ALIASES', ['git']):
                         gist = create_gist('gist-show-me-again')
                         self.app.get(
                             route_path('gist_show', gist_id=gist.gist_access_id), status=200)
                 def test_show_acl_private(self, create_gist):
                     gist = create_gist('gist-show-me-only-when-im-logged-in',
                                        acl_level=Gist.ACL_LEVEL_PRIVATE)
                     self.app.get(
                         route_path('gist_show', gist_id=gist.gist_access_id), status=404)
                     # now we log-in we should see thi gist
                     self.log_user()
                     response = self.app.get(
                         route_path('gist_show', gist_id=gist.gist_access_id))
                     response.mustcontain('added file: gist-show-me-only-when-im-logged-in')
                     assert_response = response.assert_response()
                     assert_response.element_equals_to(
                         'div.rc-user span.user',
                         '<a href="/_profiles/test_admin">test_admin</a></span>')
                     response.mustcontain('gist-desc')
                 def test_show_as_raw(self, create_gist):
                     gist = create_gist('gist-show-me', content='GIST CONTENT')
                     response = self.app.get(
                         route_path('gist_show_formatted',
                                    gist_id=gist.gist_access_id, revision='tip',
                                    format='raw'))
                     assert response.body == 'GIST CONTENT'
                 def test_show_as_raw_individual_file(self, create_gist):
                     gist = create_gist('gist-show-me-raw', content='GIST BODY')
                     response = self.app.get(
                         route_path('gist_show_formatted_path',
                                    gist_id=gist.gist_access_id, format='raw',
                                    revision='tip', f_path='gist-show-me-raw'))
                     assert response.body == 'GIST BODY'
                 def test_edit_page(self, create_gist):
                     self.log_user()
                     gist = create_gist('gist-for-edit', content='GIST EDIT BODY')
                     response = self.app.get(route_path('gist_edit', gist_id=gist.gist_access_id))
                     response.mustcontain('GIST EDIT BODY')
                 def test_edit_page_non_logged_user(self, create_gist):
                     gist = create_gist('gist-for-edit', content='GIST EDIT BODY')
                     self.app.get(route_path('gist_edit', gist_id=gist.gist_access_id),
                                  status=302)
                 def test_edit_normal_user_his_gist(self, create_gist):
                     self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
                     gist = create_gist('gist-for-edit', owner=TEST_USER_REGULAR_LOGIN)
                     self.app.get(route_path('gist_edit', gist_id=gist.gist_access_id,
                                             status=200))
                 def test_edit_normal_user_not_his_own_gist(self, create_gist):
                     self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
                     gist = create_gist('delete-me')
                     self.app.get(route_path('gist_edit', gist_id=gist.gist_access_id),
                                  status=404)
                 def test_user_first_name_is_escaped(self, user_util, create_gist):
                     xss_atack_string = '"><script>alert(\'First Name\')</script>'
                     xss_escaped_string = h.html_escape(h.escape(xss_atack_string))
                     password = 'test'
                     user = user_util.create_user(
                         firstname=xss_atack_string, password=password)
                     create_gist('gist', gist_type='public', owner=user.username)
                     response = self.app.get(route_path('gists_show'))
                     response.mustcontain(xss_escaped_string)
                 def test_user_last_name_is_escaped(self, user_util, create_gist):
                     xss_atack_string = '"><script>alert(\'Last Name\')</script>'
                     xss_escaped_string = h.html_escape(h.escape(xss_atack_string))
                     password = 'test'
                     user = user_util.create_user(
                         lastname=xss_atack_string, password=password)
                     create_gist('gist', gist_type='public', owner=user.username)
                     response = self.app.get(route_path('gists_show'))
                     response.mustcontain(xss_escaped_string)

rhodecode/apps/home/tests/__init__.py

0 +1 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             def assert_and_get_main_filter_content(result):
                 repos = []
                 groups = []
                 commits = []
                 users = []
                 for data_item in result:
                     assert data_item['id']
                     assert data_item['value']
                     assert data_item['value_display']
                     assert data_item['url']
                     if data_item['type'] == 'search':
                         display_val = data_item['value_display']
                         if data_item['id'] == -1:
-                            assert 'File search for:' in display_val, display_val
+                            assert 'File content search for:' in display_val, display_val
                         elif data_item['id'] == -2:
                             assert 'Commit search for:' in display_val, display_val
                         else:
                             assert False, 'No Proper ID returned {}'.format(data_item['id'])
                     elif data_item['type'] == 'repo':
                         repos.append(data_item)
                     elif data_item['type'] == 'repo_group':
                         groups.append(data_item)
                     elif data_item['type'] == 'user':
                         users.append(data_item)
                     elif data_item['type'] == 'commit':
                         commits.append(data_item)
                     else:
                         raise Exception('invalid type `%s`' % data_item['type'])
                 return repos, groups, users, commits
             def assert_and_get_repo_list_content(result):
                 repos = []
                 for data in result:
                     for data_item in data['children']:
                         assert data_item['id']
                         assert data_item['text']
                         assert data_item['url']
                         if data_item['type'] == 'repo':
                             repos.append(data_item)
                         else:
                             raise Exception('invalid type %s' % data_item['type'])
                 return repos

rhodecode/apps/home/views.py

0 +3 -3

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import re
             import logging
             import collections
             from pyramid.httpexceptions import HTTPNotFound
             from pyramid.view import view_config
             from rhodecode.apps._base import BaseAppView, DataGridAppView
             from rhodecode.lib import helpers as h
             from rhodecode.lib.auth import (
                 LoginRequired, NotAnonymous, HasRepoGroupPermissionAnyDecorator, CSRFRequired,
                 HasRepoGroupPermissionAny, AuthUser)
             from rhodecode.lib.codeblocks import filenode_as_lines_tokens
             from rhodecode.lib.index import searcher_from_config
             from rhodecode.lib.utils2 import safe_unicode, str2bool, safe_int
             from rhodecode.lib.vcs.nodes import FileNode
             from rhodecode.model.db import (
                 func, true, or_, case, in_filter_generator, Session,
                 Repository, RepoGroup, User, UserGroup)
             from rhodecode.model.repo import RepoModel
             from rhodecode.model.repo_group import RepoGroupModel
             from rhodecode.model.user import UserModel
             from rhodecode.model.user_group import UserGroupModel
             log = logging.getLogger(__name__)
             class HomeView(BaseAppView, DataGridAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     c.user = c.auth_user.get_instance()
                     return c
                 @LoginRequired()
                 @view_config(
                     route_name='user_autocomplete_data', request_method='GET',
                     renderer='json_ext', xhr=True)
                 def user_autocomplete_data(self):
                     self.load_default_context()
                     query = self.request.GET.get('query')
                     active = str2bool(self.request.GET.get('active') or True)
                     include_groups = str2bool(self.request.GET.get('user_groups'))
                     expand_groups = str2bool(self.request.GET.get('user_groups_expand'))
                     skip_default_user = str2bool(self.request.GET.get('skip_default_user'))
                     log.debug('generating user list, query:%s, active:%s, with_groups:%s',
                               query, active, include_groups)
                     _users = UserModel().get_users(
                         name_contains=query, only_active=active)
                     def maybe_skip_default_user(usr):
                         if skip_default_user and usr['username'] == UserModel.cls.DEFAULT_USER:
                             return False
                         return True
                     _users = filter(maybe_skip_default_user, _users)
                     if include_groups:
                         # extend with user groups
                         _user_groups = UserGroupModel().get_user_groups(
                             name_contains=query, only_active=active,
                             expand_groups=expand_groups)
                         _users = _users + _user_groups
                     return {'suggestions': _users}
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='user_group_autocomplete_data', request_method='GET',
                     renderer='json_ext', xhr=True)
                 def user_group_autocomplete_data(self):
                     self.load_default_context()
                     query = self.request.GET.get('query')
                     active = str2bool(self.request.GET.get('active') or True)
                     expand_groups = str2bool(self.request.GET.get('user_groups_expand'))
                     log.debug('generating user group list, query:%s, active:%s',
                               query, active)
                     _user_groups = UserGroupModel().get_user_groups(
                         name_contains=query, only_active=active,
                         expand_groups=expand_groups)
                     _user_groups = _user_groups
                     return {'suggestions': _user_groups}
                 def _get_repo_list(self, name_contains=None, repo_type=None, repo_group_name='', limit=20):
                     org_query = name_contains
                     allowed_ids = self._rhodecode_user.repo_acl_ids(
                         ['repository.read', 'repository.write', 'repository.admin'],
                         cache=False, name_filter=name_contains) or [-1]
                     query = Session().query(
                             Repository.repo_name,
                             Repository.repo_id,
                             Repository.repo_type,
                             Repository.private,
                         )\
                         .filter(Repository.archived.isnot(true()))\
                         .filter(or_(
                             # generate multiple IN to fix limitation problems
                             *in_filter_generator(Repository.repo_id, allowed_ids)
                         ))
                     query = query.order_by(case(
                         [
                             (Repository.repo_name.startswith(repo_group_name), repo_group_name+'/'),
                         ],
                     ))
                     query = query.order_by(func.length(Repository.repo_name))
                     query = query.order_by(Repository.repo_name)
                     if repo_type:
                         query = query.filter(Repository.repo_type == repo_type)
                     if name_contains:
                         ilike_expression = u'%{}%'.format(safe_unicode(name_contains))
                         query = query.filter(
                             Repository.repo_name.ilike(ilike_expression))
                         query = query.limit(limit)
                     acl_iter = query
                     return [
                         {
                             'id': obj.repo_name,
                             'value': org_query,
                             'value_display': obj.repo_name,
                             'text': obj.repo_name,
                             'type': 'repo',
                             'repo_id': obj.repo_id,
                             'repo_type': obj.repo_type,
                             'private': obj.private,
                             'url': h.route_path('repo_summary', repo_name=obj.repo_name)
                         }
                         for obj in acl_iter]
                 def _get_repo_group_list(self, name_contains=None, repo_group_name='', limit=20):
                     org_query = name_contains
                     allowed_ids = self._rhodecode_user.repo_group_acl_ids(
                         ['group.read', 'group.write', 'group.admin'],
                         cache=False, name_filter=name_contains) or [-1]
                     query = Session().query(
                             RepoGroup.group_id,
                             RepoGroup.group_name,
                         )\
                         .filter(or_(
                             # generate multiple IN to fix limitation problems
                             *in_filter_generator(RepoGroup.group_id, allowed_ids)
                         ))
                     query = query.order_by(case(
                         [
                             (RepoGroup.group_name.startswith(repo_group_name), repo_group_name+'/'),
                         ],
                     ))
                     query = query.order_by(func.length(RepoGroup.group_name))
                     query = query.order_by(RepoGroup.group_name)
                     if name_contains:
                         ilike_expression = u'%{}%'.format(safe_unicode(name_contains))
                         query = query.filter(
                             RepoGroup.group_name.ilike(ilike_expression))
                         query = query.limit(limit)
                     acl_iter = query
                     return [
                         {
                             'id': obj.group_name,
                             'value': org_query,
                             'value_display': obj.group_name,
                             'text': obj.group_name,
                             'type': 'repo_group',
                             'repo_group_id': obj.group_id,
                             'url': h.route_path(
                                 'repo_group_home', repo_group_name=obj.group_name)
                         }
                         for obj in acl_iter]
                 def _get_user_list(self, name_contains=None, limit=20):
                     org_query = name_contains
                     if not name_contains:
                         return [], False
                     # TODO(marcink): should all logged in users be allowed to search others?
                     allowed_user_search = self._rhodecode_user.username != User.DEFAULT_USER
                     if not allowed_user_search:
                         return [], False
                     name_contains = re.compile('(?:user:[ ]?)(.+)').findall(name_contains)
                     if len(name_contains) != 1:
                         return [], False
                     name_contains = name_contains[0]
                     query = User.query()\
                         .order_by(func.length(User.username))\
                         .order_by(User.username) \
                         .filter(User.username != User.DEFAULT_USER)
                     if name_contains:
                         ilike_expression = u'%{}%'.format(safe_unicode(name_contains))
                         query = query.filter(
                             User.username.ilike(ilike_expression))
                         query = query.limit(limit)
                     acl_iter = query
                     return [
                         {
                             'id': obj.user_id,
                             'value': org_query,
                             'value_display': 'user: `{}`'.format(obj.username),
                             'type': 'user',
                             'icon_link': h.gravatar_url(obj.email, 30),
                             'url': h.route_path(
                                 'user_profile', username=obj.username)
                         }
                         for obj in acl_iter], True
                 def _get_user_groups_list(self, name_contains=None, limit=20):
                     org_query = name_contains
                     if not name_contains:
                         return [], False
                     # TODO(marcink): should all logged in users be allowed to search others?
                     allowed_user_search = self._rhodecode_user.username != User.DEFAULT_USER
                     if not allowed_user_search:
                         return [], False
                     name_contains = re.compile('(?:user_group:[ ]?)(.+)').findall(name_contains)
                     if len(name_contains) != 1:
                         return [], False
                     name_contains = name_contains[0]
                     query = UserGroup.query()\
                         .order_by(func.length(UserGroup.users_group_name))\
                         .order_by(UserGroup.users_group_name)
                     if name_contains:
                         ilike_expression = u'%{}%'.format(safe_unicode(name_contains))
                         query = query.filter(
                             UserGroup.users_group_name.ilike(ilike_expression))
                         query = query.limit(limit)
                     acl_iter = query
                     return [
                         {
                             'id': obj.users_group_id,
                             'value': org_query,
                             'value_display': 'user_group: `{}`'.format(obj.users_group_name),
                             'type': 'user_group',
                             'url': h.route_path(
                                 'user_group_profile', user_group_name=obj.users_group_name)
                         }
                         for obj in acl_iter], True
                 def _get_hash_commit_list(self, auth_user, searcher, query, repo=None, repo_group=None):
                     repo_name = repo_group_name = None
                     if repo:
                         repo_name = repo.repo_name
                     if repo_group:
                         repo_group_name = repo_group.group_name
                     org_query = query
                     if not query or len(query) < 3 or not searcher:
                         return [], False
                     commit_hashes = re.compile('(?:commit:[ ]?)([0-9a-f]{2,40})').findall(query)
                     if len(commit_hashes) != 1:
                         return [], False
                     commit_hash = commit_hashes[0]
                     result = searcher.search(
                         'commit_id:{}*'.format(commit_hash), 'commit', auth_user,
                         repo_name, repo_group_name, raise_on_exc=False)
                     commits = []
                     for entry in result['results']:
                         repo_data = {
                             'repository_id': entry.get('repository_id'),
                             'repository_type': entry.get('repo_type'),
                             'repository_name': entry.get('repository'),
                         }
                         commit_entry = {
                             'id': entry['commit_id'],
                             'value': org_query,
                             'value_display': '`{}` commit: {}'.format(
                                 entry['repository'], entry['commit_id']),
                             'type': 'commit',
                             'repo': entry['repository'],
                             'repo_data': repo_data,
                             'url': h.route_path(
                                 'repo_commit',
                                 repo_name=entry['repository'], commit_id=entry['commit_id'])
                         }
                         commits.append(commit_entry)
                     return commits, True
                 def _get_path_list(self, auth_user, searcher, query, repo=None, repo_group=None):
                     repo_name = repo_group_name = None
                     if repo:
                         repo_name = repo.repo_name
                     if repo_group:
                         repo_group_name = repo_group.group_name
                     org_query = query
                     if not query or len(query) < 3 or not searcher:
                         return [], False
                     paths_re = re.compile('(?:file:[ ]?)(.+)').findall(query)
                     if len(paths_re) != 1:
                         return [], False
                     file_path = paths_re[0]
                     search_path = searcher.escape_specials(file_path)
                     result = searcher.search(
                         'file.raw:*{}*'.format(search_path), 'path', auth_user,
                         repo_name, repo_group_name, raise_on_exc=False)
                     files = []
                     for entry in result['results']:
                         repo_data = {
                             'repository_id': entry.get('repository_id'),
                             'repository_type': entry.get('repo_type'),
                             'repository_name': entry.get('repository'),
                         }
                         file_entry = {
                             'id': entry['commit_id'],
                             'value': org_query,
                             'value_display': '`{}` file: {}'.format(
                                 entry['repository'], entry['file']),
                             'type': 'file',
                             'repo': entry['repository'],
                             'repo_data': repo_data,
                             'url': h.route_path(
                                 'repo_files',
                                 repo_name=entry['repository'], commit_id=entry['commit_id'],
                                 f_path=entry['file'])
                         }
                         files.append(file_entry)
                     return files, True
                 @LoginRequired()
                 @view_config(
                     route_name='repo_list_data', request_method='GET',
                     renderer='json_ext', xhr=True)
                 def repo_list_data(self):
                     _ = self.request.translate
                     self.load_default_context()
                     query = self.request.GET.get('query')
                     repo_type = self.request.GET.get('repo_type')
                     log.debug('generating repo list, query:%s, repo_type:%s',
                               query, repo_type)
                     res = []
                     repos = self._get_repo_list(query, repo_type=repo_type)
                     if repos:
                         res.append({
                             'text': _('Repositories'),
                             'children': repos
                         })
                     data = {
                         'more': False,
                         'results': res
                     }
                     return data
                 @LoginRequired()
                 @view_config(
                     route_name='repo_group_list_data', request_method='GET',
                     renderer='json_ext', xhr=True)
                 def repo_group_list_data(self):
                     _ = self.request.translate
                     self.load_default_context()
                     query = self.request.GET.get('query')
                     log.debug('generating repo group list, query:%s',
                               query)
                     res = []
                     repo_groups = self._get_repo_group_list(query)
                     if repo_groups:
                         res.append({
                             'text': _('Repository Groups'),
                             'children': repo_groups
                         })
                     data = {
                         'more': False,
                         'results': res
                     }
                     return data
                 def _get_default_search_queries(self, search_context, searcher, query):
                     if not searcher:
                         return []
                     is_es_6 = searcher.is_es_6
                     queries = []
                     repo_group_name, repo_name, repo_context = None, None, None
                     # repo group context
                     if search_context.get('search_context[repo_group_name]'):
                         repo_group_name = search_context.get('search_context[repo_group_name]')
                     if search_context.get('search_context[repo_name]'):
                         repo_name = search_context.get('search_context[repo_name]')
                         repo_context = search_context.get('search_context[repo_view_type]')
                     if is_es_6 and repo_name:
                         # files
                         def query_modifier():
                             qry = query
                             return {'q': qry, 'type': 'content'}
-                        label = u'File search for `{}`'.format(h.escape(query))
+                        label = u'File content search for `{}`'.format(h.escape(query))
                         file_qry = {
                             'id': -10,
                             'value': query,
                             'value_display': label,
                             'value_icon': '<i class="icon-code"></i>',
                             'type': 'search',
                             'subtype': 'repo',
                             'url': h.route_path('search_repo',
                                                 repo_name=repo_name,
                                                 _query=query_modifier())
                             }
                         # commits
                         def query_modifier():
                             qry = query
                             return {'q': qry, 'type': 'commit'}
                         label = u'Commit search for `{}`'.format(h.escape(query))
                         commit_qry = {
                             'id': -20,
                             'value': query,
                             'value_display': label,
                             'value_icon': '<i class="icon-history"></i>',
                             'type': 'search',
                             'subtype': 'repo',
                             'url': h.route_path('search_repo',
                                                 repo_name=repo_name,
                                                 _query=query_modifier())
                             }
                         if repo_context in ['commit', 'commits']:
                             queries.extend([commit_qry, file_qry])
                         elif repo_context in ['files', 'summary']:
                             queries.extend([file_qry, commit_qry])
                         else:
                             queries.extend([commit_qry, file_qry])
                     elif is_es_6 and repo_group_name:
                         # files
                         def query_modifier():
                             qry = query
                             return {'q': qry, 'type': 'content'}
-                        label = u'File search for `{}`'.format(query)
+                        label = u'File content search for `{}`'.format(query)
                         file_qry = {
                             'id': -30,
                             'value': query,
                             'value_display': label,
                             'value_icon': '<i class="icon-code"></i>',
                             'type': 'search',
                             'subtype': 'repo_group',
                             'url': h.route_path('search_repo_group',
                                                 repo_group_name=repo_group_name,
                                                 _query=query_modifier())
                             }
                         # commits
                         def query_modifier():
                             qry = query
                             return {'q': qry, 'type': 'commit'}
                         label = u'Commit search for `{}`'.format(query)
                         commit_qry = {
                             'id': -40,
                             'value': query,
                             'value_display': label,
                             'value_icon': '<i class="icon-history"></i>',
                             'type': 'search',
                             'subtype': 'repo_group',
                             'url': h.route_path('search_repo_group',
                                                 repo_group_name=repo_group_name,
                                                 _query=query_modifier())
                             }
                         if repo_context in ['commit', 'commits']:
                             queries.extend([commit_qry, file_qry])
                         elif repo_context in ['files', 'summary']:
                             queries.extend([file_qry, commit_qry])
                         else:
                             queries.extend([commit_qry, file_qry])
                     # Global, not scoped
                     if not queries:
                         queries.append(
                             {
                                 'id': -1,
                                 'value': query,
-                                'value_display': u'File search for: `{}`'.format(query),
+                                'value_display': u'File content search for: `{}`'.format(query),
                                 'value_icon': '<i class="icon-code"></i>',
                                 'type': 'search',
                                 'subtype': 'global',
                                 'url': h.route_path('search',
                                                     _query={'q': query, 'type': 'content'})
                             })
                         queries.append(
                             {
                                 'id': -2,
                                 'value': query,
                                 'value_display': u'Commit search for: `{}`'.format(query),
                                 'value_icon': '<i class="icon-history"></i>',
                                 'type': 'search',
                                 'subtype': 'global',
                                 'url': h.route_path('search',
                                                     _query={'q': query, 'type': 'commit'})
                             })
                     return queries
                 @LoginRequired()
                 @view_config(
                     route_name='goto_switcher_data', request_method='GET',
                     renderer='json_ext', xhr=True)
                 def goto_switcher_data(self):
                     c = self.load_default_context()
                     _ = self.request.translate
                     query = self.request.GET.get('query')
                     log.debug('generating main filter data, query %s', query)
                     res = []
                     if not query:
                         return {'suggestions': res}
                     def no_match(name):
                         return {
                             'id': -1,
                             'value': "",
                             'value_display': name,
                             'type': 'text',
                             'url': ""
                         }
                     searcher = searcher_from_config(self.request.registry.settings)
                     has_specialized_search = False
                     # set repo context
                     repo = None
                     repo_id = safe_int(self.request.GET.get('search_context[repo_id]'))
                     if repo_id:
                         repo = Repository.get(repo_id)
                     # set group context
                     repo_group = None
                     repo_group_id = safe_int(self.request.GET.get('search_context[repo_group_id]'))
                     if repo_group_id:
                         repo_group = RepoGroup.get(repo_group_id)
                     prefix_match = False
                     # user: type search
                     if not prefix_match:
                         users, prefix_match = self._get_user_list(query)
                         if users:
                             has_specialized_search = True
                             for serialized_user in users:
                                 res.append(serialized_user)
                         elif prefix_match:
                             has_specialized_search = True
                             res.append(no_match('No matching users found'))
                     # user_group: type search
                     if not prefix_match:
                         user_groups, prefix_match = self._get_user_groups_list(query)
                         if user_groups:
                             has_specialized_search = True
                             for serialized_user_group in user_groups:
                                 res.append(serialized_user_group)
                         elif prefix_match:
                             has_specialized_search = True
                             res.append(no_match('No matching user groups found'))
                     # FTS commit: type search
                     if not prefix_match:
                         commits, prefix_match = self._get_hash_commit_list(
                             c.auth_user, searcher, query, repo, repo_group)
                         if commits:
                             has_specialized_search = True
                             unique_repos = collections.OrderedDict()
                             for commit in commits:
                                 repo_name = commit['repo']
                                 unique_repos.setdefault(repo_name, []).append(commit)
                             for _repo, commits in unique_repos.items():
                                 for commit in commits:
                                     res.append(commit)
                         elif prefix_match:
                             has_specialized_search = True
                             res.append(no_match('No matching commits found'))
                     # FTS file: type search
                     if not prefix_match:
                         paths, prefix_match = self._get_path_list(
                             c.auth_user, searcher, query, repo, repo_group)
                         if paths:
                             has_specialized_search = True
                             unique_repos = collections.OrderedDict()
                             for path in paths:
                                 repo_name = path['repo']
                                 unique_repos.setdefault(repo_name, []).append(path)
                             for repo, paths in unique_repos.items():
                                 for path in paths:
                                     res.append(path)
                         elif prefix_match:
                             has_specialized_search = True
                             res.append(no_match('No matching files found'))
                     # main suggestions
                     if not has_specialized_search:
                         repo_group_name = ''
                         if repo_group:
                             repo_group_name = repo_group.group_name
                         for _q in self._get_default_search_queries(self.request.GET, searcher, query):
                             res.append(_q)
                         repo_groups = self._get_repo_group_list(query, repo_group_name=repo_group_name)
                         for serialized_repo_group in repo_groups:
                             res.append(serialized_repo_group)
                         repos = self._get_repo_list(query, repo_group_name=repo_group_name)
                         for serialized_repo in repos:
                             res.append(serialized_repo)
                         if not repos and not repo_groups:
                             res.append(no_match('No matches found'))
                     return {'suggestions': res}
                 @LoginRequired()
                 @view_config(
                     route_name='home', request_method='GET',
                     renderer='rhodecode:templates/index.mako')
                 def main_page(self):
                     c = self.load_default_context()
                     c.repo_group = None
                     return self._get_template_context(c)
                 def _main_page_repo_groups_data(self, repo_group_id):
                     column_map = {
                         'name': 'group_name_hash',
                         'desc': 'group_description',
                         'last_change': 'updated_on',
                         'owner': 'user_username',
                     }
                     draw, start, limit = self._extract_chunk(self.request)
                     search_q, order_by, order_dir = self._extract_ordering(
                         self.request, column_map=column_map)
                     return RepoGroupModel().get_repo_groups_data_table(
                         draw, start, limit,
                         search_q, order_by, order_dir,
                         self._rhodecode_user, repo_group_id)
                 def _main_page_repos_data(self, repo_group_id):
                     column_map = {
                         'name': 'repo_name',
                         'desc': 'description',
                         'last_change': 'updated_on',
                         'owner': 'user_username',
                     }
                     draw, start, limit = self._extract_chunk(self.request)
                     search_q, order_by, order_dir = self._extract_ordering(
                         self.request, column_map=column_map)
                     return RepoModel().get_repos_data_table(
                         draw, start, limit,
                         search_q, order_by, order_dir,
                         self._rhodecode_user, repo_group_id)
                 @LoginRequired()
                 @view_config(
                     route_name='main_page_repo_groups_data',
                     request_method='GET', renderer='json_ext', xhr=True)
                 def main_page_repo_groups_data(self):
                     self.load_default_context()
                     repo_group_id = safe_int(self.request.GET.get('repo_group_id'))
                     if repo_group_id:
                         group = RepoGroup.get_or_404(repo_group_id)
                         _perms = AuthUser.repo_group_read_perms
                         if not HasRepoGroupPermissionAny(*_perms)(
                                 group.group_name, 'user is allowed to list repo group children'):
                             raise HTTPNotFound()
                     return self._main_page_repo_groups_data(repo_group_id)
                 @LoginRequired()
                 @view_config(
                     route_name='main_page_repos_data',
                     request_method='GET', renderer='json_ext', xhr=True)
                 def main_page_repos_data(self):
                     self.load_default_context()
                     repo_group_id = safe_int(self.request.GET.get('repo_group_id'))
                     if repo_group_id:
                         group = RepoGroup.get_or_404(repo_group_id)
                         _perms = AuthUser.repo_group_read_perms
                         if not HasRepoGroupPermissionAny(*_perms)(
                                 group.group_name, 'user is allowed to list repo group children'):
                             raise HTTPNotFound()
                     return self._main_page_repos_data(repo_group_id)
                 @LoginRequired()
                 @HasRepoGroupPermissionAnyDecorator(*AuthUser.repo_group_read_perms)
                 @view_config(
                     route_name='repo_group_home', request_method='GET',
                     renderer='rhodecode:templates/index_repo_group.mako')
                 @view_config(
                     route_name='repo_group_home_slash', request_method='GET',
                     renderer='rhodecode:templates/index_repo_group.mako')
                 def repo_group_main_page(self):
                     c = self.load_default_context()
                     c.repo_group = self.request.db_repo_group
                     return self._get_template_context(c)
                 @LoginRequired()
                 @CSRFRequired()
                 @view_config(
                     route_name='markup_preview', request_method='POST',
                     renderer='string', xhr=True)
                 def markup_preview(self):
                     # Technically a CSRF token is not needed as no state changes with this
                     # call. However, as this is a POST is better to have it, so automated
                     # tools don't flag it as potential CSRF.
                     # Post is required because the payload could be bigger than the maximum
                     # allowed by GET.
                     text = self.request.POST.get('text')
                     renderer = self.request.POST.get('renderer') or 'rst'
                     if text:
                         return h.render(text, renderer=renderer, mentions=True)
                     return ''
                 @LoginRequired()
                 @CSRFRequired()
                 @view_config(
                     route_name='file_preview', request_method='POST',
                     renderer='string', xhr=True)
                 def file_preview(self):
                     # Technically a CSRF token is not needed as no state changes with this
                     # call. However, as this is a POST is better to have it, so automated
                     # tools don't flag it as potential CSRF.
                     # Post is required because the payload could be bigger than the maximum
                     # allowed by GET.
                     text = self.request.POST.get('text')
                     file_path = self.request.POST.get('file_path')
                     renderer = h.renderer_from_filename(file_path)
                     if renderer:
                         return h.render(text, renderer=renderer, mentions=True)
                     else:
                         self.load_default_context()
                         _render = self.request.get_partial_renderer(
                             'rhodecode:templates/files/file_content.mako')
                         lines = filenode_as_lines_tokens(FileNode(file_path, text))
                         return _render('render_lines', lines)
                 @LoginRequired()
                 @CSRFRequired()
                 @view_config(
                     route_name='store_user_session_value', request_method='POST',
                     renderer='string', xhr=True)
                 def store_user_session_attr(self):
                     key = self.request.POST.get('key')
                     val = self.request.POST.get('val')
                     existing_value = self.request.session.get(key)
                     if existing_value != val:
                         self.request.session[key] = val
                     return 'stored:{}:{}'.format(key, val)

rhodecode/apps/hovercards/__init__.py

0 +4 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2018-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             def includeme(config):
                 config.add_route(
                     name='hovercard_user',
                     pattern='/_hovercard/user/{user_id}')
                 config.add_route(
+                    name='hovercard_username',
+                    pattern='/_hovercard/username/{username}')
+                config.add_route(
                     name='hovercard_user_group',
                     pattern='/_hovercard/user_group/{user_group_id}')
                 config.add_route(
                     name='hovercard_pull_request',
                     pattern='/_hovercard/pull_request/{pull_request_id}')
                 config.add_route(
                     name='hovercard_repo_commit',
                     pattern='/_hovercard/commit/{repo_name:.*?[^/]}/{commit_id}', repo_route=True)
                 # Scan module for configuration decorators.
                 config.scan('.views', ignore='.tests')

rhodecode/apps/hovercards/views.py

0 +13 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import re
             import logging
             import collections
             from pyramid.httpexceptions import HTTPNotFound
             from pyramid.view import view_config
             from rhodecode.apps._base import BaseAppView, RepoAppView
             from rhodecode.lib import helpers as h
             from rhodecode.lib.auth import (
                 LoginRequired, NotAnonymous, HasRepoGroupPermissionAnyDecorator, CSRFRequired,
                 HasRepoPermissionAnyDecorator)
             from rhodecode.lib.codeblocks import filenode_as_lines_tokens
             from rhodecode.lib.index import searcher_from_config
             from rhodecode.lib.utils2 import safe_unicode, str2bool, safe_int
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.vcs.exceptions import CommitDoesNotExistError, EmptyRepositoryError
             from rhodecode.lib.vcs.nodes import FileNode
             from rhodecode.model.db import (
                 func, true, or_, case, in_filter_generator, Repository, RepoGroup, User, UserGroup, PullRequest)
             from rhodecode.model.repo import RepoModel
             from rhodecode.model.repo_group import RepoGroupModel
             from rhodecode.model.scm import RepoGroupList, RepoList
             from rhodecode.model.user import UserModel
             from rhodecode.model.user_group import UserGroupModel
             log = logging.getLogger(__name__)
             class HoverCardsView(BaseAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     return c
                 @LoginRequired()
                 @view_config(
                     route_name='hovercard_user', request_method='GET', xhr=True,
                     renderer='rhodecode:templates/hovercards/hovercard_user.mako')
                 def hovercard_user(self):
                     c = self.load_default_context()
                     user_id = self.request.matchdict['user_id']
                     c.user = User.get_or_404(user_id)
                     return self._get_template_context(c)
                 @LoginRequired()
                 @view_config(
+                    route_name='hovercard_username', request_method='GET', xhr=True,
+                    renderer='rhodecode:templates/hovercards/hovercard_user.mako')
+                def hovercard_username(self):
+                    c = self.load_default_context()
+                    username = self.request.matchdict['username']
+                    c.user = User.get_by_username(username)
+                    if not c.user:
+                        raise HTTPNotFound()
+                    return self._get_template_context(c)
+                @LoginRequired()
+                @view_config(
                     route_name='hovercard_user_group', request_method='GET', xhr=True,
                     renderer='rhodecode:templates/hovercards/hovercard_user_group.mako')
                 def hovercard_user_group(self):
                     c = self.load_default_context()
                     user_group_id = self.request.matchdict['user_group_id']
                     c.user_group = UserGroup.get_or_404(user_group_id)
                     return self._get_template_context(c)
                 @LoginRequired()
                 @view_config(
                     route_name='hovercard_pull_request', request_method='GET', xhr=True,
                     renderer='rhodecode:templates/hovercards/hovercard_pull_request.mako')
                 def hovercard_pull_request(self):
                     c = self.load_default_context()
                     c.pull_request = PullRequest.get_or_404(
                         self.request.matchdict['pull_request_id'])
                     perms = ['repository.read', 'repository.write', 'repository.admin']
                     c.can_view_pr = h.HasRepoPermissionAny(*perms)(
                         c.pull_request.target_repo.repo_name)
                     return self._get_template_context(c)
             class HoverCardsRepoView(RepoAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     return c
                 @LoginRequired()
                 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write', 'repository.admin')
                 @view_config(
                     route_name='hovercard_repo_commit', request_method='GET', xhr=True,
                     renderer='rhodecode:templates/hovercards/hovercard_repo_commit.mako')
                 def hovercard_repo_commit(self):
                     c = self.load_default_context()
                     commit_id = self.request.matchdict['commit_id']
                     pre_load = ['author', 'branch', 'date', 'message']
                     try:
                         c.commit = self.rhodecode_vcs_repo.get_commit(
                             commit_id=commit_id, pre_load=pre_load)
                     except (CommitDoesNotExistError, EmptyRepositoryError):
                         raise HTTPNotFound()
                     return self._get_template_context(c)

rhodecode/apps/login/tests/test_login.py

0 +4 -2

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import urlparse
             import mock
             import pytest
             from rhodecode.tests import (
                 assert_session_flash, HG_REPO, TEST_USER_ADMIN_LOGIN,
                 no_newline_id_generator)
             from rhodecode.tests.fixture import Fixture
             from rhodecode.lib.auth import check_password
             from rhodecode.lib import helpers as h
             from rhodecode.model.auth_token import AuthTokenModel
             from rhodecode.model.db import User, Notification, UserApiKeys
             from rhodecode.model.meta import Session
             fixture = Fixture()
             whitelist_view = ['RepoCommitsView:repo_commit_raw']
             def route_path(name, params=None, **kwargs):
                 import urllib
                 from rhodecode.apps._base import ADMIN_PREFIX
                 base_url = {
                     'login': ADMIN_PREFIX + '/login',
                     'logout': ADMIN_PREFIX + '/logout',
                     'register': ADMIN_PREFIX + '/register',
                     'reset_password':
                         ADMIN_PREFIX + '/password_reset',
                     'reset_password_confirmation':
                         ADMIN_PREFIX + '/password_reset_confirmation',
                     'admin_permissions_application':
                         ADMIN_PREFIX + '/permissions/application',
                     'admin_permissions_application_update':
                         ADMIN_PREFIX + '/permissions/application/update',
                     'repo_commit_raw': '/{repo_name}/raw-changeset/{commit_id}'
                 }[name].format(**kwargs)
                 if params:
                     base_url = '{}?{}'.format(base_url, urllib.urlencode(params))
                 return base_url
             @pytest.mark.usefixtures('app')
             class TestLoginController(object):
                 destroy_users = set()
                 @classmethod
                 def teardown_class(cls):
                     fixture.destroy_users(cls.destroy_users)
                 def teardown_method(self, method):
                     for n in Notification.query().all():
                         Session().delete(n)
                     Session().commit()
                     assert Notification.query().all() == []
                 def test_index(self):
                     response = self.app.get(route_path('login'))
                     assert response.status == '200 OK'
                     # Test response...
                 def test_login_admin_ok(self):
                     response = self.app.post(route_path('login'),
                                              {'username': 'test_admin',
                                               'password': 'test12'}, status=302)
                     response = response.follow()
                     session = response.get_session_from_response()
                     username = session['rhodecode_user'].get('username')
                     assert username == 'test_admin'
                     response.mustcontain('logout')
                 def test_login_regular_ok(self):
                     response = self.app.post(route_path('login'),
                                              {'username': 'test_regular',
                                               'password': 'test12'}, status=302)
                     response = response.follow()
                     session = response.get_session_from_response()
                     username = session['rhodecode_user'].get('username')
                     assert username == 'test_regular'
                     response.mustcontain('logout')
                 def test_login_regular_forbidden_when_super_admin_restriction(self):
                     from rhodecode.authentication.plugins.auth_rhodecode import RhodeCodeAuthPlugin
-                    with fixture.auth_restriction(RhodeCodeAuthPlugin.AUTH_RESTRICTION_SUPER_ADMIN):
+                    with fixture.auth_restriction(self.app._pyramid_registry,
+                                                  RhodeCodeAuthPlugin.AUTH_RESTRICTION_SUPER_ADMIN):
                         response = self.app.post(route_path('login'),
                                                  {'username': 'test_regular',
                                                   'password': 'test12'})
                         response.mustcontain('invalid user name')
                         response.mustcontain('invalid password')
                 def test_login_regular_forbidden_when_scope_restriction(self):
                     from rhodecode.authentication.plugins.auth_rhodecode import RhodeCodeAuthPlugin
-                    with fixture.scope_restriction(RhodeCodeAuthPlugin.AUTH_RESTRICTION_SCOPE_VCS):
+                    with fixture.scope_restriction(self.app._pyramid_registry,
+                                                   RhodeCodeAuthPlugin.AUTH_RESTRICTION_SCOPE_VCS):
                         response = self.app.post(route_path('login'),
                                                  {'username': 'test_regular',
                                                   'password': 'test12'})
                         response.mustcontain('invalid user name')
                         response.mustcontain('invalid password')
                 def test_login_ok_came_from(self):
                     test_came_from = '/_admin/users?branch=stable'
                     _url = '{}?came_from={}'.format(route_path('login'), test_came_from)
                     response = self.app.post(
                         _url, {'username': 'test_admin', 'password': 'test12'}, status=302)
                     assert 'branch=stable' in response.location
                     response = response.follow()
                     assert response.status == '200 OK'
                     response.mustcontain('Users administration')
                 def test_redirect_to_login_with_get_args(self):
                     with fixture.anon_access(False):
                         kwargs = {'branch': 'stable'}
                         response = self.app.get(
                             h.route_path('repo_summary', repo_name=HG_REPO, _query=kwargs),
                             status=302)
                         response_query = urlparse.parse_qsl(response.location)
                         assert 'branch=stable' in response_query[0][1]
                 def test_login_form_with_get_args(self):
                     _url = '{}?came_from=/_admin/users,branch=stable'.format(route_path('login'))
                     response = self.app.get(_url)
                     assert 'branch%3Dstable' in response.form.action
                 @pytest.mark.parametrize("url_came_from", [
                     'data:text/html,<script>window.alert("xss")</script>',
                     'mailto:test@rhodecode.org',
                     'file:///etc/passwd',
                     'ftp://some.ftp.server',
                     'http://other.domain',
                     '/\r\nX-Forwarded-Host: http://example.org',
                 ], ids=no_newline_id_generator)
                 def test_login_bad_came_froms(self, url_came_from):
                     _url = '{}?came_from={}'.format(route_path('login'), url_came_from)
                     response = self.app.post(
                         _url,
                         {'username': 'test_admin', 'password': 'test12'})
                     assert response.status == '302 Found'
                     response = response.follow()
                     assert response.status == '200 OK'
                     assert response.request.path == '/'
                 def test_login_short_password(self):
                     response = self.app.post(route_path('login'),
                                              {'username': 'test_admin',
                                               'password': 'as'})
                     assert response.status == '200 OK'
                     response.mustcontain('Enter 3 characters or more')
                 def test_login_wrong_non_ascii_password(self, user_regular):
                     response = self.app.post(
                         route_path('login'),
                         {'username': user_regular.username,
                          'password': u'invalid-non-asci\xe4'.encode('utf8')})
                     response.mustcontain('invalid user name')
                     response.mustcontain('invalid password')
                 def test_login_with_non_ascii_password(self, user_util):
                     password = u'valid-non-ascii\xe4'
                     user = user_util.create_user(password=password)
                     response = self.app.post(
                         route_path('login'),
                         {'username': user.username,
                          'password': password.encode('utf-8')})
                     assert response.status_code == 302
                 def test_login_wrong_username_password(self):
                     response = self.app.post(route_path('login'),
                                              {'username': 'error',
                                               'password': 'test12'})
                     response.mustcontain('invalid user name')
                     response.mustcontain('invalid password')
                 def test_login_admin_ok_password_migration(self, real_crypto_backend):
                     from rhodecode.lib import auth
                     # create new user, with sha256 password
                     temp_user = 'test_admin_sha256'
                     user = fixture.create_user(temp_user)
                     user.password = auth._RhodeCodeCryptoSha256().hash_create(
                         b'test123')
                     Session().add(user)
                     Session().commit()
                     self.destroy_users.add(temp_user)
                     response = self.app.post(route_path('login'),
                                              {'username': temp_user,
                                               'password': 'test123'}, status=302)
                     response = response.follow()
                     session = response.get_session_from_response()
                     username = session['rhodecode_user'].get('username')
                     assert username == temp_user
                     response.mustcontain('logout')
                     # new password should be bcrypted, after log-in and transfer
                     user = User.get_by_username(temp_user)
                     assert user.password.startswith('$')
                 # REGISTRATIONS
                 def test_register(self):
                     response = self.app.get(route_path('register'))
                     response.mustcontain('Create an Account')
                 def test_register_err_same_username(self):
                     uname = 'test_admin'
                     response = self.app.post(
                         route_path('register'),
                         {
                             'username': uname,
                             'password': 'test12',
                             'password_confirmation': 'test12',
                             'email': 'goodmail@domain.com',
                             'firstname': 'test',
                             'lastname': 'test'
                         }
                     )
                     assertr = response.assert_response()
                     msg = 'Username "%(username)s" already exists'
                     msg = msg % {'username': uname}
                     assertr.element_contains('#username+.error-message', msg)
                 def test_register_err_same_email(self):
                     response = self.app.post(
                         route_path('register'),
                         {
                             'username': 'test_admin_0',
                             'password': 'test12',
                             'password_confirmation': 'test12',
                             'email': 'test_admin@mail.com',
                             'firstname': 'test',
                             'lastname': 'test'
                         }
                     )
                     assertr = response.assert_response()
                     msg = u'This e-mail address is already taken'
                     assertr.element_contains('#email+.error-message', msg)
                 def test_register_err_same_email_case_sensitive(self):
                     response = self.app.post(
                         route_path('register'),
                         {
                             'username': 'test_admin_1',
                             'password': 'test12',
                             'password_confirmation': 'test12',
                             'email': 'TesT_Admin@mail.COM',
                             'firstname': 'test',
                             'lastname': 'test'
                         }
                     )
                     assertr = response.assert_response()
                     msg = u'This e-mail address is already taken'
                     assertr.element_contains('#email+.error-message', msg)
                 def test_register_err_wrong_data(self):
                     response = self.app.post(
                         route_path('register'),
                         {
                             'username': 'xs',
                             'password': 'test',
                             'password_confirmation': 'test',
                             'email': 'goodmailm',
                             'firstname': 'test',
                             'lastname': 'test'
                         }
                     )
                     assert response.status == '200 OK'
                     response.mustcontain('An email address must contain a single @')
                     response.mustcontain('Enter a value 6 characters long or more')
                 def test_register_err_username(self):
                     response = self.app.post(
                         route_path('register'),
                         {
                             'username': 'error user',
                             'password': 'test12',
                             'password_confirmation': 'test12',
                             'email': 'goodmailm',
                             'firstname': 'test',
                             'lastname': 'test'
                         }
                     )
                     response.mustcontain('An email address must contain a single @')
                     response.mustcontain(
                         'Username may only contain '
                         'alphanumeric characters underscores, '
                         'periods or dashes and must begin with '
                         'alphanumeric character')
                 def test_register_err_case_sensitive(self):
                     usr = 'Test_Admin'
                     response = self.app.post(
                         route_path('register'),
                         {
                             'username': usr,
                             'password': 'test12',
                             'password_confirmation': 'test12',
                             'email': 'goodmailm',
                             'firstname': 'test',
                             'lastname': 'test'
                         }
                     )
                     assertr = response.assert_response()
                     msg = u'Username "%(username)s" already exists'
                     msg = msg % {'username': usr}
                     assertr.element_contains('#username+.error-message', msg)
                 def test_register_special_chars(self):
                     response = self.app.post(
                         route_path('register'),
                         {
                             'username': 'xxxaxn',
                             'password': 'ąćźżąśśśś',
                             'password_confirmation': 'ąćźżąśśśś',
                             'email': 'goodmailm@test.plx',
                             'firstname': 'test',
                             'lastname': 'test'
                         }
                     )
                     msg = u'Invalid characters (non-ascii) in password'
                     response.mustcontain(msg)
                 def test_register_password_mismatch(self):
                     response = self.app.post(
                         route_path('register'),
                         {
                             'username': 'xs',
                             'password': '123qwe',
                             'password_confirmation': 'qwe123',
                             'email': 'goodmailm@test.plxa',
                             'firstname': 'test',
                             'lastname': 'test'
                         }
                     )
                     msg = u'Passwords do not match'
                     response.mustcontain(msg)
                 def test_register_ok(self):
                     username = 'test_regular4'
                     password = 'qweqwe'
                     email = 'marcin@test.com'
                     name = 'testname'
                     lastname = 'testlastname'
                     # this initializes a session
                     response = self.app.get(route_path('register'))
                     response.mustcontain('Create an Account')
                     response = self.app.post(
                         route_path('register'),
                         {
                             'username': username,
                             'password': password,
                             'password_confirmation': password,
                             'email': email,
                             'firstname': name,
                             'lastname': lastname,
                             'admin': True
                         },
                         status=302
                     )  # This should be overridden
                     assert_session_flash(
                         response, 'You have successfully registered with RhodeCode. You can log-in now.')
                     ret = Session().query(User).filter(
                         User.username == 'test_regular4').one()
                     assert ret.username == username
                     assert check_password(password, ret.password)
                     assert ret.email == email
                     assert ret.name == name
                     assert ret.lastname == lastname
                     assert ret.auth_tokens is not None
                     assert not ret.admin
                 def test_forgot_password_wrong_mail(self):
                     bad_email = 'marcin@wrongmail.org'
                     # this initializes a session
                     self.app.get(route_path('reset_password'))
                     response = self.app.post(
                         route_path('reset_password'), {'email': bad_email, }
                     )
                     assert_session_flash(response,
                         'If such email exists, a password reset link was sent to it.')
                 def test_forgot_password(self, user_util):
                     # this initializes a session
                     self.app.get(route_path('reset_password'))
                     user = user_util.create_user()
                     user_id = user.user_id
                     email = user.email
                     response = self.app.post(route_path('reset_password'), {'email': email, })
                     assert_session_flash(response,
                         'If such email exists, a password reset link was sent to it.')
                     # BAD KEY
                     confirm_url = '{}?key={}'.format(route_path('reset_password_confirmation'), 'badkey')
                     response = self.app.get(confirm_url, status=302)
                     assert response.location.endswith(route_path('reset_password'))
                     assert_session_flash(response, 'Given reset token is invalid')
                     response.follow()  # cleanup flash
                     # GOOD KEY
                     key = UserApiKeys.query()\
                         .filter(UserApiKeys.user_id == user_id)\
                         .filter(UserApiKeys.role == UserApiKeys.ROLE_PASSWORD_RESET)\
                         .first()
                     assert key
                     confirm_url = '{}?key={}'.format(route_path('reset_password_confirmation'), key.api_key)
                     response = self.app.get(confirm_url)
                     assert response.status == '302 Found'
                     assert response.location.endswith(route_path('login'))
                     assert_session_flash(
                         response,
                         'Your password reset was successful, '
                         'a new password has been sent to your email')
                     response.follow()
                 def _get_api_whitelist(self, values=None):
                     config = {'api_access_controllers_whitelist': values or []}
                     return config
                 @pytest.mark.parametrize("test_name, auth_token", [
                     ('none', None),
                     ('empty_string', ''),
                     ('fake_number', '123456'),
                     ('proper_auth_token', None)
                 ])
                 def test_access_not_whitelisted_page_via_auth_token(
                         self, test_name, auth_token, user_admin):
                     whitelist = self._get_api_whitelist([])
                     with mock.patch.dict('rhodecode.CONFIG', whitelist):
                         assert [] == whitelist['api_access_controllers_whitelist']
                         if test_name == 'proper_auth_token':
                             # use builtin if api_key is None
                             auth_token = user_admin.api_key
                         with fixture.anon_access(False):
                             self.app.get(
                                 route_path('repo_commit_raw',
                                            repo_name=HG_REPO, commit_id='tip',
                                            params=dict(api_key=auth_token)),
                                 status=302)
                 @pytest.mark.parametrize("test_name, auth_token, code", [
                     ('none', None, 302),
                     ('empty_string', '', 302),
                     ('fake_number', '123456', 302),
                     ('proper_auth_token', None, 200)
                 ])
                 def test_access_whitelisted_page_via_auth_token(
                         self, test_name, auth_token, code, user_admin):
                     whitelist = self._get_api_whitelist(whitelist_view)
                     with mock.patch.dict('rhodecode.CONFIG', whitelist):
                         assert whitelist_view == whitelist['api_access_controllers_whitelist']
                         if test_name == 'proper_auth_token':
                             auth_token = user_admin.api_key
                             assert auth_token
                         with fixture.anon_access(False):
                             self.app.get(
                                 route_path('repo_commit_raw',
                                            repo_name=HG_REPO, commit_id='tip',
                                            params=dict(api_key=auth_token)),
                                 status=code)
                 @pytest.mark.parametrize("test_name, auth_token, code", [
                     ('proper_auth_token', None, 200),
                     ('wrong_auth_token', '123456', 302),
                 ])
                 def test_access_whitelisted_page_via_auth_token_bound_to_token(
                         self, test_name, auth_token, code, user_admin):
                     expected_token = auth_token
                     if test_name == 'proper_auth_token':
                         auth_token = user_admin.api_key
                         expected_token = auth_token
                         assert auth_token
                     whitelist = self._get_api_whitelist([
                         'RepoCommitsView:repo_commit_raw@{}'.format(expected_token)])
                     with mock.patch.dict('rhodecode.CONFIG', whitelist):
                         with fixture.anon_access(False):
                             self.app.get(
                                 route_path('repo_commit_raw',
                                            repo_name=HG_REPO, commit_id='tip',
                                            params=dict(api_key=auth_token)),
                                 status=code)
                 def test_access_page_via_extra_auth_token(self):
                     whitelist = self._get_api_whitelist(whitelist_view)
                     with mock.patch.dict('rhodecode.CONFIG', whitelist):
                         assert whitelist_view == \
                             whitelist['api_access_controllers_whitelist']
                         new_auth_token = AuthTokenModel().create(
                             TEST_USER_ADMIN_LOGIN, 'test')
                         Session().commit()
                         with fixture.anon_access(False):
                             self.app.get(
                                 route_path('repo_commit_raw',
                                            repo_name=HG_REPO, commit_id='tip',
                                            params=dict(api_key=new_auth_token.api_key)),
                                 status=200)
                 def test_access_page_via_expired_auth_token(self):
                     whitelist = self._get_api_whitelist(whitelist_view)
                     with mock.patch.dict('rhodecode.CONFIG', whitelist):
                         assert whitelist_view == \
                             whitelist['api_access_controllers_whitelist']
                         new_auth_token = AuthTokenModel().create(
                             TEST_USER_ADMIN_LOGIN, 'test')
                         Session().commit()
                         # patch the api key and make it expired
                         new_auth_token.expires = 0
                         Session().add(new_auth_token)
                         Session().commit()
                         with fixture.anon_access(False):
                             self.app.get(
                                 route_path('repo_commit_raw',
                                            repo_name=HG_REPO, commit_id='tip',
                                            params=dict(api_key=new_auth_token.api_key)),
                                 status=302)

rhodecode/apps/my_account/views/my_account.py

0 +1 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import datetime
             import string
             import formencode
             import formencode.htmlfill
             import peppercorn
             from pyramid.httpexceptions import HTTPFound
             from pyramid.view import view_config
             from rhodecode.apps._base import BaseAppView, DataGridAppView
             from rhodecode import forms
             from rhodecode.lib import helpers as h
             from rhodecode.lib import audit_logger
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.auth import (
                 LoginRequired, NotAnonymous, CSRFRequired,
                 HasRepoPermissionAny, HasRepoGroupPermissionAny, AuthUser)
             from rhodecode.lib.channelstream import (
                 channelstream_request, ChannelstreamException)
             from rhodecode.lib.utils2 import safe_int, md5, str2bool
             from rhodecode.model.auth_token import AuthTokenModel
             from rhodecode.model.comment import CommentsModel
             from rhodecode.model.db import (
                 IntegrityError, or_, in_filter_generator,
                 Repository, UserEmailMap, UserApiKeys, UserFollowing,
                 PullRequest, UserBookmark, RepoGroup)
             from rhodecode.model.meta import Session
             from rhodecode.model.pull_request import PullRequestModel
             from rhodecode.model.user import UserModel
             from rhodecode.model.user_group import UserGroupModel
             from rhodecode.model.validation_schema.schemas import user_schema
             log = logging.getLogger(__name__)
             class MyAccountView(BaseAppView, DataGridAppView):
                 ALLOW_SCOPED_TOKENS = False
                 """
                 This view has alternative version inside EE, if modified please take a look
                 in there as well.
                 """
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     c.user = c.auth_user.get_instance()
                     c.allow_scoped_tokens = self.ALLOW_SCOPED_TOKENS
                     return c
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_profile', request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_profile(self):
                     c = self.load_default_context()
                     c.active = 'profile'
+                    c.extern_type = c.user.extern_type
                     return self._get_template_context(c)
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_password', request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_password(self):
                     c = self.load_default_context()
                     c.active = 'password'
                     c.extern_type = c.user.extern_type
                     schema = user_schema.ChangePasswordSchema().bind(
                         username=c.user.username)
                     form = forms.Form(
                         schema,
                         action=h.route_path('my_account_password_update'),
                         buttons=(forms.buttons.save, forms.buttons.reset))
                     c.form = form
                     return self._get_template_context(c)
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 @view_config(
                     route_name='my_account_password_update', request_method='POST',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_password_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'password'
                     c.extern_type = c.user.extern_type
                     schema = user_schema.ChangePasswordSchema().bind(
                         username=c.user.username)
                     form = forms.Form(
                         schema, buttons=(forms.buttons.save, forms.buttons.reset))
                     if c.extern_type != 'rhodecode':
                         raise HTTPFound(self.request.route_path('my_account_password'))
                     controls = self.request.POST.items()
                     try:
                         valid_data = form.validate(controls)
                         UserModel().update_user(c.user.user_id, **valid_data)
                         c.user.update_userdata(force_password_change=False)
                         Session().commit()
                     except forms.ValidationFailure as e:
                         c.form = e
                         return self._get_template_context(c)
                     except Exception:
                         log.exception("Exception updating password")
                         h.flash(_('Error occurred during update of user password'),
                                 category='error')
                     else:
                         instance = c.auth_user.get_instance()
                         self.session.setdefault('rhodecode_user', {}).update(
                             {'password': md5(instance.password)})
                         self.session.save()
                         h.flash(_("Successfully updated password"), category='success')
                     raise HTTPFound(self.request.route_path('my_account_password'))
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_auth_tokens', request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_auth_tokens(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'auth_tokens'
                     c.lifetime_values = AuthTokenModel.get_lifetime_values(translator=_)
                     c.role_values = [
                         (x, AuthTokenModel.cls._get_role_name(x))
                         for x in AuthTokenModel.cls.ROLES]
                     c.role_options = [(c.role_values, _("Role"))]
                     c.user_auth_tokens = AuthTokenModel().get_auth_tokens(
                         c.user.user_id, show_expired=True)
                     c.role_vcs = AuthTokenModel.cls.ROLE_VCS
                     return self._get_template_context(c)
                 def maybe_attach_token_scope(self, token):
                     # implemented in EE edition
                     pass
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 @view_config(
                     route_name='my_account_auth_tokens_add', request_method='POST',)
                 def my_account_auth_tokens_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     lifetime = safe_int(self.request.POST.get('lifetime'), -1)
                     description = self.request.POST.get('description')
                     role = self.request.POST.get('role')
                     token = UserModel().add_auth_token(
                         user=c.user.user_id,
                         lifetime_minutes=lifetime, role=role, description=description,
                         scope_callback=self.maybe_attach_token_scope)
                     token_data = token.get_api_data()
                     audit_logger.store_web(
                         'user.edit.token.add', action_data={
                             'data': {'token': token_data, 'user': 'self'}},
                         user=self._rhodecode_user, )
                     Session().commit()
                     h.flash(_("Auth token successfully created"), category='success')
                     return HTTPFound(h.route_path('my_account_auth_tokens'))
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 @view_config(
                     route_name='my_account_auth_tokens_delete', request_method='POST')
                 def my_account_auth_tokens_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     del_auth_token = self.request.POST.get('del_auth_token')
                     if del_auth_token:
                         token = UserApiKeys.get_or_404(del_auth_token)
                         token_data = token.get_api_data()
                         AuthTokenModel().delete(del_auth_token, c.user.user_id)
                         audit_logger.store_web(
                             'user.edit.token.delete', action_data={
                                 'data': {'token': token_data, 'user': 'self'}},
                             user=self._rhodecode_user,)
                         Session().commit()
                         h.flash(_("Auth token successfully deleted"), category='success')
                     return HTTPFound(h.route_path('my_account_auth_tokens'))
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_emails', request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_emails(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'emails'
                     c.user_email_map = UserEmailMap.query()\
                         .filter(UserEmailMap.user == c.user).all()
                     schema = user_schema.AddEmailSchema().bind(
                         username=c.user.username, user_emails=c.user.emails)
                     form = forms.RcForm(schema,
                                         action=h.route_path('my_account_emails_add'),
                                         buttons=(forms.buttons.save, forms.buttons.reset))
                     c.form = form
                     return self._get_template_context(c)
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 @view_config(
                     route_name='my_account_emails_add', request_method='POST',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_emails_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'emails'
                     schema = user_schema.AddEmailSchema().bind(
                         username=c.user.username, user_emails=c.user.emails)
                     form = forms.RcForm(
                         schema, action=h.route_path('my_account_emails_add'),
                         buttons=(forms.buttons.save, forms.buttons.reset))
                     controls = self.request.POST.items()
                     try:
                         valid_data = form.validate(controls)
                         UserModel().add_extra_email(c.user.user_id, valid_data['email'])
                         audit_logger.store_web(
                             'user.edit.email.add', action_data={
                                 'data': {'email': valid_data['email'], 'user': 'self'}},
                             user=self._rhodecode_user,)
                         Session().commit()
                     except formencode.Invalid as error:
                         h.flash(h.escape(error.error_dict['email']), category='error')
                     except forms.ValidationFailure as e:
                         c.user_email_map = UserEmailMap.query() \
                             .filter(UserEmailMap.user == c.user).all()
                         c.form = e
                         return self._get_template_context(c)
                     except Exception:
                         log.exception("Exception adding email")
                         h.flash(_('Error occurred during adding email'),
                                 category='error')
                     else:
                         h.flash(_("Successfully added email"), category='success')
                     raise HTTPFound(self.request.route_path('my_account_emails'))
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 @view_config(
                     route_name='my_account_emails_delete', request_method='POST')
                 def my_account_emails_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     del_email_id = self.request.POST.get('del_email_id')
                     if del_email_id:
                         email = UserEmailMap.get_or_404(del_email_id).email
                         UserModel().delete_extra_email(c.user.user_id, del_email_id)
                         audit_logger.store_web(
                             'user.edit.email.delete', action_data={
                                 'data': {'email': email, 'user': 'self'}},
                             user=self._rhodecode_user,)
                         Session().commit()
                         h.flash(_("Email successfully deleted"),
                                 category='success')
                     return HTTPFound(h.route_path('my_account_emails'))
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 @view_config(
                     route_name='my_account_notifications_test_channelstream',
                     request_method='POST', renderer='json_ext')
                 def my_account_notifications_test_channelstream(self):
                     message = 'Test message sent via Channelstream by user: {}, on {}'.format(
                         self._rhodecode_user.username, datetime.datetime.now())
                     payload = {
                         # 'channel': 'broadcast',
                         'type': 'message',
                         'timestamp': datetime.datetime.utcnow(),
                         'user': 'system',
                         'pm_users': [self._rhodecode_user.username],
                         'message': {
                             'message': message,
                             'level': 'info',
                             'topic': '/notifications'
                         }
                     }
                     registry = self.request.registry
                     rhodecode_plugins = getattr(registry, 'rhodecode_plugins', {})
                     channelstream_config = rhodecode_plugins.get('channelstream', {})
                     try:
                         channelstream_request(channelstream_config, [payload], '/message')
                     except ChannelstreamException as e:
                         log.exception('Failed to send channelstream data')
                         return {"response": 'ERROR: {}'.format(e.__class__.__name__)}
                     return {"response": 'Channelstream data sent. '
                                         'You should see a new live message now.'}
                 def _load_my_repos_data(self, watched=False):
                     allowed_ids = [-1] + self._rhodecode_user.repo_acl_ids_from_stack(AuthUser.repo_read_perms)
                     if watched:
                         # repos user watch
                         repo_list = Session().query(
                                 Repository
                             ) \
                             .join(
                                 (UserFollowing, UserFollowing.follows_repo_id == Repository.repo_id)
                             ) \
                             .filter(
                                 UserFollowing.user_id == self._rhodecode_user.user_id
                             ) \
                             .filter(or_(
                                 # generate multiple IN to fix limitation problems
                                 *in_filter_generator(Repository.repo_id, allowed_ids))
                             ) \
                             .order_by(Repository.repo_name) \
                             .all()
                     else:
                         # repos user is owner of
                         repo_list = Session().query(
                                 Repository
                             ) \
                             .filter(
                                 Repository.user_id == self._rhodecode_user.user_id
                             ) \
                             .filter(or_(
                                 # generate multiple IN to fix limitation problems
                                 *in_filter_generator(Repository.repo_id, allowed_ids))
                             ) \
                             .order_by(Repository.repo_name) \
                             .all()
                     _render = self.request.get_partial_renderer(
                         'rhodecode:templates/data_table/_dt_elements.mako')
                     def repo_lnk(name, rtype, rstate, private, archived, fork_of):
                         return _render('repo_name', name, rtype, rstate, private, archived, fork_of,
                                        short_name=False, admin=False)
                     repos_data = []
                     for repo in repo_list:
                         row = {
                             "name": repo_lnk(repo.repo_name, repo.repo_type, repo.repo_state,
                                              repo.private, repo.archived, repo.fork),
                             "name_raw": repo.repo_name.lower(),
                         }
                         repos_data.append(row)
                     # json used to render the grid
                     return json.dumps(repos_data)
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_repos', request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_repos(self):
                     c = self.load_default_context()
                     c.active = 'repos'
                     # json used to render the grid
                     c.data = self._load_my_repos_data()
                     return self._get_template_context(c)
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_watched', request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_watched(self):
                     c = self.load_default_context()
                     c.active = 'watched'
                     # json used to render the grid
                     c.data = self._load_my_repos_data(watched=True)
                     return self._get_template_context(c)
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_bookmarks', request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_bookmarks(self):
                     c = self.load_default_context()
                     c.active = 'bookmarks'
                     c.bookmark_items = UserBookmark.get_bookmarks_for_user(
                         self._rhodecode_db_user.user_id, cache=False)
                     return self._get_template_context(c)
                 def _process_bookmark_entry(self, entry, user_id):
                     position = safe_int(entry.get('position'))
                     cur_position = safe_int(entry.get('cur_position'))
                     if position is None:
                         return
                     # check if this is an existing entry
                     is_new = False
                     db_entry = UserBookmark().get_by_position_for_user(cur_position, user_id)
                     if db_entry and str2bool(entry.get('remove')):
                         log.debug('Marked bookmark %s for deletion', db_entry)
                         Session().delete(db_entry)
                         return
                     if not db_entry:
                         # new
                         db_entry = UserBookmark()
                         is_new = True
                     should_save = False
                     default_redirect_url = ''
                     # save repo
                     if entry.get('bookmark_repo') and safe_int(entry.get('bookmark_repo')):
                         repo = Repository.get(entry['bookmark_repo'])
                         perm_check = HasRepoPermissionAny(
                             'repository.read', 'repository.write', 'repository.admin')
                         if repo and perm_check(repo_name=repo.repo_name):
                             db_entry.repository = repo
                             should_save = True
                             default_redirect_url = '${repo_url}'
                     # save repo group
                     elif entry.get('bookmark_repo_group') and safe_int(entry.get('bookmark_repo_group')):
                         repo_group = RepoGroup.get(entry['bookmark_repo_group'])
                         perm_check = HasRepoGroupPermissionAny(
                             'group.read', 'group.write', 'group.admin')
                         if repo_group and perm_check(group_name=repo_group.group_name):
                             db_entry.repository_group = repo_group
                             should_save = True
                             default_redirect_url = '${repo_group_url}'
                     # save generic info
                     elif entry.get('title') and entry.get('redirect_url'):
                         should_save = True
                     if should_save:
                         # mark user and position
                         db_entry.user_id = user_id
                         db_entry.position = position
                         db_entry.title = entry.get('title')
                         db_entry.redirect_url = entry.get('redirect_url') or default_redirect_url
                         log.debug('Saving bookmark %s, new:%s', db_entry, is_new)
                         Session().add(db_entry)
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 @view_config(
                     route_name='my_account_bookmarks_update', request_method='POST')
                 def my_account_bookmarks_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'bookmarks'
                     controls = peppercorn.parse(self.request.POST.items())
                     user_id = c.user.user_id
                     # validate positions
                     positions = {}
                     for entry in controls.get('bookmarks', []):
                         position = safe_int(entry['position'])
                         if position is None:
                             continue
                         if position in positions:
                             h.flash(_("Position {} is defined twice. "
                                       "Please correct this error.").format(position), category='error')
                             return HTTPFound(h.route_path('my_account_bookmarks'))
                         entry['position'] = position
                         entry['cur_position'] = safe_int(entry.get('cur_position'))
                         positions[position] = entry
                     try:
                         for entry in positions.values():
                             self._process_bookmark_entry(entry, user_id)
                         Session().commit()
                         h.flash(_("Update Bookmarks"), category='success')
                     except IntegrityError:
                         h.flash(_("Failed to update bookmarks. "
                                   "Make sure an unique position is used."), category='error')
                     return HTTPFound(h.route_path('my_account_bookmarks'))
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_goto_bookmark', request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_goto_bookmark(self):
                     bookmark_id = self.request.matchdict['bookmark_id']
                     user_bookmark = UserBookmark().query()\
                         .filter(UserBookmark.user_id == self.request.user.user_id) \
                         .filter(UserBookmark.position == bookmark_id).scalar()
                     redirect_url = h.route_path('my_account_bookmarks')
                     if not user_bookmark:
                         raise HTTPFound(redirect_url)
                     # repository set
                     if user_bookmark.repository:
                         repo_name = user_bookmark.repository.repo_name
                         base_redirect_url = h.route_path(
                             'repo_summary', repo_name=repo_name)
                         if user_bookmark.redirect_url and \
                                 '${repo_url}' in user_bookmark.redirect_url:
                             redirect_url = string.Template(user_bookmark.redirect_url)\
                                 .safe_substitute({'repo_url': base_redirect_url})
                         else:
                             redirect_url = base_redirect_url
                     # repository group set
                     elif user_bookmark.repository_group:
                         repo_group_name = user_bookmark.repository_group.group_name
                         base_redirect_url = h.route_path(
                             'repo_group_home', repo_group_name=repo_group_name)
                         if user_bookmark.redirect_url and \
                                 '${repo_group_url}' in user_bookmark.redirect_url:
                             redirect_url = string.Template(user_bookmark.redirect_url)\
                                 .safe_substitute({'repo_group_url': base_redirect_url})
                         else:
                             redirect_url = base_redirect_url
                     # custom URL set
                     elif user_bookmark.redirect_url:
                         server_url = h.route_url('home').rstrip('/')
                         redirect_url = string.Template(user_bookmark.redirect_url) \
                             .safe_substitute({'server_url': server_url})
                     log.debug('Redirecting bookmark %s to %s', user_bookmark, redirect_url)
                     raise HTTPFound(redirect_url)
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_perms', request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_perms(self):
                     c = self.load_default_context()
                     c.active = 'perms'
                     c.perm_user = c.auth_user
                     return self._get_template_context(c)
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_notifications', request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_notifications(self):
                     c = self.load_default_context()
                     c.active = 'notifications'
                     return self._get_template_context(c)
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 @view_config(
                     route_name='my_account_notifications_toggle_visibility',
                     request_method='POST', renderer='json_ext')
                 def my_notifications_toggle_visibility(self):
                     user = self._rhodecode_db_user
                     new_status = not user.user_data.get('notification_status', True)
                     user.update_userdata(notification_status=new_status)
                     Session().commit()
                     return user.user_data['notification_status']
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_edit',
                     request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_edit(self):
                     c = self.load_default_context()
                     c.active = 'profile_edit'
                     c.extern_type = c.user.extern_type
                     c.extern_name = c.user.extern_name
                     schema = user_schema.UserProfileSchema().bind(
                         username=c.user.username, user_emails=c.user.emails)
                     appstruct = {
                         'username': c.user.username,
                         'email': c.user.email,
                         'firstname': c.user.firstname,
                         'lastname': c.user.lastname,
                         'description': c.user.description,
                     }
                     c.form = forms.RcForm(
                         schema, appstruct=appstruct,
                         action=h.route_path('my_account_update'),
                         buttons=(forms.buttons.save, forms.buttons.reset))
                     return self._get_template_context(c)
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 @view_config(
                     route_name='my_account_update',
                     request_method='POST',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'profile_edit'
                     c.perm_user = c.auth_user
                     c.extern_type = c.user.extern_type
                     c.extern_name = c.user.extern_name
                     schema = user_schema.UserProfileSchema().bind(
                         username=c.user.username, user_emails=c.user.emails)
                     form = forms.RcForm(
                         schema, buttons=(forms.buttons.save, forms.buttons.reset))
                     controls = self.request.POST.items()
                     try:
                         valid_data = form.validate(controls)
                         skip_attrs = ['admin', 'active', 'extern_type', 'extern_name',
                                       'new_password', 'password_confirmation']
                         if c.extern_type != "rhodecode":
                             # forbid updating username for external accounts
                             skip_attrs.append('username')
                         old_email = c.user.email
                         UserModel().update_user(
                                  self._rhodecode_user.user_id, skip_attrs=skip_attrs,
                                  **valid_data)
                         if old_email != valid_data['email']:
                             old = UserEmailMap.query() \
                                 .filter(UserEmailMap.user == c.user).filter(UserEmailMap.email == valid_data['email']).first()
                             old.email = old_email
                         h.flash(_('Your account was updated successfully'), category='success')
                         Session().commit()
                     except forms.ValidationFailure as e:
                         c.form = e
                         return self._get_template_context(c)
                     except Exception:
                         log.exception("Exception updating user")
                         h.flash(_('Error occurred during update of user'),
                                 category='error')
                     raise HTTPFound(h.route_path('my_account_profile'))
                 def _get_pull_requests_list(self, statuses):
                     draw, start, limit = self._extract_chunk(self.request)
                     search_q, order_by, order_dir = self._extract_ordering(self.request)
                     _render = self.request.get_partial_renderer(
                         'rhodecode:templates/data_table/_dt_elements.mako')
                     pull_requests = PullRequestModel().get_im_participating_in(
                         user_id=self._rhodecode_user.user_id,
                         statuses=statuses,
                         offset=start, length=limit, order_by=order_by,
                         order_dir=order_dir)
                     pull_requests_total_count = PullRequestModel().count_im_participating_in(
                         user_id=self._rhodecode_user.user_id, statuses=statuses)
                     data = []
                     comments_model = CommentsModel()
                     for pr in pull_requests:
                         repo_id = pr.target_repo_id
                         comments = comments_model.get_all_comments(
                             repo_id, pull_request=pr)
                         owned = pr.user_id == self._rhodecode_user.user_id
                         data.append({
                             'target_repo': _render('pullrequest_target_repo',
                                                    pr.target_repo.repo_name),
                             'name': _render('pullrequest_name',
                                             pr.pull_request_id, pr.pull_request_state,
                                             pr.work_in_progress, pr.target_repo.repo_name,
                                             short=True),
                             'name_raw': pr.pull_request_id,
                             'status': _render('pullrequest_status',
                                               pr.calculated_review_status()),
                             'title': _render('pullrequest_title', pr.title, pr.description),
                             'description': h.escape(pr.description),
                             'updated_on': _render('pullrequest_updated_on',
                                                   h.datetime_to_time(pr.updated_on)),
                             'updated_on_raw': h.datetime_to_time(pr.updated_on),
                             'created_on': _render('pullrequest_updated_on',
                                                   h.datetime_to_time(pr.created_on)),
                             'created_on_raw': h.datetime_to_time(pr.created_on),
                             'state': pr.pull_request_state,
                             'author': _render('pullrequest_author',
                                               pr.author.full_contact, ),
                             'author_raw': pr.author.full_name,
                             'comments': _render('pullrequest_comments', len(comments)),
                             'comments_raw': len(comments),
                             'closed': pr.is_closed(),
                             'owned': owned
                         })
                     # json used to render the grid
                     data = ({
                         'draw': draw,
                         'data': data,
                         'recordsTotal': pull_requests_total_count,
                         'recordsFiltered': pull_requests_total_count,
                     })
                     return data
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_pullrequests',
                     request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_pullrequests(self):
                     c = self.load_default_context()
                     c.active = 'pullrequests'
                     req_get = self.request.GET
                     c.closed = str2bool(req_get.get('pr_show_closed'))
                     return self._get_template_context(c)
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_pullrequests_data',
                     request_method='GET', renderer='json_ext')
                 def my_account_pullrequests_data(self):
                     self.load_default_context()
                     req_get = self.request.GET
                     closed = str2bool(req_get.get('closed'))
                     statuses = [PullRequest.STATUS_NEW, PullRequest.STATUS_OPEN]
                     if closed:
                         statuses += [PullRequest.STATUS_CLOSED]
                     data = self._get_pull_requests_list(statuses=statuses)
                     return data
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_user_group_membership',
                     request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_user_group_membership(self):
                     c = self.load_default_context()
                     c.active = 'user_group_membership'
                     groups = [UserGroupModel.get_user_groups_as_dict(group.users_group)
                               for group in self._rhodecode_db_user.group_member]
                     c.user_groups = json.dumps(groups)
                     return self._get_template_context(c)

rhodecode/apps/my_account/views/my_account_ssh_keys.py

0 +4 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             from pyramid.httpexceptions import HTTPFound
             from pyramid.view import view_config
             from rhodecode.apps._base import BaseAppView, DataGridAppView
             from rhodecode.apps.ssh_support import SshKeyFileChangeEvent
             from rhodecode.events import trigger
             from rhodecode.lib import helpers as h
             from rhodecode.lib import audit_logger
             from rhodecode.lib.auth import LoginRequired, NotAnonymous, CSRFRequired
             from rhodecode.model.db import IntegrityError, UserSshKeys
             from rhodecode.model.meta import Session
             from rhodecode.model.ssh_key import SshKeyModel
             log = logging.getLogger(__name__)
             class MyAccountSshKeysView(BaseAppView, DataGridAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     c.user = c.auth_user.get_instance()
                     c.ssh_enabled = self.request.registry.settings.get(
                         'ssh.generate_authorized_keyfile')
                     return c
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_ssh_keys', request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def my_account_ssh_keys(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'ssh_keys'
                     c.default_key = self.request.GET.get('default_key')
                     c.user_ssh_keys = SshKeyModel().get_ssh_keys(c.user.user_id)
                     return self._get_template_context(c)
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='my_account_ssh_keys_generate', request_method='GET',
                     renderer='rhodecode:templates/admin/my_account/my_account.mako')
                 def ssh_keys_generate_keypair(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'ssh_keys_generate'
                     if c.ssh_key_generator_enabled:
+                        private_format = self.request.GET.get('private_format') \
+                                         or SshKeyModel.DEFAULT_PRIVATE_KEY_FORMAT
                         comment = 'RhodeCode-SSH {}'.format(c.user.email or '')
-                        c.private, c.public = SshKeyModel().generate_keypair(comment=comment)
+                        c.private, c.public = SshKeyModel().generate_keypair(
+                            comment=comment, private_format=private_format)
                         c.target_form_url = h.route_path(
                             'my_account_ssh_keys', _query=dict(default_key=c.public))
                     return self._get_template_context(c)
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 @view_config(
                     route_name='my_account_ssh_keys_add', request_method='POST',)
                 def my_account_ssh_keys_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_data = c.user.get_api_data()
                     key_data = self.request.POST.get('key_data')
                     description = self.request.POST.get('description')
                     fingerprint = 'unknown'
                     try:
                         if not key_data:
                             raise ValueError('Please add a valid public key')
                         key = SshKeyModel().parse_key(key_data.strip())
                         fingerprint = key.hash_md5()
                         ssh_key = SshKeyModel().create(
                             c.user.user_id, fingerprint, key.keydata, description)
                         ssh_key_data = ssh_key.get_api_data()
                         audit_logger.store_web(
                             'user.edit.ssh_key.add', action_data={
                                 'data': {'ssh_key': ssh_key_data, 'user': user_data}},
                             user=self._rhodecode_user, )
                         Session().commit()
                         # Trigger an event on change of keys.
                         trigger(SshKeyFileChangeEvent(), self.request.registry)
                         h.flash(_("Ssh Key successfully created"), category='success')
                     except IntegrityError:
                         log.exception("Exception during ssh key saving")
                         err = 'Such key with fingerprint `{}` already exists, ' \
                               'please use a different one'.format(fingerprint)
                         h.flash(_('An error occurred during ssh key saving: {}').format(err),
                                 category='error')
                     except Exception as e:
                         log.exception("Exception during ssh key saving")
                         h.flash(_('An error occurred during ssh key saving: {}').format(e),
                                 category='error')
                     return HTTPFound(h.route_path('my_account_ssh_keys'))
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 @view_config(
                     route_name='my_account_ssh_keys_delete', request_method='POST')
                 def my_account_ssh_keys_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_data = c.user.get_api_data()
                     del_ssh_key = self.request.POST.get('del_ssh_key')
                     if del_ssh_key:
                         ssh_key = UserSshKeys.get_or_404(del_ssh_key)
                         ssh_key_data = ssh_key.get_api_data()
                         SshKeyModel().delete(del_ssh_key, c.user.user_id)
                         audit_logger.store_web(
                             'user.edit.ssh_key.delete', action_data={
                                 'data': {'ssh_key': ssh_key_data, 'user': user_data}},
                             user=self._rhodecode_user,)
                         Session().commit()
                         # Trigger an event on change of keys.
                         trigger(SshKeyFileChangeEvent(), self.request.registry)
                         h.flash(_("Ssh key successfully deleted"), category='success')
                     return HTTPFound(h.route_path('my_account_ssh_keys'))

rhodecode/apps/repo_group/views/repo_group_permissions.py

0 +8 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2011-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             from pyramid.view import view_config
             from pyramid.httpexceptions import HTTPFound
             from rhodecode.apps._base import RepoGroupAppView
             from rhodecode.lib import helpers as h
             from rhodecode.lib import audit_logger
             from rhodecode.lib.auth import (
                 LoginRequired, HasRepoGroupPermissionAnyDecorator, CSRFRequired)
+            from rhodecode.model.db import User
             from rhodecode.model.permission import PermissionModel
             from rhodecode.model.repo_group import RepoGroupModel
             from rhodecode.model.forms import RepoGroupPermsForm
             from rhodecode.model.meta import Session
             log = logging.getLogger(__name__)
             class RepoGroupPermissionsView(RepoGroupAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     return c
                 @LoginRequired()
                 @HasRepoGroupPermissionAnyDecorator('group.admin')
                 @view_config(
                     route_name='edit_repo_group_perms', request_method='GET',
                     renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako')
                 def edit_repo_group_permissions(self):
                     c = self.load_default_context()
                     c.active = 'permissions'
                     c.repo_group = self.db_repo_group
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasRepoGroupPermissionAnyDecorator('group.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_repo_group_perms_update', request_method='POST',
                     renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako')
                 def edit_repo_groups_permissions_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'perms'
                     c.repo_group = self.db_repo_group
                     valid_recursive_choices = ['none', 'repos', 'groups', 'all']
                     form = RepoGroupPermsForm(self.request.translate, valid_recursive_choices)()\
                         .to_python(self.request.POST)
                     if not c.rhodecode_user.is_admin:
                         if self._revoke_perms_on_yourself(form):
                             msg = _('Cannot change permission for yourself as admin')
                             h.flash(msg, category='warning')
                             raise HTTPFound(
                                 h.route_path('edit_repo_group_perms',
                                              repo_group_name=self.db_repo_group_name))
                     # iterate over all members(if in recursive mode) of this groups and
                     # set the permissions !
                     # this can be potentially heavy operation
                     changes = RepoGroupModel().update_permissions(
                         c.repo_group,
                         form['perm_additions'], form['perm_updates'], form['perm_deletions'],
                         form['recursive'])
                     action_data = {
                         'added': changes['added'],
                         'updated': changes['updated'],
                         'deleted': changes['deleted'],
                     }
                     audit_logger.store_web(
                         'repo_group.edit.permissions', action_data=action_data,
                         user=c.rhodecode_user)
                     Session().commit()
                     h.flash(_('Repository Group permissions updated'), category='success')
-                    PermissionModel().flush_user_permission_caches(changes)
+                    affected_user_ids = None
+                    if changes.get('default_user_changed', False):
+                        # if we change the default user, we need to flush everyone permissions
+                        affected_user_ids = User.get_all_user_ids()
+                    PermissionModel().flush_user_permission_caches(
+                        changes, affected_user_ids=affected_user_ids)
                     raise HTTPFound(
                         h.route_path('edit_repo_group_perms',
                                      repo_group_name=self.db_repo_group_name))

rhodecode/apps/repository/views/repo_permissions.py

0 +16 -3

             # -*- coding: utf-8 -*-
             # Copyright (C) 2011-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             from pyramid.httpexceptions import HTTPFound
             from pyramid.view import view_config
             from rhodecode.apps._base import RepoAppView
             from rhodecode.lib import helpers as h
             from rhodecode.lib import audit_logger
             from rhodecode.lib.auth import (
                 LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)
+            from rhodecode.lib.utils2 import str2bool
+            from rhodecode.model.db import User
             from rhodecode.model.forms import RepoPermsForm
             from rhodecode.model.meta import Session
             from rhodecode.model.permission import PermissionModel
             from rhodecode.model.repo import RepoModel
             log = logging.getLogger(__name__)
             class RepoSettingsPermissionsView(RepoAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     return c
                 @LoginRequired()
                 @HasRepoPermissionAnyDecorator('repository.admin')
                 @view_config(
                     route_name='edit_repo_perms', request_method='GET',
                     renderer='rhodecode:templates/admin/repos/repo_edit.mako')
                 def edit_permissions(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'permissions'
                     if self.request.GET.get('branch_permissions'):
                         h.flash(_('Explicitly add user or user group with write+ '
                                   'permission to modify their branch permissions.'),
                                 category='notice')
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasRepoPermissionAnyDecorator('repository.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_repo_perms', request_method='POST',
                     renderer='rhodecode:templates/admin/repos/repo_edit.mako')
                 def edit_permissions_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'permissions'
                     data = self.request.POST
                     # store private flag outside of HTML to verify if we can modify
                     # default user permissions, prevents submission of FAKE post data
                     # into the form for private repos
                     data['repo_private'] = self.db_repo.private
                     form = RepoPermsForm(self.request.translate)().to_python(data)
                     changes = RepoModel().update_permissions(
                         self.db_repo_name, form['perm_additions'], form['perm_updates'],
                         form['perm_deletions'])
                     action_data = {
                         'added': changes['added'],
                         'updated': changes['updated'],
                         'deleted': changes['deleted'],
                     }
                     audit_logger.store_web(
                         'repo.edit.permissions', action_data=action_data,
                         user=self._rhodecode_user, repo=self.db_repo)
                     Session().commit()
                     h.flash(_('Repository access permissions updated'), category='success')
-                    PermissionModel().flush_user_permission_caches(changes)
+                    affected_user_ids = None
+                    if changes.get('default_user_changed', False):
+                        # if we change the default user, we need to flush everyone permissions
+                        affected_user_ids = User.get_all_user_ids()
+                    PermissionModel().flush_user_permission_caches(
+                        changes, affected_user_ids=affected_user_ids)
                     raise HTTPFound(
                         h.route_path('edit_repo_perms', repo_name=self.db_repo_name))
                 @LoginRequired()
                 @HasRepoPermissionAnyDecorator('repository.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_repo_perms_set_private', request_method='POST',
                     renderer='json_ext')
                 def edit_permissions_set_private_repo(self):
                     _ = self.request.translate
                     self.load_default_context()
+                    private_flag = str2bool(self.request.POST.get('private'))
                     try:
                         RepoModel().update(
-                            self.db_repo, **{'repo_private': True, 'repo_name': self.db_repo_name})
+                            self.db_repo, **{'repo_private': private_flag, 'repo_name': self.db_repo_name})
                         Session().commit()
                         h.flash(_('Repository `{}` private mode set successfully').format(self.db_repo_name),
                                 category='success')
                     except Exception:
                         log.exception("Exception during update of repository")
                         h.flash(_('Error occurred during update of repository {}').format(
                             self.db_repo_name), category='error')
+                    # NOTE(dan): we change repo private mode we need to notify all USERS
+                    affected_user_ids = User.get_all_user_ids()
+                    PermissionModel().trigger_permission_flush(affected_user_ids)
                     return {
                         'redirect_url': h.route_path('edit_repo_perms', repo_name=self.db_repo_name),
-                        'private': True
+                        'private': private_flag
                     }

rhodecode/apps/repository/views/repo_pull_requests.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/apps/repository/views/repo_settings_issue_trackers.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/authentication/base.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/authentication/plugins/auth_ldap.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/authentication/registry.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/authentication/views.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/config/patches.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/i18n/rhodecode.pot

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/lib/audit_logger.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/lib/auth.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/lib/base.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/lib/bleach_whitelist.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/lib/db_manage.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/lib/helpers.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/lib/markup_renderer.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/lib/middleware/simplevcs.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/lib/rc_beaker.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/lib/repo_maintenance.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/lib/vcs/backends/git/commit.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/lib/vcs/backends/hg/commit.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/lib/vcs/backends/hg/repository.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/lib/vcs/backends/svn/commit.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/lib/vcs/conf/mtypes.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/model/db.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/model/permission.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/model/pull_request.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/model/repo.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/model/repo_group.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/model/settings.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/model/ssh_key.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/public/css/legacy_code_styles.less

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/public/css/main.less

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/public/css/readme-box.less

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/public/css/tables.less

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/public/css/type.less

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/public/js/rhodecode/i18n/be.js

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/public/js/rhodecode/i18n/de.js

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/public/js/rhodecode/i18n/en.js

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/public/js/rhodecode/i18n/es.js

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/public/js/rhodecode/i18n/fr.js

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/public/js/rhodecode/i18n/it.js

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/public/js/rhodecode/i18n/ja.js

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/public/js/rhodecode/i18n/js_translations.js

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/public/js/rhodecode/i18n/pl.js

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/public/js/rhodecode/i18n/pt.js

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/public/js/rhodecode/i18n/ru.js

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/public/js/rhodecode/i18n/zh.js

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/public/js/rhodecode/routes.js

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/public/js/src/rhodecode.js

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/gists/gist_index.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/my_account/my_account_auth_tokens.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/my_account/my_account_password.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/my_account/my_account_profile.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/my_account/my_account_profile_edit.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/repo_groups/repo_group_add.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/repo_groups/repo_group_edit.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/repo_groups/repo_group_edit_permissions.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/repo_groups/repo_group_edit_settings.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/repos/repo_add_base.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/repos/repo_edit_issuetracker.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/repos/repo_edit_permissions.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/repos/repo_edit_settings.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/settings/settings_system.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/user_groups/user_group_edit_advanced.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/user_groups/user_group_edit_perms.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/user_groups/user_group_edit_settings.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/users/user_edit_advanced.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/users/user_edit_audit.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/users/user_edit_auth_tokens.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/users/user_edit_caches.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/users/user_edit_emails.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/users/user_edit_groups.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/users/user_edit_ips.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/users/user_edit_profile.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/users/user_edit_ssh_keys.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/admin/users/user_edit_ssh_keys_generate.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/base/base.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/base/issue_tracker_settings.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/changeset/changeset_file_comment.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/codeblocks/diffs.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/data_table/_dt_elements.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/debug_style/emails.html

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/email_templates/base.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/forks/fork.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/index_base.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/pullrequests/pullrequest.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/templates/pullrequests/pullrequest_show.mako

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/tests/fixture.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/tests/models/settings/test_issue_tracker.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/tests/vcs_operations/conftest.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages