u/ewong/rhodecode-enterprise-ce-fork Commit - r497:096f9488

1

# -*- coding: utf-8 -*-

1

# -*- coding: utf-8 -*-

2

3

4

#

4

#

5

# This program is free software: you can redistribute it and/or modify

5

# This program is free software: you can redistribute it and/or modify

6

# it under the terms of the GNU Affero General Public License, version 3

6

# it under the terms of the GNU Affero General Public License, version 3

7

# (only), as published by the Free Software Foundation.

7

# (only), as published by the Free Software Foundation.

8

#

8

#

9

# This program is distributed in the hope that it will be useful,

9

# This program is distributed in the hope that it will be useful,

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

12

# GNU General Public License for more details.

12

# GNU General Public License for more details.

13

#

13

#

14

# You should have received a copy of the GNU Affero General Public License

14

# You should have received a copy of the GNU Affero General Public License

15

# along with this program. If not, see <http://www.gnu.org/licenses/>.

15

# along with this program. If not, see <http://www.gnu.org/licenses/>.

16

#

16

#

17

# This program is dual-licensed. If you wish to learn more about the

17

# This program is dual-licensed. If you wish to learn more about the

18

# RhodeCode Enterprise Edition, including its added features, Support services,

18

# RhodeCode Enterprise Edition, including its added features, Support services,

19

# and proprietary license terms, please see https://rhodecode.com/licenses/

19

# and proprietary license terms, please see https://rhodecode.com/licenses/

20

21

"""

21

"""

22

Users crud controller for pylons

22

Users crud controller for pylons

23

"""

23

"""

24

25

import logging

25

import logging

26

import formencode

26

import formencode

27

28

from formencode import htmlfill

28

from formencode import htmlfill

29

from pylons import request, tmpl_context as c, url, config

29

from pylons import request, tmpl_context as c, url, config

30

from pylons.controllers.util import redirect

30

from pylons.controllers.util import redirect

31

from pylons.i18n.translation import _

31

from pylons.i18n.translation import _

32

33

from rhodecode.authentication.plugins import auth_rhodecode

33

from rhodecode.authentication.plugins import auth_rhodecode

34

from rhodecode.lib.exceptions import (

34

from rhodecode.lib.exceptions import (

35

DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,

35

DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,

36

UserOwnsUserGroupsException, UserCreationError)

36

UserOwnsUserGroupsException, UserCreationError)

37

from rhodecode.lib import helpers as h

37

from rhodecode.lib import helpers as h

38

from rhodecode.lib import auth

38

from rhodecode.lib import auth

39

from rhodecode.lib.auth import (

39

from rhodecode.lib.auth import (

40

LoginRequired, HasPermissionAllDecorator, AuthUser, generate_auth_token)

40

LoginRequired, HasPermissionAllDecorator, AuthUser, generate_auth_token)

41

from rhodecode.lib.base import BaseController, render

41

from rhodecode.lib.base import BaseController, render

42

from rhodecode.model.auth_token import AuthTokenModel

42

from rhodecode.model.auth_token import AuthTokenModel

43

44

from rhodecode.model.db import (

44

from rhodecode.model.db import (

45

PullRequestReviewers, User, UserEmailMap, UserIpMap, RepoGroup)

45

PullRequestReviewers, User, UserEmailMap, UserIpMap, RepoGroup)

46

from rhodecode.model.forms import (

46

from rhodecode.model.forms import (

47

UserForm, UserPermissionsForm, UserIndividualPermissionsForm)

47

UserForm, UserPermissionsForm, UserIndividualPermissionsForm)

48

from rhodecode.model.user import UserModel

48

from rhodecode.model.user import UserModel

49

from rhodecode.model.meta import Session

49

from rhodecode.model.meta import Session

50

from rhodecode.model.permission import PermissionModel

50

from rhodecode.model.permission import PermissionModel

51

from rhodecode.lib.utils import action_logger

51

from rhodecode.lib.utils import action_logger

52

from rhodecode.lib.ext_json import json

52

from rhodecode.lib.ext_json import json

53

from rhodecode.lib.utils2 import datetime_to_time, safe_int

53

from rhodecode.lib.utils2 import datetime_to_time, safe_int

54

55

log = logging.getLogger(__name__)

55

log = logging.getLogger(__name__)

56

57

58

class UsersController(BaseController):

58

class UsersController(BaseController):

59

"""REST Controller styled on the Atom Publishing Protocol"""

59

"""REST Controller styled on the Atom Publishing Protocol"""

60

61

@LoginRequired()

61

@LoginRequired()

62

def __before__(self):

62

def __before__(self):

63

super(UsersController, self).__before__()

63

super(UsersController, self).__before__()

64

c.available_permissions = config['available_permissions']

64

c.available_permissions = config['available_permissions']

65

c.allowed_languages = [

65

c.allowed_languages = [

66

('en', 'English (en)'),

66

('en', 'English (en)'),

67

('de', 'German (de)'),

67

('de', 'German (de)'),

68

('fr', 'French (fr)'),

68

('fr', 'French (fr)'),

69

('it', 'Italian (it)'),

69

('it', 'Italian (it)'),

70

('ja', 'Japanese (ja)'),

70

('ja', 'Japanese (ja)'),

71

('pl', 'Polish (pl)'),

71

('pl', 'Polish (pl)'),

72

('pt', 'Portuguese (pt)'),

72

('pt', 'Portuguese (pt)'),

73

('ru', 'Russian (ru)'),

73

('ru', 'Russian (ru)'),

74

('zh', 'Chinese (zh)'),

74

('zh', 'Chinese (zh)'),

75

]

75

]

76

PermissionModel().set_global_permission_choices(c, translator=_)

76

PermissionModel().set_global_permission_choices(c, translator=_)

77

78

@HasPermissionAllDecorator('hg.admin')

78

@HasPermissionAllDecorator('hg.admin')

79

def index(self):

79

def index(self):

80

"""GET /users: All items in the collection"""

80

"""GET /users: All items in the collection"""

81

# url('users')

81

# url('users')

82

83

from rhodecode.lib.utils import PartialRenderer

83

from rhodecode.lib.utils import PartialRenderer

84

_render = PartialRenderer('data_table/_dt_elements.html')

84

_render = PartialRenderer('data_table/_dt_elements.html')

85

86

def grav_tmpl(user_email, size):

87

return _render("user_gravatar", user_email, size)

88

89

def username(user_id, username):

86

def username(user_id, username):

90

return _render("user_name", user_id, username)

87

return _render("user_name", user_id, username)

91

88

92

def user_actions(user_id, username):

89

def user_actions(user_id, username):

93

return _render("user_actions", user_id, username)

90

return _render("user_actions", user_id, username)

94

91

95

# json generate

92

# json generate

96

c.users_list = User.query()\

93

c.users_list = User.query()\

97

.filter(User.username != User.DEFAULT_USER) \

94

.filter(User.username != User.DEFAULT_USER) \

98

.all()

95

.all()

99

96

100

users_data = []

97

users_data = []

101

for user in c.users_list:

98

for user in c.users_list:

102

users_data.append({

99

users_data.append({

103

"username": h.gravatar_with_user(user.username),

100

"username": h.gravatar_with_user(user.username),

104

"username_raw": user.username,

101

"username_raw": user.username,

105

"email": user.email,

102

"email": user.email,

106

"first_name": h.escape(user.name),

103

"first_name": h.escape(user.name),

107

"last_name": h.escape(user.lastname),

104

"last_name": h.escape(user.lastname),

108

"last_login": h.format_date(user.last_login),

105

"last_login": h.format_date(user.last_login),

109

"last_login_raw": datetime_to_time(user.last_login),

106

"last_login_raw": datetime_to_time(user.last_login),

110

"last_activity": h.format_date(

107

"last_activity": h.format_date(

111

h.time_to_datetime(user.user_data.get('last_activity', 0))),

108

h.time_to_datetime(user.user_data.get('last_activity', 0))),

112

"last_activity_raw": user.user_data.get('last_activity', 0),

109

"last_activity_raw": user.user_data.get('last_activity', 0),

113

"active": h.bool2icon(user.active),

110

"active": h.bool2icon(user.active),

114

"active_raw": user.active,

111

"active_raw": user.active,

115

"admin": h.bool2icon(user.admin),

112

"admin": h.bool2icon(user.admin),

116

"admin_raw": user.admin,

113

"admin_raw": user.admin,

117

"extern_type": user.extern_type,

114

"extern_type": user.extern_type,

118

"extern_name": user.extern_name,

115

"extern_name": user.extern_name,

119

"action": user_actions(user.user_id, user.username),

116

"action": user_actions(user.user_id, user.username),

120

})

117

})

121

118

122

119

123

c.data = json.dumps(users_data)

120

c.data = json.dumps(users_data)

124

return render('admin/users/users.html')

121

return render('admin/users/users.html')

125

122

126

@HasPermissionAllDecorator('hg.admin')

123

@HasPermissionAllDecorator('hg.admin')

127

@auth.CSRFRequired()

124

@auth.CSRFRequired()

128

def create(self):

125

def create(self):

129

"""POST /users: Create a new item"""

126

"""POST /users: Create a new item"""

130

# url('users')

127

# url('users')

131

c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name

128

c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name

132

user_model = UserModel()

129

user_model = UserModel()

133

user_form = UserForm()()

130

user_form = UserForm()()

134

try:

131

try:

135

form_result = user_form.to_python(dict(request.POST))

132

form_result = user_form.to_python(dict(request.POST))

136

user = user_model.create(form_result)

133

user = user_model.create(form_result)

137

Session().flush()

134

Session().flush()

138

username = form_result['username']

135

username = form_result['username']

139

action_logger(c.rhodecode_user, 'admin_created_user:%s' % username,

136

action_logger(c.rhodecode_user, 'admin_created_user:%s' % username,

140

None, self.ip_addr, self.sa)

137

None, self.ip_addr, self.sa)

141

138

142

user_link = h.link_to(h.escape(username),

139

user_link = h.link_to(h.escape(username),

143

url('edit_user',

140

url('edit_user',

144

user_id=user.user_id))

141

user_id=user.user_id))

145

h.flash(h.literal(_('Created user %(user_link)s')

142

h.flash(h.literal(_('Created user %(user_link)s')

146

% {'user_link': user_link}), category='success')

143

% {'user_link': user_link}), category='success')

147

Session().commit()

144

Session().commit()

148

except formencode.Invalid as errors:

145

except formencode.Invalid as errors:

149

return htmlfill.render(

146

return htmlfill.render(

150

render('admin/users/user_add.html'),

147

render('admin/users/user_add.html'),

151

defaults=errors.value,

148

defaults=errors.value,

152

errors=errors.error_dict or {},

149

errors=errors.error_dict or {},

153

prefix_error=False,

150

prefix_error=False,

154

encoding="UTF-8",

151

encoding="UTF-8",

155

force_defaults=False)

152

force_defaults=False)

156

except UserCreationError as e:

153

except UserCreationError as e:

157

h.flash(e, 'error')

154

h.flash(e, 'error')

158

except Exception:

155

except Exception:

159

log.exception("Exception creation of user")

156

log.exception("Exception creation of user")

160

h.flash(_('Error occurred during creation of user %s')

157

h.flash(_('Error occurred during creation of user %s')

161

% request.POST.get('username'), category='error')

158

% request.POST.get('username'), category='error')

162

return redirect(url('users'))

159

return redirect(url('users'))

163

160

164

@HasPermissionAllDecorator('hg.admin')

161

@HasPermissionAllDecorator('hg.admin')

165

def new(self):

162

def new(self):

166

"""GET /users/new: Form to create a new item"""

163

"""GET /users/new: Form to create a new item"""

167

# url('new_user')

164

# url('new_user')

168

c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name

165

c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name

169

return render('admin/users/user_add.html')

166

return render('admin/users/user_add.html')

170

167

171

@HasPermissionAllDecorator('hg.admin')

168

@HasPermissionAllDecorator('hg.admin')

172

@auth.CSRFRequired()

169

@auth.CSRFRequired()

173

def update(self, user_id):

170

def update(self, user_id):

174

"""PUT /users/user_id: Update an existing item"""

171

"""PUT /users/user_id: Update an existing item"""

175

# Forms posted to this method should contain a hidden field:

172

# Forms posted to this method should contain a hidden field:

176

# <input type="hidden" name="_method" value="PUT" />

173

# <input type="hidden" name="_method" value="PUT" />

177

# Or using helpers:

174

# Or using helpers:

178

# h.form(url('update_user', user_id=ID),

175

# h.form(url('update_user', user_id=ID),

179

# method='put')

176

# method='put')

180

# url('user', user_id=ID)

177

# url('user', user_id=ID)

181

user_id = safe_int(user_id)

178

user_id = safe_int(user_id)

182

c.user = User.get_or_404(user_id)

179

c.user = User.get_or_404(user_id)

183

c.active = 'profile'

180

c.active = 'profile'

184

c.extern_type = c.user.extern_type

181

c.extern_type = c.user.extern_type

185

c.extern_name = c.user.extern_name

182

c.extern_name = c.user.extern_name

186

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

183

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

187

available_languages = [x[0] for x in c.allowed_languages]

184

available_languages = [x[0] for x in c.allowed_languages]

188

_form = UserForm(edit=True, available_languages=available_languages,

185

_form = UserForm(edit=True, available_languages=available_languages,

189

old_data={'user_id': user_id,

186

old_data={'user_id': user_id,

190

'email': c.user.email})()

187

'email': c.user.email})()

191

form_result = {}

188

form_result = {}

192

try:

189

try:

193

form_result = _form.to_python(dict(request.POST))

190

form_result = _form.to_python(dict(request.POST))

194

skip_attrs = ['extern_type', 'extern_name']

191

skip_attrs = ['extern_type', 'extern_name']

195

# TODO: plugin should define if username can be updated

192

# TODO: plugin should define if username can be updated

196

if c.extern_type != "rhodecode":

193

if c.extern_type != "rhodecode":

197

# forbid updating username for external accounts

194

# forbid updating username for external accounts

198

skip_attrs.append('username')

195

skip_attrs.append('username')

199

196

200

UserModel().update_user(user_id, skip_attrs=skip_attrs, **form_result)

197

UserModel().update_user(user_id, skip_attrs=skip_attrs, **form_result)

201

usr = form_result['username']

198

usr = form_result['username']

202

action_logger(c.rhodecode_user, 'admin_updated_user:%s' % usr,

199

action_logger(c.rhodecode_user, 'admin_updated_user:%s' % usr,

203

None, self.ip_addr, self.sa)

200

None, self.ip_addr, self.sa)

204

h.flash(_('User updated successfully'), category='success')

201

h.flash(_('User updated successfully'), category='success')

205

Session().commit()

202

Session().commit()

206

except formencode.Invalid as errors:

203

except formencode.Invalid as errors:

207

defaults = errors.value

204

defaults = errors.value

208

e = errors.error_dict or {}

205

e = errors.error_dict or {}

209

206

210

return htmlfill.render(

207

return htmlfill.render(

211

render('admin/users/user_edit.html'),

208

render('admin/users/user_edit.html'),

212

defaults=defaults,

209

defaults=defaults,

213

errors=e,

210

errors=e,

214

prefix_error=False,

211

prefix_error=False,

215

encoding="UTF-8",

212

encoding="UTF-8",

216

force_defaults=False)

213

force_defaults=False)

217

except UserCreationError as e:

214

except UserCreationError as e:

218

h.flash(e, 'error')

215

h.flash(e, 'error')

219

except Exception:

216

except Exception:

220

log.exception("Exception updating user")

217

log.exception("Exception updating user")

221

h.flash(_('Error occurred during update of user %s')

218

h.flash(_('Error occurred during update of user %s')

222

% form_result.get('username'), category='error')

219

% form_result.get('username'), category='error')

223

return redirect(url('edit_user', user_id=user_id))

220

return redirect(url('edit_user', user_id=user_id))

224

221

225

@HasPermissionAllDecorator('hg.admin')

222

@HasPermissionAllDecorator('hg.admin')

226

@auth.CSRFRequired()

223

@auth.CSRFRequired()

227

def delete(self, user_id):

224

def delete(self, user_id):

228

"""DELETE /users/user_id: Delete an existing item"""

225

"""DELETE /users/user_id: Delete an existing item"""

229

# Forms posted to this method should contain a hidden field:

226

# Forms posted to this method should contain a hidden field:

230

# <input type="hidden" name="_method" value="DELETE" />

227

# <input type="hidden" name="_method" value="DELETE" />

231

# Or using helpers:

228

# Or using helpers:

232

# h.form(url('delete_user', user_id=ID),

229

# h.form(url('delete_user', user_id=ID),

233

# method='delete')

230

# method='delete')

234

# url('user', user_id=ID)

231

# url('user', user_id=ID)

235

user_id = safe_int(user_id)

232

user_id = safe_int(user_id)

236

c.user = User.get_or_404(user_id)

233

c.user = User.get_or_404(user_id)

237

234

238

_repos = c.user.repositories

235

_repos = c.user.repositories

239

_repo_groups = c.user.repository_groups

236

_repo_groups = c.user.repository_groups

240

_user_groups = c.user.user_groups

237

_user_groups = c.user.user_groups

241

238

242

handle_repos = None

239

handle_repos = None

243

handle_repo_groups = None

240

handle_repo_groups = None

244

handle_user_groups = None

241

handle_user_groups = None

245

# dummy call for flash of handle

242

# dummy call for flash of handle

246

set_handle_flash_repos = lambda: None

243

set_handle_flash_repos = lambda: None

247

set_handle_flash_repo_groups = lambda: None

244

set_handle_flash_repo_groups = lambda: None

248

set_handle_flash_user_groups = lambda: None

245

set_handle_flash_user_groups = lambda: None

249

246

250

if _repos and request.POST.get('user_repos'):

247

if _repos and request.POST.get('user_repos'):

251

do = request.POST['user_repos']

248

do = request.POST['user_repos']

252

if do == 'detach':

249

if do == 'detach':

253

handle_repos = 'detach'

250

handle_repos = 'detach'

254

set_handle_flash_repos = lambda: h.flash(

251

set_handle_flash_repos = lambda: h.flash(

255

_('Detached %s repositories') % len(_repos),

252

_('Detached %s repositories') % len(_repos),

256

category='success')

253

category='success')

257

elif do == 'delete':

254

elif do == 'delete':

258

handle_repos = 'delete'

255

handle_repos = 'delete'

259

set_handle_flash_repos = lambda: h.flash(

256

set_handle_flash_repos = lambda: h.flash(

260

_('Deleted %s repositories') % len(_repos),

257

_('Deleted %s repositories') % len(_repos),

261

category='success')

258

category='success')

262

259

263

if _repo_groups and request.POST.get('user_repo_groups'):

260

if _repo_groups and request.POST.get('user_repo_groups'):

264

do = request.POST['user_repo_groups']

261

do = request.POST['user_repo_groups']

265

if do == 'detach':

262

if do == 'detach':

266

handle_repo_groups = 'detach'

263

handle_repo_groups = 'detach'

267

set_handle_flash_repo_groups = lambda: h.flash(

264

set_handle_flash_repo_groups = lambda: h.flash(

268

_('Detached %s repository groups') % len(_repo_groups),

265

_('Detached %s repository groups') % len(_repo_groups),

269

category='success')

266

category='success')

270

elif do == 'delete':

267

elif do == 'delete':

271

handle_repo_groups = 'delete'

268

handle_repo_groups = 'delete'

272

set_handle_flash_repo_groups = lambda: h.flash(

269

set_handle_flash_repo_groups = lambda: h.flash(

273

_('Deleted %s repository groups') % len(_repo_groups),

270

_('Deleted %s repository groups') % len(_repo_groups),

274

category='success')

271

category='success')

275

272

276

if _user_groups and request.POST.get('user_user_groups'):

273

if _user_groups and request.POST.get('user_user_groups'):

277

do = request.POST['user_user_groups']

274

do = request.POST['user_user_groups']

278

if do == 'detach':

275

if do == 'detach':

279

handle_user_groups = 'detach'

276

handle_user_groups = 'detach'

280

set_handle_flash_user_groups = lambda: h.flash(

277

set_handle_flash_user_groups = lambda: h.flash(

281

_('Detached %s user groups') % len(_user_groups),

278

_('Detached %s user groups') % len(_user_groups),

282

category='success')

279

category='success')

283

elif do == 'delete':

280

elif do == 'delete':

284

handle_user_groups = 'delete'

281

handle_user_groups = 'delete'

285

set_handle_flash_user_groups = lambda: h.flash(

282

set_handle_flash_user_groups = lambda: h.flash(

286

_('Deleted %s user groups') % len(_user_groups),

283

_('Deleted %s user groups') % len(_user_groups),

287

category='success')

284

category='success')

288

285

289

try:

286

try:

290

UserModel().delete(c.user, handle_repos=handle_repos,

287

UserModel().delete(c.user, handle_repos=handle_repos,

291

handle_repo_groups=handle_repo_groups,

288

handle_repo_groups=handle_repo_groups,

292

handle_user_groups=handle_user_groups)

289

handle_user_groups=handle_user_groups)

293

Session().commit()

290

Session().commit()

294

set_handle_flash_repos()

291

set_handle_flash_repos()

295

set_handle_flash_repo_groups()

292

set_handle_flash_repo_groups()

296

set_handle_flash_user_groups()

293

set_handle_flash_user_groups()

297

h.flash(_('Successfully deleted user'), category='success')

294

h.flash(_('Successfully deleted user'), category='success')

298

except (UserOwnsReposException, UserOwnsRepoGroupsException,

295

except (UserOwnsReposException, UserOwnsRepoGroupsException,

299

UserOwnsUserGroupsException, DefaultUserException) as e:

296

UserOwnsUserGroupsException, DefaultUserException) as e:

300

h.flash(e, category='warning')

297

h.flash(e, category='warning')

301

except Exception:

298

except Exception:

302

log.exception("Exception during deletion of user")

299

log.exception("Exception during deletion of user")

303

h.flash(_('An error occurred during deletion of user'),

300

h.flash(_('An error occurred during deletion of user'),

304

category='error')

301

category='error')

305

return redirect(url('users'))

302

return redirect(url('users'))

306

303

307

@HasPermissionAllDecorator('hg.admin')

304

@HasPermissionAllDecorator('hg.admin')

308

@auth.CSRFRequired()

305

@auth.CSRFRequired()

309

def reset_password(self, user_id):

306

def reset_password(self, user_id):

310

"""

307

"""

311

toggle reset password flag for this user

308

toggle reset password flag for this user

312

309

313

:param user_id:

310

:param user_id:

314

"""

311

"""

315

user_id = safe_int(user_id)

312

user_id = safe_int(user_id)

316

c.user = User.get_or_404(user_id)

313

c.user = User.get_or_404(user_id)

317

try:

314

try:

318

old_value = c.user.user_data.get('force_password_change')

315

old_value = c.user.user_data.get('force_password_change')

319

c.user.update_userdata(force_password_change=not old_value)

316

c.user.update_userdata(force_password_change=not old_value)

320

Session().commit()

317

Session().commit()

321

if old_value:

318

if old_value:

322

msg = _('Force password change disabled for user')

319

msg = _('Force password change disabled for user')

323

else:

320

else:

324

msg = _('Force password change enabled for user')

321

msg = _('Force password change enabled for user')

325

h.flash(msg, category='success')

322

h.flash(msg, category='success')

326

except Exception:

323

except Exception:

327

log.exception("Exception during password reset for user")

324

log.exception("Exception during password reset for user")

328

h.flash(_('An error occurred during password reset for user'),

325

h.flash(_('An error occurred during password reset for user'),

329

category='error')

326

category='error')

330

327

331

return redirect(url('edit_user_advanced', user_id=user_id))

328

return redirect(url('edit_user_advanced', user_id=user_id))

332

329

333

@HasPermissionAllDecorator('hg.admin')

330

@HasPermissionAllDecorator('hg.admin')

334

@auth.CSRFRequired()

331

@auth.CSRFRequired()

335

def create_personal_repo_group(self, user_id):

332

def create_personal_repo_group(self, user_id):

336

"""

333

"""

337

Create personal repository group for this user

334

Create personal repository group for this user

338

335

339

:param user_id:

336

:param user_id:

340

"""

337

"""

341

from rhodecode.model.repo_group import RepoGroupModel

338

from rhodecode.model.repo_group import RepoGroupModel

342

339

343

user_id = safe_int(user_id)

340

user_id = safe_int(user_id)

344

c.user = User.get_or_404(user_id)

341

c.user = User.get_or_404(user_id)

345

342

346

try:

343

try:

347

desc = RepoGroupModel.PERSONAL_GROUP_DESC % {

344

desc = RepoGroupModel.PERSONAL_GROUP_DESC % {

348

'username': c.user.username}

345

'username': c.user.username}

349

if not RepoGroup.get_by_group_name(c.user.username):

346

if not RepoGroup.get_by_group_name(c.user.username):

350

RepoGroupModel().create(group_name=c.user.username,

347

RepoGroupModel().create(group_name=c.user.username,

351

group_description=desc,

348

group_description=desc,

352

owner=c.user.username)

349

owner=c.user.username)

353

350

354

msg = _('Created repository group `%s`' % (c.user.username,))

351

msg = _('Created repository group `%s`' % (c.user.username,))

355

h.flash(msg, category='success')

352

h.flash(msg, category='success')

356

except Exception:

353

except Exception:

357

log.exception("Exception during repository group creation")

354

log.exception("Exception during repository group creation")

358

msg = _(

355

msg = _(

359

'An error occurred during repository group creation for user')

356

'An error occurred during repository group creation for user')

360

h.flash(msg, category='error')

357

h.flash(msg, category='error')

361

358

362

return redirect(url('edit_user_advanced', user_id=user_id))

359

return redirect(url('edit_user_advanced', user_id=user_id))

363

360

364

@HasPermissionAllDecorator('hg.admin')

361

@HasPermissionAllDecorator('hg.admin')

365

def show(self, user_id):

362

def show(self, user_id):

366

"""GET /users/user_id: Show a specific item"""

363

"""GET /users/user_id: Show a specific item"""

367

# url('user', user_id=ID)

364

# url('user', user_id=ID)

368

User.get_or_404(-1)

365

User.get_or_404(-1)

369

366

370

@HasPermissionAllDecorator('hg.admin')

367

@HasPermissionAllDecorator('hg.admin')

371

def edit(self, user_id):

368

def edit(self, user_id):

372

"""GET /users/user_id/edit: Form to edit an existing item"""

369

"""GET /users/user_id/edit: Form to edit an existing item"""

373

# url('edit_user', user_id=ID)

370

# url('edit_user', user_id=ID)

374

user_id = safe_int(user_id)

371

user_id = safe_int(user_id)

375

c.user = User.get_or_404(user_id)

372

c.user = User.get_or_404(user_id)

376

if c.user.username == User.DEFAULT_USER:

373

if c.user.username == User.DEFAULT_USER:

377

h.flash(_("You can't edit this user"), category='warning')

374

h.flash(_("You can't edit this user"), category='warning')

378

return redirect(url('users'))

375

return redirect(url('users'))

379

376

380

c.active = 'profile'

377

c.active = 'profile'

381

c.extern_type = c.user.extern_type

378

c.extern_type = c.user.extern_type

382

c.extern_name = c.user.extern_name

379

c.extern_name = c.user.extern_name

383

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

380

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

384

381

385

defaults = c.user.get_dict()

382

defaults = c.user.get_dict()

386

defaults.update({'language': c.user.user_data.get('language')})

383

defaults.update({'language': c.user.user_data.get('language')})

387

return htmlfill.render(

384

return htmlfill.render(

388

render('admin/users/user_edit.html'),

385

render('admin/users/user_edit.html'),

389

defaults=defaults,

386

defaults=defaults,

390

encoding="UTF-8",

387

encoding="UTF-8",

391

force_defaults=False)

388

force_defaults=False)

392

389

393

@HasPermissionAllDecorator('hg.admin')

390

@HasPermissionAllDecorator('hg.admin')

394

def edit_advanced(self, user_id):

391

def edit_advanced(self, user_id):

395

user_id = safe_int(user_id)

392

user_id = safe_int(user_id)

396

user = c.user = User.get_or_404(user_id)

393

user = c.user = User.get_or_404(user_id)

397

if user.username == User.DEFAULT_USER:

394

if user.username == User.DEFAULT_USER:

398

h.flash(_("You can't edit this user"), category='warning')

395

h.flash(_("You can't edit this user"), category='warning')

399

return redirect(url('users'))

396

return redirect(url('users'))

400

397

401

c.active = 'advanced'

398

c.active = 'advanced'

402

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

399

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

403

c.personal_repo_group = RepoGroup.get_by_group_name(user.username)

400

c.personal_repo_group = RepoGroup.get_by_group_name(user.username)

404

c.first_admin = User.get_first_super_admin()

401

c.first_admin = User.get_first_super_admin()

405

defaults = user.get_dict()

402

defaults = user.get_dict()

406

403

407

# Interim workaround if the user participated on any pull requests as a

404

# Interim workaround if the user participated on any pull requests as a

408

# reviewer.

405

# reviewer.

409

has_review = bool(PullRequestReviewers.query().filter(

406

has_review = bool(PullRequestReviewers.query().filter(

410

PullRequestReviewers.user_id == user_id).first())

407

PullRequestReviewers.user_id == user_id).first())

411

c.can_delete_user = not has_review

408

c.can_delete_user = not has_review

412

c.can_delete_user_message = _(

409

c.can_delete_user_message = _(

413

'The user participates as reviewer in pull requests and '

410

'The user participates as reviewer in pull requests and '

414

'cannot be deleted. You can set the user to '

411

'cannot be deleted. You can set the user to '

415

'"inactive" instead of deleting it.') if has_review else ''

412

'"inactive" instead of deleting it.') if has_review else ''

416

413

417

return htmlfill.render(

414

return htmlfill.render(

418

render('admin/users/user_edit.html'),

415

render('admin/users/user_edit.html'),

419

defaults=defaults,

416

defaults=defaults,

420

encoding="UTF-8",

417

encoding="UTF-8",

421

force_defaults=False)

418

force_defaults=False)

422

419

423

@HasPermissionAllDecorator('hg.admin')

420

@HasPermissionAllDecorator('hg.admin')

424

def edit_auth_tokens(self, user_id):

421

def edit_auth_tokens(self, user_id):

425

user_id = safe_int(user_id)

422

user_id = safe_int(user_id)

426

c.user = User.get_or_404(user_id)

423

c.user = User.get_or_404(user_id)

427

if c.user.username == User.DEFAULT_USER:

424

if c.user.username == User.DEFAULT_USER:

428

h.flash(_("You can't edit this user"), category='warning')

425

h.flash(_("You can't edit this user"), category='warning')

429

return redirect(url('users'))

426

return redirect(url('users'))

430

427

431

c.active = 'auth_tokens'

428

c.active = 'auth_tokens'

432

show_expired = True

429

show_expired = True

433

c.lifetime_values = [

430

c.lifetime_values = [

434

(str(-1), _('forever')),

431

(str(-1), _('forever')),

435

(str(5), _('5 minutes')),

432

(str(5), _('5 minutes')),

436

(str(60), _('1 hour')),

433

(str(60), _('1 hour')),

437

(str(60 * 24), _('1 day')),

434

(str(60 * 24), _('1 day')),

438

(str(60 * 24 * 30), _('1 month')),

435

(str(60 * 24 * 30), _('1 month')),

439

]

436

]

440

c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]

437

c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]

441

c.role_values = [(x, AuthTokenModel.cls._get_role_name(x))

438

c.role_values = [(x, AuthTokenModel.cls._get_role_name(x))

442

for x in AuthTokenModel.cls.ROLES]

439

for x in AuthTokenModel.cls.ROLES]

443

c.role_options = [(c.role_values, _("Role"))]

440

c.role_options = [(c.role_values, _("Role"))]

444

c.user_auth_tokens = AuthTokenModel().get_auth_tokens(

441

c.user_auth_tokens = AuthTokenModel().get_auth_tokens(

445

c.user.user_id, show_expired=show_expired)

442

c.user.user_id, show_expired=show_expired)

446

defaults = c.user.get_dict()

443

defaults = c.user.get_dict()

447

return htmlfill.render(

444

return htmlfill.render(

448

render('admin/users/user_edit.html'),

445

render('admin/users/user_edit.html'),

449

defaults=defaults,

446

defaults=defaults,

450

encoding="UTF-8",

447

encoding="UTF-8",

451

force_defaults=False)

448

force_defaults=False)

452

449

453

@HasPermissionAllDecorator('hg.admin')

450

@HasPermissionAllDecorator('hg.admin')

454

@auth.CSRFRequired()

451

@auth.CSRFRequired()

455

def add_auth_token(self, user_id):

452

def add_auth_token(self, user_id):

456

user_id = safe_int(user_id)

453

user_id = safe_int(user_id)

457

c.user = User.get_or_404(user_id)

454

c.user = User.get_or_404(user_id)

458

if c.user.username == User.DEFAULT_USER:

455

if c.user.username == User.DEFAULT_USER:

459

h.flash(_("You can't edit this user"), category='warning')

456

h.flash(_("You can't edit this user"), category='warning')

460

return redirect(url('users'))

457

return redirect(url('users'))

461

458

462

lifetime = safe_int(request.POST.get('lifetime'), -1)

459

lifetime = safe_int(request.POST.get('lifetime'), -1)

463

description = request.POST.get('description')

460

description = request.POST.get('description')

464

role = request.POST.get('role')

461

role = request.POST.get('role')

465

AuthTokenModel().create(c.user.user_id, description, lifetime, role)

462

AuthTokenModel().create(c.user.user_id, description, lifetime, role)

466

Session().commit()

463

Session().commit()

467

h.flash(_("Auth token successfully created"), category='success')

464

h.flash(_("Auth token successfully created"), category='success')

468

return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id))

465

return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id))

469

466

470

@HasPermissionAllDecorator('hg.admin')

467

@HasPermissionAllDecorator('hg.admin')

471

@auth.CSRFRequired()

468

@auth.CSRFRequired()

472

def delete_auth_token(self, user_id):

469

def delete_auth_token(self, user_id):

473

user_id = safe_int(user_id)

470

user_id = safe_int(user_id)

474

c.user = User.get_or_404(user_id)

471

c.user = User.get_or_404(user_id)

475

if c.user.username == User.DEFAULT_USER:

472

if c.user.username == User.DEFAULT_USER:

476

h.flash(_("You can't edit this user"), category='warning')

473

h.flash(_("You can't edit this user"), category='warning')

477

return redirect(url('users'))

474

return redirect(url('users'))

478

475

479

auth_token = request.POST.get('del_auth_token')

476

auth_token = request.POST.get('del_auth_token')

480

if request.POST.get('del_auth_token_builtin'):

477

if request.POST.get('del_auth_token_builtin'):

481

user = User.get(c.user.user_id)

478

user = User.get(c.user.user_id)

482

if user:

479

if user:

483

user.api_key = generate_auth_token(user.username)

480

user.api_key = generate_auth_token(user.username)

484

Session().add(user)

481

Session().add(user)

485

Session().commit()

482

Session().commit()

486

h.flash(_("Auth token successfully reset"), category='success')

483

h.flash(_("Auth token successfully reset"), category='success')

487

elif auth_token:

484

elif auth_token:

488

AuthTokenModel().delete(auth_token, c.user.user_id)

485

AuthTokenModel().delete(auth_token, c.user.user_id)

489

Session().commit()

486

Session().commit()

490

h.flash(_("Auth token successfully deleted"), category='success')

487

h.flash(_("Auth token successfully deleted"), category='success')

491

488

492

return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id))

489

return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id))

493

490

494

@HasPermissionAllDecorator('hg.admin')

491

@HasPermissionAllDecorator('hg.admin')

495

def edit_global_perms(self, user_id):

492

def edit_global_perms(self, user_id):

496

user_id = safe_int(user_id)

493

user_id = safe_int(user_id)

497

c.user = User.get_or_404(user_id)

494

c.user = User.get_or_404(user_id)

498

if c.user.username == User.DEFAULT_USER:

495

if c.user.username == User.DEFAULT_USER:

499

h.flash(_("You can't edit this user"), category='warning')

496

h.flash(_("You can't edit this user"), category='warning')

500

return redirect(url('users'))

497

return redirect(url('users'))

501

498

502

c.active = 'global_perms'

499

c.active = 'global_perms'

503

500

504

c.default_user = User.get_default_user()

501

c.default_user = User.get_default_user()

505

defaults = c.user.get_dict()

502

defaults = c.user.get_dict()

506

defaults.update(c.default_user.get_default_perms(suffix='_inherited'))

503

defaults.update(c.default_user.get_default_perms(suffix='_inherited'))

507

defaults.update(c.default_user.get_default_perms())

504

defaults.update(c.default_user.get_default_perms())

508

defaults.update(c.user.get_default_perms())

505

defaults.update(c.user.get_default_perms())

509

506

510

return htmlfill.render(

507

return htmlfill.render(

511

render('admin/users/user_edit.html'),

508

render('admin/users/user_edit.html'),

512

defaults=defaults,

509

defaults=defaults,

513

encoding="UTF-8",

510

encoding="UTF-8",

514

force_defaults=False)

511

force_defaults=False)

515

512

516

@HasPermissionAllDecorator('hg.admin')

513

@HasPermissionAllDecorator('hg.admin')

517

@auth.CSRFRequired()

514

@auth.CSRFRequired()

518

def update_global_perms(self, user_id):

515

def update_global_perms(self, user_id):

519

"""PUT /users_perm/user_id: Update an existing item"""

516

"""PUT /users_perm/user_id: Update an existing item"""

520

# url('user_perm', user_id=ID, method='put')

517

# url('user_perm', user_id=ID, method='put')

521

user_id = safe_int(user_id)

518

user_id = safe_int(user_id)

522

user = User.get_or_404(user_id)

519

user = User.get_or_404(user_id)

523

c.active = 'global_perms'

520

c.active = 'global_perms'

524

try:

521

try:

525

# first stage that verifies the checkbox

522

# first stage that verifies the checkbox

526

_form = UserIndividualPermissionsForm()

523

_form = UserIndividualPermissionsForm()

527

form_result = _form.to_python(dict(request.POST))

524

form_result = _form.to_python(dict(request.POST))

528

inherit_perms = form_result['inherit_default_permissions']

525

inherit_perms = form_result['inherit_default_permissions']

529

user.inherit_default_permissions = inherit_perms

526

user.inherit_default_permissions = inherit_perms

530

Session().add(user)

527

Session().add(user)

531

528

532

if not inherit_perms:

529

if not inherit_perms:

533

# only update the individual ones if we un check the flag

530

# only update the individual ones if we un check the flag

534

_form = UserPermissionsForm(

531

_form = UserPermissionsForm(

535

[x[0] for x in c.repo_create_choices],

532

[x[0] for x in c.repo_create_choices],

536

[x[0] for x in c.repo_create_on_write_choices],

533

[x[0] for x in c.repo_create_on_write_choices],

537

[x[0] for x in c.repo_group_create_choices],

534

[x[0] for x in c.repo_group_create_choices],

538

[x[0] for x in c.user_group_create_choices],

535

[x[0] for x in c.user_group_create_choices],

539

[x[0] for x in c.fork_choices],

536

[x[0] for x in c.fork_choices],

540

[x[0] for x in c.inherit_default_permission_choices])()

537

[x[0] for x in c.inherit_default_permission_choices])()

541

538

542

form_result = _form.to_python(dict(request.POST))

539

form_result = _form.to_python(dict(request.POST))

543

form_result.update({'perm_user_id': user.user_id})

540

form_result.update({'perm_user_id': user.user_id})

544

541

545

PermissionModel().update_user_permissions(form_result)

542

PermissionModel().update_user_permissions(form_result)

546

543

547

Session().commit()

544

Session().commit()

548

h.flash(_('User global permissions updated successfully'),

545

h.flash(_('User global permissions updated successfully'),

549

category='success')

546

category='success')

550

547

551

Session().commit()

548

Session().commit()

552

except formencode.Invalid as errors:

549

except formencode.Invalid as errors:

553

defaults = errors.value

550

defaults = errors.value

554

c.user = user

551

c.user = user

555

return htmlfill.render(

552

return htmlfill.render(

556

render('admin/users/user_edit.html'),

553

render('admin/users/user_edit.html'),

557

defaults=defaults,

554

defaults=defaults,

558

errors=errors.error_dict or {},

555

errors=errors.error_dict or {},

559

prefix_error=False,

556

prefix_error=False,

560

encoding="UTF-8",

557

encoding="UTF-8",

561

force_defaults=False)

558

force_defaults=False)

562

except Exception:

559

except Exception:

563

log.exception("Exception during permissions saving")

560

log.exception("Exception during permissions saving")

564

h.flash(_('An error occurred during permissions saving'),

561

h.flash(_('An error occurred during permissions saving'),

565

category='error')

562

category='error')

566

return redirect(url('edit_user_global_perms', user_id=user_id))

563

return redirect(url('edit_user_global_perms', user_id=user_id))

567

564

568

@HasPermissionAllDecorator('hg.admin')

565

@HasPermissionAllDecorator('hg.admin')

569

def edit_perms_summary(self, user_id):

566

def edit_perms_summary(self, user_id):

570

user_id = safe_int(user_id)

567

user_id = safe_int(user_id)

571

c.user = User.get_or_404(user_id)

568

c.user = User.get_or_404(user_id)

572

if c.user.username == User.DEFAULT_USER:

569

if c.user.username == User.DEFAULT_USER:

573

h.flash(_("You can't edit this user"), category='warning')

570

h.flash(_("You can't edit this user"), category='warning')

574

return redirect(url('users'))

571

return redirect(url('users'))

575

572

576

c.active = 'perms_summary'

573

c.active = 'perms_summary'

577

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

574

c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)

578

575

579

return render('admin/users/user_edit.html')

576

return render('admin/users/user_edit.html')

580

577

581

@HasPermissionAllDecorator('hg.admin')

578

@HasPermissionAllDecorator('hg.admin')

582

def edit_emails(self, user_id):

579

def edit_emails(self, user_id):

583

user_id = safe_int(user_id)

580

user_id = safe_int(user_id)

584

c.user = User.get_or_404(user_id)

581

c.user = User.get_or_404(user_id)

585

if c.user.username == User.DEFAULT_USER:

582

if c.user.username == User.DEFAULT_USER:

586

h.flash(_("You can't edit this user"), category='warning')

583

h.flash(_("You can't edit this user"), category='warning')

587

return redirect(url('users'))

584

return redirect(url('users'))

588

585

589

c.active = 'emails'

586

c.active = 'emails'

590

c.user_email_map = UserEmailMap.query() \

587

c.user_email_map = UserEmailMap.query() \

591

.filter(UserEmailMap.user == c.user).all()

588

.filter(UserEmailMap.user == c.user).all()

592

589

593

defaults = c.user.get_dict()

590

defaults = c.user.get_dict()

594

return htmlfill.render(

591

return htmlfill.render(

595

render('admin/users/user_edit.html'),

592

render('admin/users/user_edit.html'),

596

defaults=defaults,

593

defaults=defaults,

597

encoding="UTF-8",

594

encoding="UTF-8",

598

force_defaults=False)

595

force_defaults=False)

599

596

600

@HasPermissionAllDecorator('hg.admin')

597

@HasPermissionAllDecorator('hg.admin')

601

@auth.CSRFRequired()

598

@auth.CSRFRequired()

602

def add_email(self, user_id):

599

def add_email(self, user_id):

603

"""POST /user_emails:Add an existing item"""

600

"""POST /user_emails:Add an existing item"""

604

# url('user_emails', user_id=ID, method='put')

601

# url('user_emails', user_id=ID, method='put')

605

user_id = safe_int(user_id)

602

user_id = safe_int(user_id)

606

c.user = User.get_or_404(user_id)

603

c.user = User.get_or_404(user_id)

607

604

608

email = request.POST.get('new_email')

605

email = request.POST.get('new_email')

609

user_model = UserModel()

606

user_model = UserModel()

610

607

611

try:

608

try:

612

user_model.add_extra_email(user_id, email)

609

user_model.add_extra_email(user_id, email)

613

Session().commit()

610

Session().commit()

614

h.flash(_("Added new email address `%s` for user account") % email,

611

h.flash(_("Added new email address `%s` for user account") % email,

615

category='success')

612

category='success')

616

except formencode.Invalid as error:

613

except formencode.Invalid as error:

617

msg = error.error_dict['email']

614

msg = error.error_dict['email']

618

h.flash(msg, category='error')

615

h.flash(msg, category='error')

619

except Exception:

616

except Exception:

620

log.exception("Exception during email saving")

617

log.exception("Exception during email saving")

621

h.flash(_('An error occurred during email saving'),

618

h.flash(_('An error occurred during email saving'),

622

category='error')

619

category='error')

623

return redirect(url('edit_user_emails', user_id=user_id))

620

return redirect(url('edit_user_emails', user_id=user_id))

624

621

625

@HasPermissionAllDecorator('hg.admin')

622

@HasPermissionAllDecorator('hg.admin')

626

@auth.CSRFRequired()

623

@auth.CSRFRequired()

627

def delete_email(self, user_id):

624

def delete_email(self, user_id):

628

"""DELETE /user_emails_delete/user_id: Delete an existing item"""

625

"""DELETE /user_emails_delete/user_id: Delete an existing item"""

629

# url('user_emails_delete', user_id=ID, method='delete')

626

# url('user_emails_delete', user_id=ID, method='delete')

630

user_id = safe_int(user_id)

627

user_id = safe_int(user_id)

631

c.user = User.get_or_404(user_id)

628

c.user = User.get_or_404(user_id)

632

email_id = request.POST.get('del_email_id')

629

email_id = request.POST.get('del_email_id')

633

user_model = UserModel()

630

user_model = UserModel()

634

user_model.delete_extra_email(user_id, email_id)

631

user_model.delete_extra_email(user_id, email_id)

635

Session().commit()

632

Session().commit()

636

h.flash(_("Removed email address from user account"), category='success')

633

h.flash(_("Removed email address from user account"), category='success')

637

return redirect(url('edit_user_emails', user_id=user_id))

634

return redirect(url('edit_user_emails', user_id=user_id))

638

635

639

@HasPermissionAllDecorator('hg.admin')

636

@HasPermissionAllDecorator('hg.admin')

640

def edit_ips(self, user_id):

637

def edit_ips(self, user_id):

641

user_id = safe_int(user_id)

638

user_id = safe_int(user_id)

642

c.user = User.get_or_404(user_id)

639

c.user = User.get_or_404(user_id)

643

if c.user.username == User.DEFAULT_USER:

640

if c.user.username == User.DEFAULT_USER:

644

h.flash(_("You can't edit this user"), category='warning')

641

h.flash(_("You can't edit this user"), category='warning')

645

return redirect(url('users'))

642

return redirect(url('users'))

646

643

647

c.active = 'ips'

644

c.active = 'ips'

648

c.user_ip_map = UserIpMap.query() \

645

c.user_ip_map = UserIpMap.query() \

649

.filter(UserIpMap.user == c.user).all()

646

.filter(UserIpMap.user == c.user).all()

650

647

651

c.inherit_default_ips = c.user.inherit_default_permissions

648

c.inherit_default_ips = c.user.inherit_default_permissions

652

c.default_user_ip_map = UserIpMap.query() \

649

c.default_user_ip_map = UserIpMap.query() \

653

.filter(UserIpMap.user == User.get_default_user()).all()

650

.filter(UserIpMap.user == User.get_default_user()).all()

654

651

655

defaults = c.user.get_dict()

652

defaults = c.user.get_dict()

656

return htmlfill.render(

653

return htmlfill.render(

657

render('admin/users/user_edit.html'),

654

render('admin/users/user_edit.html'),

658

defaults=defaults,

655

defaults=defaults,

659

encoding="UTF-8",

656

encoding="UTF-8",

660

force_defaults=False)

657

force_defaults=False)

661

658

662

@HasPermissionAllDecorator('hg.admin')

659

@HasPermissionAllDecorator('hg.admin')

663

@auth.CSRFRequired()

660

@auth.CSRFRequired()

664

def add_ip(self, user_id):

661

def add_ip(self, user_id):

665

"""POST /user_ips:Add an existing item"""

662

"""POST /user_ips:Add an existing item"""

666

# url('user_ips', user_id=ID, method='put')

663

# url('user_ips', user_id=ID, method='put')

667

664

668

user_id = safe_int(user_id)

665

user_id = safe_int(user_id)

669

c.user = User.get_or_404(user_id)

666

c.user = User.get_or_404(user_id)

670

user_model = UserModel()

667

user_model = UserModel()

671

try:

668

try:

672

ip_list = user_model.parse_ip_range(request.POST.get('new_ip'))

669

ip_list = user_model.parse_ip_range(request.POST.get('new_ip'))

673

except Exception as e:

670

except Exception as e:

674

ip_list = []

671

ip_list = []

675

log.exception("Exception during ip saving")

672

log.exception("Exception during ip saving")

676

h.flash(_('An error occurred during ip saving:%s' % (e,)),

673

h.flash(_('An error occurred during ip saving:%s' % (e,)),

677

category='error')

674

category='error')

678

675

679

desc = request.POST.get('description')

676

desc = request.POST.get('description')

680

added = []

677

added = []

681

for ip in ip_list:

678

for ip in ip_list:

682

try:

679

try:

683

user_model.add_extra_ip(user_id, ip, desc)

680

user_model.add_extra_ip(user_id, ip, desc)

684

Session().commit()

681

Session().commit()

685

added.append(ip)

682

added.append(ip)

686

except formencode.Invalid as error:

683

except formencode.Invalid as error:

687

msg = error.error_dict['ip']

684

msg = error.error_dict['ip']

688

h.flash(msg, category='error')

685

h.flash(msg, category='error')

689

except Exception:

686

except Exception:

690

log.exception("Exception during ip saving")

687

log.exception("Exception during ip saving")

691

h.flash(_('An error occurred during ip saving'),

688

h.flash(_('An error occurred during ip saving'),

692

category='error')

689

category='error')

693

if added:

690

if added:

694

h.flash(

691

h.flash(

695

_("Added ips %s to user whitelist") % (', '.join(ip_list), ),

692

_("Added ips %s to user whitelist") % (', '.join(ip_list), ),

696

category='success')

693

category='success')

697

if 'default_user' in request.POST:

694

if 'default_user' in request.POST:

698

return redirect(url('admin_permissions_ips'))

695

return redirect(url('admin_permissions_ips'))

699

return redirect(url('edit_user_ips', user_id=user_id))

696

return redirect(url('edit_user_ips', user_id=user_id))

700

697

701

@HasPermissionAllDecorator('hg.admin')

698

@HasPermissionAllDecorator('hg.admin')

702

@auth.CSRFRequired()

699

@auth.CSRFRequired()

703

def delete_ip(self, user_id):

700

def delete_ip(self, user_id):

704

"""DELETE /user_ips_delete/user_id: Delete an existing item"""

701

"""DELETE /user_ips_delete/user_id: Delete an existing item"""

705

# url('user_ips_delete', user_id=ID, method='delete')

702

# url('user_ips_delete', user_id=ID, method='delete')

706

user_id = safe_int(user_id)

703

user_id = safe_int(user_id)

707

c.user = User.get_or_404(user_id)

704

c.user = User.get_or_404(user_id)

708

705

709

ip_id = request.POST.get('del_ip_id')

706

ip_id = request.POST.get('del_ip_id')

710

user_model = UserModel()

707

user_model = UserModel()

711

user_model.delete_extra_ip(user_id, ip_id)

708

user_model.delete_extra_ip(user_id, ip_id)

712

Session().commit()

709

Session().commit()

713

h.flash(_("Removed ip address from user whitelist"), category='success')

710

h.flash(_("Removed ip address from user whitelist"), category='success')

714

711

715

if 'default_user' in request.POST:

712

if 'default_user' in request.POST:

716

return redirect(url('admin_permissions_ips'))

713

return redirect(url('admin_permissions_ips'))

717

return redirect(url('edit_user_ips', user_id=user_id))

714

return redirect(url('edit_user_ips', user_id=user_id))

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2016  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Users crud controller for pylons
             """
             import logging
             import formencode
             from formencode import htmlfill
             from pylons import request, tmpl_context as c, url, config
             from pylons.controllers.util import redirect
             from pylons.i18n.translation import _
             from rhodecode.authentication.plugins import auth_rhodecode
             from rhodecode.lib.exceptions import (
                 DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,
                 UserOwnsUserGroupsException, UserCreationError)
             from rhodecode.lib import helpers as h
             from rhodecode.lib import auth
             from rhodecode.lib.auth import (
                 LoginRequired, HasPermissionAllDecorator, AuthUser, generate_auth_token)
             from rhodecode.lib.base import BaseController, render
             from rhodecode.model.auth_token import AuthTokenModel
             from rhodecode.model.db import (
                 PullRequestReviewers, User, UserEmailMap, UserIpMap, RepoGroup)
             from rhodecode.model.forms import (
                 UserForm, UserPermissionsForm, UserIndividualPermissionsForm)
             from rhodecode.model.user import UserModel
             from rhodecode.model.meta import Session
             from rhodecode.model.permission import PermissionModel
             from rhodecode.lib.utils import action_logger
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.utils2 import datetime_to_time, safe_int
             log = logging.getLogger(__name__)
             class UsersController(BaseController):
                 """REST Controller styled on the Atom Publishing Protocol"""
                 @LoginRequired()
                 def __before__(self):
                     super(UsersController, self).__before__()
                     c.available_permissions = config['available_permissions']
                     c.allowed_languages = [
                         ('en', 'English (en)'),
                         ('de', 'German (de)'),
                         ('fr', 'French (fr)'),
                         ('it', 'Italian (it)'),
                         ('ja', 'Japanese (ja)'),
                         ('pl', 'Polish (pl)'),
                         ('pt', 'Portuguese (pt)'),
                         ('ru', 'Russian (ru)'),
                         ('zh', 'Chinese (zh)'),
                     ]
                     PermissionModel().set_global_permission_choices(c, translator=_)
                 @HasPermissionAllDecorator('hg.admin')
                 def index(self):
                     """GET /users: All items in the collection"""
                     # url('users')
                     from rhodecode.lib.utils import PartialRenderer
                     _render = PartialRenderer('data_table/_dt_elements.html')
-                    def grav_tmpl(user_email, size):
-                        return _render("user_gravatar", user_email, size)
                     def username(user_id, username):
                         return _render("user_name", user_id, username)
                     def user_actions(user_id, username):
                         return _render("user_actions", user_id, username)
                     # json generate
                     c.users_list = User.query()\
                         .filter(User.username != User.DEFAULT_USER) \
                         .all()
                     users_data = []
                     for user in c.users_list:
                         users_data.append({
                             "username": h.gravatar_with_user(user.username),
                             "username_raw": user.username,
                             "email": user.email,
                             "first_name": h.escape(user.name),
                             "last_name": h.escape(user.lastname),
                             "last_login": h.format_date(user.last_login),
                             "last_login_raw": datetime_to_time(user.last_login),
                             "last_activity": h.format_date(
                                 h.time_to_datetime(user.user_data.get('last_activity', 0))),
                             "last_activity_raw": user.user_data.get('last_activity', 0),
                             "active": h.bool2icon(user.active),
                             "active_raw": user.active,
                             "admin": h.bool2icon(user.admin),
                             "admin_raw": user.admin,
                             "extern_type": user.extern_type,
                             "extern_name": user.extern_name,
                             "action": user_actions(user.user_id, user.username),
                         })
                     c.data = json.dumps(users_data)
                     return render('admin/users/users.html')
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def create(self):
                     """POST /users: Create a new item"""
                     # url('users')
                     c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
                     user_model = UserModel()
                     user_form = UserForm()()
                     try:
                         form_result = user_form.to_python(dict(request.POST))
                         user = user_model.create(form_result)
                         Session().flush()
                         username = form_result['username']
                         action_logger(c.rhodecode_user, 'admin_created_user:%s' % username,
                                       None, self.ip_addr, self.sa)
                         user_link = h.link_to(h.escape(username),
                                               url('edit_user',
                                                   user_id=user.user_id))
                         h.flash(h.literal(_('Created user %(user_link)s')
                                           % {'user_link': user_link}), category='success')
                         Session().commit()
                     except formencode.Invalid as errors:
                         return htmlfill.render(
                             render('admin/users/user_add.html'),
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False)
                     except UserCreationError as e:
                         h.flash(e, 'error')
                     except Exception:
                         log.exception("Exception creation of user")
                         h.flash(_('Error occurred during creation of user %s')
                                 % request.POST.get('username'), category='error')
                     return redirect(url('users'))
                 @HasPermissionAllDecorator('hg.admin')
                 def new(self):
                     """GET /users/new: Form to create a new item"""
                     # url('new_user')
                     c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
                     return render('admin/users/user_add.html')
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def update(self, user_id):
                     """PUT /users/user_id: Update an existing item"""
                     # Forms posted to this method should contain a hidden field:
                     # <input type="hidden" name="_method" value="PUT" />
                     # Or using helpers:
                     #    h.form(url('update_user', user_id=ID),
                     #           method='put')
                     # url('user', user_id=ID)
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     c.active = 'profile'
                     c.extern_type = c.user.extern_type
                     c.extern_name = c.user.extern_name
                     c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
                     available_languages = [x[0] for x in c.allowed_languages]
                     _form = UserForm(edit=True, available_languages=available_languages,
                                      old_data={'user_id': user_id,
                                                'email': c.user.email})()
                     form_result = {}
                     try:
                         form_result = _form.to_python(dict(request.POST))
                         skip_attrs = ['extern_type', 'extern_name']
                         # TODO: plugin should define if username can be updated
                         if c.extern_type != "rhodecode":
                             # forbid updating username for external accounts
                             skip_attrs.append('username')
                         UserModel().update_user(user_id, skip_attrs=skip_attrs, **form_result)
                         usr = form_result['username']
                         action_logger(c.rhodecode_user, 'admin_updated_user:%s' % usr,
                                       None, self.ip_addr, self.sa)
                         h.flash(_('User updated successfully'), category='success')
                         Session().commit()
                     except formencode.Invalid as errors:
                         defaults = errors.value
                         e = errors.error_dict or {}
                         return htmlfill.render(
                             render('admin/users/user_edit.html'),
                             defaults=defaults,
                             errors=e,
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False)
                     except UserCreationError as e:
                         h.flash(e, 'error')
                     except Exception:
                         log.exception("Exception updating user")
                         h.flash(_('Error occurred during update of user %s')
                                 % form_result.get('username'), category='error')
                     return redirect(url('edit_user', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def delete(self, user_id):
                     """DELETE /users/user_id: Delete an existing item"""
                     # Forms posted to this method should contain a hidden field:
                     # <input type="hidden" name="_method" value="DELETE" />
                     # Or using helpers:
                     #    h.form(url('delete_user', user_id=ID),
                     #           method='delete')
                     # url('user', user_id=ID)
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     _repos = c.user.repositories
                     _repo_groups = c.user.repository_groups
                     _user_groups = c.user.user_groups
                     handle_repos = None
                     handle_repo_groups = None
                     handle_user_groups = None
                     # dummy call for flash of handle
                     set_handle_flash_repos = lambda: None
                     set_handle_flash_repo_groups = lambda: None
                     set_handle_flash_user_groups = lambda: None
                     if _repos and request.POST.get('user_repos'):
                         do = request.POST['user_repos']
                         if do == 'detach':
                             handle_repos = 'detach'
                             set_handle_flash_repos = lambda: h.flash(
                                 _('Detached %s repositories') % len(_repos),
                                 category='success')
                         elif do == 'delete':
                             handle_repos = 'delete'
                             set_handle_flash_repos = lambda: h.flash(
                                 _('Deleted %s repositories') % len(_repos),
                                 category='success')
                     if _repo_groups and request.POST.get('user_repo_groups'):
                         do = request.POST['user_repo_groups']
                         if do == 'detach':
                             handle_repo_groups = 'detach'
                             set_handle_flash_repo_groups = lambda: h.flash(
                                 _('Detached %s repository groups') % len(_repo_groups),
                                 category='success')
                         elif do == 'delete':
                             handle_repo_groups = 'delete'
                             set_handle_flash_repo_groups = lambda: h.flash(
                                 _('Deleted %s repository groups') % len(_repo_groups),
                                 category='success')
                     if _user_groups and request.POST.get('user_user_groups'):
                         do = request.POST['user_user_groups']
                         if do == 'detach':
                             handle_user_groups = 'detach'
                             set_handle_flash_user_groups = lambda: h.flash(
                                 _('Detached %s user groups') % len(_user_groups),
                                 category='success')
                         elif do == 'delete':
                             handle_user_groups = 'delete'
                             set_handle_flash_user_groups = lambda: h.flash(
                                 _('Deleted %s user groups') % len(_user_groups),
                                 category='success')
                     try:
                         UserModel().delete(c.user, handle_repos=handle_repos,
                                            handle_repo_groups=handle_repo_groups,
                                            handle_user_groups=handle_user_groups)
                         Session().commit()
                         set_handle_flash_repos()
                         set_handle_flash_repo_groups()
                         set_handle_flash_user_groups()
                         h.flash(_('Successfully deleted user'), category='success')
                     except (UserOwnsReposException, UserOwnsRepoGroupsException,
                             UserOwnsUserGroupsException, DefaultUserException) as e:
                         h.flash(e, category='warning')
                     except Exception:
                         log.exception("Exception during deletion of user")
                         h.flash(_('An error occurred during deletion of user'),
                                 category='error')
                     return redirect(url('users'))
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def reset_password(self, user_id):
                     """
                     toggle reset password flag for this user
                     :param user_id:
                     """
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     try:
                         old_value = c.user.user_data.get('force_password_change')
                         c.user.update_userdata(force_password_change=not old_value)
                         Session().commit()
                         if old_value:
                             msg = _('Force password change disabled for user')
                         else:
                             msg = _('Force password change enabled for user')
                         h.flash(msg, category='success')
                     except Exception:
                         log.exception("Exception during password reset for user")
                         h.flash(_('An error occurred during password reset for user'),
                                 category='error')
                     return redirect(url('edit_user_advanced', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def create_personal_repo_group(self, user_id):
                     """
                     Create personal repository group for this user
                     :param user_id:
                     """
                     from rhodecode.model.repo_group import RepoGroupModel
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     try:
                         desc = RepoGroupModel.PERSONAL_GROUP_DESC % {
                             'username': c.user.username}
                         if not RepoGroup.get_by_group_name(c.user.username):
                             RepoGroupModel().create(group_name=c.user.username,
                                                     group_description=desc,
                                                     owner=c.user.username)
                             msg = _('Created repository group `%s`' % (c.user.username,))
                             h.flash(msg, category='success')
                     except Exception:
                         log.exception("Exception during repository group creation")
                         msg = _(
                             'An error occurred during repository group creation for user')
                         h.flash(msg, category='error')
                     return redirect(url('edit_user_advanced', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 def show(self, user_id):
                     """GET /users/user_id: Show a specific item"""
                     # url('user', user_id=ID)
                     User.get_or_404(-1)
                 @HasPermissionAllDecorator('hg.admin')
                 def edit(self, user_id):
                     """GET /users/user_id/edit: Form to edit an existing item"""
                     # url('edit_user', user_id=ID)
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(url('users'))
                     c.active = 'profile'
                     c.extern_type = c.user.extern_type
                     c.extern_name = c.user.extern_name
                     c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
                     defaults = c.user.get_dict()
                     defaults.update({'language': c.user.user_data.get('language')})
                     return htmlfill.render(
                         render('admin/users/user_edit.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False)
                 @HasPermissionAllDecorator('hg.admin')
                 def edit_advanced(self, user_id):
                     user_id = safe_int(user_id)
                     user = c.user = User.get_or_404(user_id)
                     if user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(url('users'))
                     c.active = 'advanced'
                     c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
                     c.personal_repo_group = RepoGroup.get_by_group_name(user.username)
                     c.first_admin = User.get_first_super_admin()
                     defaults = user.get_dict()
                     # Interim workaround if the user participated on any pull requests as a
                     # reviewer.
                     has_review = bool(PullRequestReviewers.query().filter(
                         PullRequestReviewers.user_id == user_id).first())
                     c.can_delete_user = not has_review
                     c.can_delete_user_message = _(
                         'The user participates as reviewer in pull requests and '
                         'cannot be deleted. You can set the user to '
                         '"inactive" instead of deleting it.') if has_review else ''
                     return htmlfill.render(
                         render('admin/users/user_edit.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False)
                 @HasPermissionAllDecorator('hg.admin')
                 def edit_auth_tokens(self, user_id):
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(url('users'))
                     c.active = 'auth_tokens'
                     show_expired = True
                     c.lifetime_values = [
                         (str(-1), _('forever')),
                         (str(5), _('5 minutes')),
                         (str(60), _('1 hour')),
                         (str(60 * 24), _('1 day')),
                         (str(60 * 24 * 30), _('1 month')),
                     ]
                     c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]
                     c.role_values = [(x, AuthTokenModel.cls._get_role_name(x))
                                      for x in AuthTokenModel.cls.ROLES]
                     c.role_options = [(c.role_values, _("Role"))]
                     c.user_auth_tokens = AuthTokenModel().get_auth_tokens(
                         c.user.user_id, show_expired=show_expired)
                     defaults = c.user.get_dict()
                     return htmlfill.render(
                         render('admin/users/user_edit.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False)
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def add_auth_token(self, user_id):
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(url('users'))
                     lifetime = safe_int(request.POST.get('lifetime'), -1)
                     description = request.POST.get('description')
                     role = request.POST.get('role')
                     AuthTokenModel().create(c.user.user_id, description, lifetime, role)
                     Session().commit()
                     h.flash(_("Auth token successfully created"), category='success')
                     return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def delete_auth_token(self, user_id):
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(url('users'))
                     auth_token = request.POST.get('del_auth_token')
                     if request.POST.get('del_auth_token_builtin'):
                         user = User.get(c.user.user_id)
                         if user:
                             user.api_key = generate_auth_token(user.username)
                             Session().add(user)
                             Session().commit()
                             h.flash(_("Auth token successfully reset"), category='success')
                     elif auth_token:
                         AuthTokenModel().delete(auth_token, c.user.user_id)
                         Session().commit()
                         h.flash(_("Auth token successfully deleted"), category='success')
                     return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 def edit_global_perms(self, user_id):
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(url('users'))
                     c.active = 'global_perms'
                     c.default_user = User.get_default_user()
                     defaults = c.user.get_dict()
                     defaults.update(c.default_user.get_default_perms(suffix='_inherited'))
                     defaults.update(c.default_user.get_default_perms())
                     defaults.update(c.user.get_default_perms())
                     return htmlfill.render(
                         render('admin/users/user_edit.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False)
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def update_global_perms(self, user_id):
                     """PUT /users_perm/user_id: Update an existing item"""
                     # url('user_perm', user_id=ID, method='put')
                     user_id = safe_int(user_id)
                     user = User.get_or_404(user_id)
                     c.active = 'global_perms'
                     try:
                         # first stage that verifies the checkbox
                         _form = UserIndividualPermissionsForm()
                         form_result = _form.to_python(dict(request.POST))
                         inherit_perms = form_result['inherit_default_permissions']
                         user.inherit_default_permissions = inherit_perms
                         Session().add(user)
                         if not inherit_perms:
                             # only update the individual ones if we un check the flag
                             _form = UserPermissionsForm(
                                 [x[0] for x in c.repo_create_choices],
                                 [x[0] for x in c.repo_create_on_write_choices],
                                 [x[0] for x in c.repo_group_create_choices],
                                 [x[0] for x in c.user_group_create_choices],
                                 [x[0] for x in c.fork_choices],
                                 [x[0] for x in c.inherit_default_permission_choices])()
                             form_result = _form.to_python(dict(request.POST))
                             form_result.update({'perm_user_id': user.user_id})
                             PermissionModel().update_user_permissions(form_result)
                         Session().commit()
                         h.flash(_('User global permissions updated successfully'),
                                 category='success')
                         Session().commit()
                     except formencode.Invalid as errors:
                         defaults = errors.value
                         c.user = user
                         return htmlfill.render(
                             render('admin/users/user_edit.html'),
                             defaults=defaults,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False)
                     except Exception:
                         log.exception("Exception during permissions saving")
                         h.flash(_('An error occurred during permissions saving'),
                                 category='error')
                     return redirect(url('edit_user_global_perms', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 def edit_perms_summary(self, user_id):
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(url('users'))
                     c.active = 'perms_summary'
                     c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
                     return render('admin/users/user_edit.html')
                 @HasPermissionAllDecorator('hg.admin')
                 def edit_emails(self, user_id):
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(url('users'))
                     c.active = 'emails'
                     c.user_email_map = UserEmailMap.query() \
                         .filter(UserEmailMap.user == c.user).all()
                     defaults = c.user.get_dict()
                     return htmlfill.render(
                         render('admin/users/user_edit.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False)
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def add_email(self, user_id):
                     """POST /user_emails:Add an existing item"""
                     # url('user_emails', user_id=ID, method='put')
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     email = request.POST.get('new_email')
                     user_model = UserModel()
                     try:
                         user_model.add_extra_email(user_id, email)
                         Session().commit()
                         h.flash(_("Added new email address `%s` for user account") % email,
                                 category='success')
                     except formencode.Invalid as error:
                         msg = error.error_dict['email']
                         h.flash(msg, category='error')
                     except Exception:
                         log.exception("Exception during email saving")
                         h.flash(_('An error occurred during email saving'),
                                 category='error')
                     return redirect(url('edit_user_emails', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def delete_email(self, user_id):
                     """DELETE /user_emails_delete/user_id: Delete an existing item"""
                     # url('user_emails_delete', user_id=ID, method='delete')
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     email_id = request.POST.get('del_email_id')
                     user_model = UserModel()
                     user_model.delete_extra_email(user_id, email_id)
                     Session().commit()
                     h.flash(_("Removed email address from user account"), category='success')
                     return redirect(url('edit_user_emails', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 def edit_ips(self, user_id):
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     if c.user.username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         return redirect(url('users'))
                     c.active = 'ips'
                     c.user_ip_map = UserIpMap.query() \
                         .filter(UserIpMap.user == c.user).all()
                     c.inherit_default_ips = c.user.inherit_default_permissions
                     c.default_user_ip_map = UserIpMap.query() \
                         .filter(UserIpMap.user == User.get_default_user()).all()
                     defaults = c.user.get_dict()
                     return htmlfill.render(
                         render('admin/users/user_edit.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False)
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def add_ip(self, user_id):
                     """POST /user_ips:Add an existing item"""
                     # url('user_ips', user_id=ID, method='put')
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     user_model = UserModel()
                     try:
                         ip_list = user_model.parse_ip_range(request.POST.get('new_ip'))
                     except Exception as e:
                         ip_list = []
                         log.exception("Exception during ip saving")
                         h.flash(_('An error occurred during ip saving:%s' % (e,)),
                                 category='error')
                     desc = request.POST.get('description')
                     added = []
                     for ip in ip_list:
                         try:
                             user_model.add_extra_ip(user_id, ip, desc)
                             Session().commit()
                             added.append(ip)
                         except formencode.Invalid as error:
                             msg = error.error_dict['ip']
                             h.flash(msg, category='error')
                         except Exception:
                             log.exception("Exception during ip saving")
                             h.flash(_('An error occurred during ip saving'),
                                     category='error')
                     if added:
                         h.flash(
                             _("Added ips %s to user whitelist") % (', '.join(ip_list), ),
                             category='success')
                     if 'default_user' in request.POST:
                         return redirect(url('admin_permissions_ips'))
                     return redirect(url('edit_user_ips', user_id=user_id))
                 @HasPermissionAllDecorator('hg.admin')
                 @auth.CSRFRequired()
                 def delete_ip(self, user_id):
                     """DELETE /user_ips_delete/user_id: Delete an existing item"""
                     # url('user_ips_delete', user_id=ID, method='delete')
                     user_id = safe_int(user_id)
                     c.user = User.get_or_404(user_id)
                     ip_id = request.POST.get('del_ip_id')
                     user_model = UserModel()
                     user_model.delete_extra_ip(user_id, ip_id)
                     Session().commit()
                     h.flash(_("Removed ip address from user whitelist"), category='success')
                     if 'default_user' in request.POST:
                         return redirect(url('admin_permissions_ips'))
                     return redirect(url('edit_user_ips', user_id=user_id))