u/pc/rhodecode-enterprise-ce-fork-pc Commit - r523:878882bd

gists: use colander schema to validate input data....

marcink -

r523:878882bd default

parent child

rhodecode/model/validation_schema/__init__.py

0 created 644 +24 0

@@ -0,0 +1,24 b''
	1	# -- coding: utf-8 --
	2
	3	# Copyright (C) 2016-2016 RhodeCode GmbH
	4	#
	5	# This program is free software: you can redistribute it and/or modify
	6	# it under the terms of the GNU Affero General Public License, version 3
	7	# (only), as published by the Free Software Foundation.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16	#
	17	# This program is dual-licensed. If you wish to learn more about the
	18	# RhodeCode Enterprise Edition, including its added features, Support services,
	19	# and proprietary license terms, please see https://rhodecode.com/licenses/
	20
	21	import colander
	22
	23	from colander import Invalid # noqa, don't remove this
	24

rhodecode/model/validation_schema/preparers.py

0 created 644 +89 0

@@ -0,0 +1,89 b''
	1	# -- coding: utf-8 --
	2
	3	# Copyright (C) 2016-2016 RhodeCode GmbH
	4	#
	5	# This program is free software: you can redistribute it and/or modify
	6	# it under the terms of the GNU Affero General Public License, version 3
	7	# (only), as published by the Free Software Foundation.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16	#
	17	# This program is dual-licensed. If you wish to learn more about the
	18	# RhodeCode Enterprise Edition, including its added features, Support services,
	19	# and proprietary license terms, please see https://rhodecode.com/licenses/
	20
	21	import unicodedata
	22
	23
	24
	25	def strip_preparer(value):
	26	"""
	27	strips given values using .strip() function
	28	"""
	29
	30	if value:
	31	value = value.strip()
	32	return value
	33
	34
	35	def slugify_preparer(value):
	36	"""
	37	Slugify given value to a safe representation for url/id
	38	"""
	39	from rhodecode.lib.utils import repo_name_slug
	40	if value:
	41	value = repo_name_slug(value.lower())
	42	return value
	43
	44
	45	def non_ascii_strip_preparer(value):
	46	"""
	47	trie to replace non-ascii letters to their ascii representation
	48	eg::
	49
	50	`żołw` converts into `zolw`
	51	"""
	52	if value:
	53	value = unicodedata.normalize('NFKD', value).encode('ascii', 'ignore')
	54	return value
	55
	56
	57	def unique_list_preparer(value):
	58	"""
	59	Converts an list to a list with only unique values
	60	"""
	61
	62	def make_unique(value):
	63	seen = []
	64	return [c for c in value if
	65	not (c in seen or seen.append(c))]
	66
	67	if isinstance(value, list):
	68	ret_val = make_unique(value)
	69	elif isinstance(value, set):
	70	ret_val = list(value)
	71	elif isinstance(value, tuple):
	72	ret_val = make_unique(value)
	73	elif value is None:
	74	ret_val = []
	75	else:
	76	ret_val = [value]
	77
	78	return ret_val
	79
	80
	81	def unique_list_from_str_preparer(value):
	82	"""
	83	Converts an list to a list with only unique values
	84	"""
	85	from rhodecode.lib.utils2 import aslist
	86
	87	if isinstance(value, basestring):
	88	value = aslist(value, ',')
	89	return unique_list_preparer(value) No newline at end of file

rhodecode/model/validation_schema/schemas/__init__.py

0 created 644 +25 0

@@ -0,0 +1,25 b''
	1	# -- coding: utf-8 --
	2
	3	# Copyright (C) 2016-2016 RhodeCode GmbH
	4	#
	5	# This program is free software: you can redistribute it and/or modify
	6	# it under the terms of the GNU Affero General Public License, version 3
	7	# (only), as published by the Free Software Foundation.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16	#
	17	# This program is dual-licensed. If you wish to learn more about the
	18	# RhodeCode Enterprise Edition, including its added features, Support services,
	19	# and proprietary license terms, please see https://rhodecode.com/licenses/
	20
	21	"""
	22	Colander Schema nodes
	23	http://docs.pylonsproject.org/projects/colander/en/latest/basics.html#schema-node-objects
	24	"""
	25

rhodecode/model/validation_schema/schemas/gist_schema.py

0 created 644 +185 0

@@ -0,0 +1,185 b''
	1	# -- coding: utf-8 --
	2
	3	# Copyright (C) 2016-2016 RhodeCode GmbH
	4	#
	5	# This program is free software: you can redistribute it and/or modify
	6	# it under the terms of the GNU Affero General Public License, version 3
	7	# (only), as published by the Free Software Foundation.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16	#
	17	# This program is dual-licensed. If you wish to learn more about the
	18	# RhodeCode Enterprise Edition, including its added features, Support services,
	19	# and proprietary license terms, please see https://rhodecode.com/licenses/
	20
	21	import os
	22
	23	import colander
	24
	25	from rhodecode.translation import _
	26	from rhodecode.model.validation_schema import validators, preparers
	27
	28
	29	def nodes_to_sequence(nodes, colander_node=None):
	30	"""
	31	Converts old style dict nodes to new list of dicts
	32
	33	:param nodes: dict with key beeing name of the file
	34
	35	"""
	36	if not isinstance(nodes, dict):
	37	msg = 'Nodes needs to be a dict, got {}'.format(type(nodes))
	38	raise colander.Invalid(colander_node, msg)
	39	out = []
	40
	41	for key, val in nodes.items():
	42	val = (isinstance(val, dict) and val) or {}
	43	out.append(dict(
	44	filename=key,
	45	content=val.get('content'),
	46	mimetype=val.get('mimetype')
	47	))
	48
	49	out = Nodes().deserialize(out)
	50	return out
	51
	52
	53	def sequence_to_nodes(nodes, colander_node=None):
	54	if not isinstance(nodes, list):
	55	msg = 'Nodes needs to be a list, got {}'.format(type(nodes))
	56	raise colander.Invalid(colander_node, msg)
	57	nodes = Nodes().deserialize(nodes)
	58
	59	out = {}
	60	try:
	61	for file_data in nodes:
	62	file_data_skip = file_data.copy()
	63	# if we got filename_org we use it as a key so we keep old
	64	# name as input and rename is-reflected inside the values as
	65	# filename and filename_org differences.
	66	filename_org = file_data.get('filename_org')
	67	filename = filename_org or file_data['filename']
	68	out[filename] = {}
	69	out[filename].update(file_data_skip)
	70
	71	except Exception as e:
	72	msg = 'Invalid data format org_exc:`{}`'.format(repr(e))
	73	raise colander.Invalid(colander_node, msg)
	74	return out
	75
	76
	77	@colander.deferred
	78	def deferred_lifetime_validator(node, kw):
	79	options = kw.get('lifetime_options', [])
	80	return colander.All(
	81	colander.Range(min=-1, max=60 * 24 * 30 * 12),
	82	colander.OneOf([x for x in options]))
	83
	84
	85	def unique_gist_validator(node, value):
	86	from rhodecode.model.db import Gist
	87	existing = Gist.get_by_access_id(value)
	88	if existing:
	89	msg = _(u'Gist with name {} already exists').format(value)
	90	raise colander.Invalid(node, msg)
	91
	92
	93	def filename_validator(node, value):
	94	if value != os.path.basename(value):
	95	msg = _(u'Filename {} cannot be inside a directory').format(value)
	96	raise colander.Invalid(node, msg)
	97
	98
	99	class NodeSchema(colander.MappingSchema):
	100	# if we perform rename this will be org filename
	101	filename_org = colander.SchemaNode(
	102	colander.String(),
	103	preparer=[preparers.strip_preparer,
	104	preparers.non_ascii_strip_preparer],
	105	validator=filename_validator,
	106	missing=None)
	107
	108	filename = colander.SchemaNode(
	109	colander.String(),
	110	preparer=[preparers.strip_preparer,
	111	preparers.non_ascii_strip_preparer],
	112	validator=filename_validator)
	113
	114	content = colander.SchemaNode(
	115	colander.String())
	116	mimetype = colander.SchemaNode(
	117	colander.String(),
	118	missing=None)
	119
	120
	121	class Nodes(colander.SequenceSchema):
	122	filenames = NodeSchema()
	123
	124	def validator(self, node, cstruct):
	125	if not isinstance(cstruct, list):
	126	return
	127
	128	found_filenames = []
	129	for data in cstruct:
	130	filename = data['filename']
	131	if filename in found_filenames:
	132	msg = _('Duplicated value for filename found: `{}`').format(
	133	filename)
	134	raise colander.Invalid(node, msg)
	135	found_filenames.append(filename)
	136
	137
	138	class GistSchema(colander.MappingSchema):
	139	"""
	140	schema = GistSchema()
	141	schema.bind(
	142	lifetime_options = [1,2,3]
	143	)
	144	out = schema.deserialize(dict(
	145	nodes=[
	146	{'filename': 'x', 'content': 'xxx', },
	147	{'filename': 'docs/Z', 'content': 'xxx', 'mimetype': 'x'},
	148	]
	149	))
	150	"""
	151
	152	from rhodecode.model.db import Gist
	153
	154	gistid = colander.SchemaNode(
	155	colander.String(),
	156	missing=None,
	157	preparer=[preparers.strip_preparer,
	158	preparers.non_ascii_strip_preparer,
	159	preparers.slugify_preparer],
	160	validator=colander.All(
	161	colander.Length(min=3),
	162	unique_gist_validator
	163	))
	164
	165	description = colander.SchemaNode(
	166	colander.String(),
	167	missing=u'')
	168
	169	lifetime = colander.SchemaNode(
	170	colander.Integer(),
	171	validator=deferred_lifetime_validator)
	172
	173	gist_acl_level = colander.SchemaNode(
	174	colander.String(),
	175	validator=colander.OneOf([Gist.ACL_LEVEL_PUBLIC,
	176	Gist.ACL_LEVEL_PRIVATE]))
	177
	178	gist_type = colander.SchemaNode(
	179	colander.String(),
	180	missing=Gist.ACL_LEVEL_PUBLIC,
	181	validator=colander.OneOf([Gist.GIST_PRIVATE, Gist.GIST_PUBLIC]))
	182
	183	nodes = Nodes()
	184
	185

rhodecode/model/validation_schema/schemas/repo_group_schema.py

0 created 644 +29 0

@@ -0,0 +1,29 b''
	1	# -- coding: utf-8 --
	2
	3	# Copyright (C) 2016-2016 RhodeCode GmbH
	4	#
	5	# This program is free software: you can redistribute it and/or modify
	6	# it under the terms of the GNU Affero General Public License, version 3
	7	# (only), as published by the Free Software Foundation.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16	#
	17	# This program is dual-licensed. If you wish to learn more about the
	18	# RhodeCode Enterprise Edition, including its added features, Support services,
	19	# and proprietary license terms, please see https://rhodecode.com/licenses/
	20
	21
	22	import colander
	23
	24
	25	from rhodecode.model.validation_schema import validators, preparers, types
	26
	27
	28	class RepoGroupSchema(colander.Schema):
	29	group_name = colander.SchemaNode(types.GroupNameType())

rhodecode/model/validation_schema/schemas/repo_schema.py

0 created 644 +27 0

@@ -0,0 +1,27 b''
	1	# -- coding: utf-8 --
	2
	3	# Copyright (C) 2016-2016 RhodeCode GmbH
	4	#
	5	# This program is free software: you can redistribute it and/or modify
	6	# it under the terms of the GNU Affero General Public License, version 3
	7	# (only), as published by the Free Software Foundation.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16	#
	17	# This program is dual-licensed. If you wish to learn more about the
	18	# RhodeCode Enterprise Edition, including its added features, Support services,
	19	# and proprietary license terms, please see https://rhodecode.com/licenses/
	20
	21	import colander
	22
	23	from rhodecode.model.validation_schema import validators, preparers, types
	24
	25
	26	class RepoSchema(colander.Schema):
	27	repo_name = colander.SchemaNode(types.GroupNameType())

rhodecode/model/validation_schema/schemas/search_schema.py

0 created 644 +44 0

@@ -0,0 +1,44 b''
	1	# -- coding: utf-8 --
	2
	3	# Copyright (C) 2016-2016 RhodeCode GmbH
	4	#
	5	# This program is free software: you can redistribute it and/or modify
	6	# it under the terms of the GNU Affero General Public License, version 3
	7	# (only), as published by the Free Software Foundation.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16	#
	17	# This program is dual-licensed. If you wish to learn more about the
	18	# RhodeCode Enterprise Edition, including its added features, Support services,
	19	# and proprietary license terms, please see https://rhodecode.com/licenses/
	20
	21
	22	import colander
	23
	24
	25	class SearchParamsSchema(colander.MappingSchema):
	26	search_query = colander.SchemaNode(
	27	colander.String(),
	28	missing='')
	29	search_type = colander.SchemaNode(
	30	colander.String(),
	31	missing='content',
	32	validator=colander.OneOf(['content', 'path', 'commit', 'repository']))
	33	search_sort = colander.SchemaNode(
	34	colander.String(),
	35	missing='newfirst',
	36	validator=colander.OneOf(
	37	['oldfirst', 'newfirst']))
	38	page_limit = colander.SchemaNode(
	39	colander.Integer(),
	40	missing=10,
	41	validator=colander.Range(1, 500))
	42	requested_page = colander.SchemaNode(
	43	colander.Integer(),
	44	missing=1)

rhodecode/model/validation_schema/types.py

0 created 644 +34 0

@@ -0,0 +1,34 b''
	1	# -- coding: utf-8 --
	2
	3	# Copyright (C) 2016-2016 RhodeCode GmbH
	4	#
	5	# This program is free software: you can redistribute it and/or modify
	6	# it under the terms of the GNU Affero General Public License, version 3
	7	# (only), as published by the Free Software Foundation.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16	#
	17	# This program is dual-licensed. If you wish to learn more about the
	18	# RhodeCode Enterprise Edition, including its added features, Support services,
	19	# and proprietary license terms, please see https://rhodecode.com/licenses/
	20
	21	import colander
	22
	23
	24	class GroupNameType(colander.String):
	25	SEPARATOR = '/'
	26
	27	def deserialize(self, node, cstruct):
	28	result = super(GroupNameType, self).deserialize(node, cstruct)
	29	return self._replace_extra_slashes(result)
	30
	31	def _replace_extra_slashes(self, path):
	32	path = path.split(self.SEPARATOR)
	33	path = [item for item in path if item]
	34	return self.SEPARATOR.join(path)

rhodecode/model/validation_schema/validators.py

0 created 644 +19 0

@@ -0,0 +1,19 b''
	1	import os
	2
	3	import ipaddress
	4	import colander
	5
	6	from rhodecode.translation import _
	7
	8
	9	def ip_addr_validator(node, value):
	10	try:
	11	# this raises an ValueError if address is not IpV4 or IpV6
	12	ipaddress.ip_network(value, strict=False)
	13	except ValueError:
	14	msg = _(u'Please enter a valid IPv4 or IpV6 address')
	15	raise colander.Invalid(node, msg)
	16
	17
	18
	19

rhodecode/tests/models/schemas/__init__.py

0 created 644 0 0

NO CONTENT: new file 100644

rhodecode/tests/models/schemas/test_gist_schema.py

0 created 644 +100 0

@@ -0,0 +1,100 b''
	1	# -- coding: utf-8 --
	2
	3	# Copyright (C) 2016-2016 RhodeCode GmbH
	4	#
	5	# This program is free software: you can redistribute it and/or modify
	6	# it under the terms of the GNU Affero General Public License, version 3
	7	# (only), as published by the Free Software Foundation.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16	#
	17	# This program is dual-licensed. If you wish to learn more about the
	18	# RhodeCode Enterprise Edition, including its added features, Support services,
	19	# and proprietary license terms, please see https://rhodecode.com/licenses/
	20
	21	import colander
	22	import pytest
	23
	24	from rhodecode.model import validation_schema
	25	from rhodecode.model.validation_schema.schemas import gist_schema
	26
	27
	28	class TestGistSchema(object):
	29
	30	def test_deserialize_bad_data(self):
	31	schema = gist_schema.GistSchema().bind(
	32	lifetime_options=[1, 2, 3]
	33	)
	34	with pytest.raises(validation_schema.Invalid) as exc_info:
	35	schema.deserialize('err')
	36	err = exc_info.value.asdict()
	37	assert err[''] == '"err" is not a mapping type: ' \
	38	'Does not implement dict-like functionality.'
	39
	40	def test_deserialize_bad_lifetime_options(self):
	41	schema = gist_schema.GistSchema().bind(
	42	lifetime_options=[1, 2, 3]
	43	)
	44	with pytest.raises(validation_schema.Invalid) as exc_info:
	45	schema.deserialize(dict(
	46	lifetime=10
	47	))
	48	err = exc_info.value.asdict()
	49	assert err['lifetime'] == '"10" is not one of 1, 2, 3'
	50
	51	with pytest.raises(validation_schema.Invalid) as exc_info:
	52	schema.deserialize(dict(
	53	lifetime='x'
	54	))
	55	err = exc_info.value.asdict()
	56	assert err['lifetime'] == '"x" is not a number'
	57
	58	def test_serialize_data_correctly(self):
	59	schema = gist_schema.GistSchema().bind(
	60	lifetime_options=[1, 2, 3]
	61	)
	62	nodes = [{
	63	'filename': 'foobar',
	64	'filename_org': 'foobar',
	65	'content': 'content',
	66	'mimetype': 'xx'
	67	}]
	68	schema_data = schema.deserialize(dict(
	69	lifetime=2,
	70	gist_type='public',
	71	gist_acl_level='acl_public',
	72	nodes=nodes,
	73	))
	74
	75	assert schema_data['nodes'] == nodes
	76
	77	def test_serialize_data_correctly_with_conversion(self):
	78	schema = gist_schema.GistSchema().bind(
	79	lifetime_options=[1, 2, 3],
	80	convert_nodes=True
	81	)
	82	nodes = [{
	83	'filename': 'foobar',
	84	'filename_org': None,
	85	'content': 'content',
	86	'mimetype': 'xx'
	87	}]
	88	schema_data = schema.deserialize(dict(
	89	lifetime=2,
	90	gist_type='public',
	91	gist_acl_level='acl_public',
	92	nodes=nodes,
	93	))
	94
	95	assert schema_data['nodes'] == nodes
	96
	97	seq_nodes = gist_schema.sequence_to_nodes(nodes)
	98	assert isinstance(seq_nodes, dict)
	99	seq_nodes = gist_schema.nodes_to_sequence(seq_nodes)
	100	assert nodes == seq_nodes

rhodecode/api/__init__.py

0 +7 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2011-2016  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import inspect
             import itertools
             import logging
             import types
             import decorator
             import venusian
             from pyramid.exceptions import ConfigurationError
             from pyramid.renderers import render
             from pyramid.response import Response
             from pyramid.httpexceptions import HTTPNotFound
-            from rhodecode.api.exc import JSONRPCBaseError, JSONRPCError, JSONRPCForbidden
+            from rhodecode.api.exc import (
+                JSONRPCBaseError, JSONRPCError, JSONRPCForbidden, JSONRPCValidationError)
             from rhodecode.lib.auth import AuthUser
             from rhodecode.lib.base import get_ip_addr
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.utils2 import safe_str
             from rhodecode.lib.plugins.utils import get_plugin_settings
             from rhodecode.model.db import User, UserApiKeys
             log = logging.getLogger(__name__)
             DEFAULT_RENDERER = 'jsonrpc_renderer'
             DEFAULT_URL = '/_admin/apiv2'
             class ExtJsonRenderer(object):
                 """
                 Custom renderer that mkaes use of our ext_json lib
                 """
                 def __init__(self, serializer=json.dumps, **kw):
                     """ Any keyword arguments will be passed to the ``serializer``
                     function."""
                     self.serializer = serializer
                     self.kw = kw
                 def __call__(self, info):
                     """ Returns a plain JSON-encoded string with content-type
                     ``application/json``. The content-type may be overridden by
                     setting ``request.response.content_type``."""
                     def _render(value, system):
                         request = system.get('request')
                         if request is not None:
                             response = request.response
                             ct = response.content_type
                             if ct == response.default_content_type:
                                 response.content_type = 'application/json'
                         return self.serializer(value, **self.kw)
                     return _render
             def jsonrpc_response(request, result):
                 rpc_id = getattr(request, 'rpc_id', None)
                 response = request.response
                 # store content_type before render is called
                 ct = response.content_type
                 ret_value = ''
                 if rpc_id:
                     ret_value = {
                         'id': rpc_id,
                         'result': result,
                         'error': None,
                     }
                     # fetch deprecation warnings, and store it inside results
                     deprecation = getattr(request, 'rpc_deprecation', None)
                     if deprecation:
                         ret_value['DEPRECATION_WARNING'] = deprecation
                 raw_body = render(DEFAULT_RENDERER, ret_value, request=request)
                 response.body = safe_str(raw_body, response.charset)
                 if ct == response.default_content_type:
                     response.content_type = 'application/json'
                 return response
             def jsonrpc_error(request, message, retid=None, code=None):
                 """
                 Generate a Response object with a JSON-RPC error body
                 :param code:
                 :param retid:
                 :param message:
                 """
                 err_dict = {'id': retid, 'result': None, 'error': message}
                 body = render(DEFAULT_RENDERER, err_dict, request=request).encode('utf-8')
                 return Response(
                     body=body,
                     status=code,
                     content_type='application/json'
                 )
             def exception_view(exc, request):
                 rpc_id = getattr(request, 'rpc_id', None)
                 fault_message = 'undefined error'
                 if isinstance(exc, JSONRPCError):
                     fault_message = exc.message
                     log.debug('json-rpc error rpc_id:%s "%s"', rpc_id, fault_message)
+                elif isinstance(exc, JSONRPCValidationError):
+                    colander_exc = exc.colander_exception
+                    #TODO: think maybe of nicer way to serialize errors ?
+                    fault_message = colander_exc.asdict()
+                    log.debug('json-rpc error rpc_id:%s "%s"', rpc_id, fault_message)
                 elif isinstance(exc, JSONRPCForbidden):
                     fault_message = 'Access was denied to this resource.'
                     log.warning('json-rpc forbidden call rpc_id:%s "%s"', rpc_id, fault_message)
                 elif isinstance(exc, HTTPNotFound):
                     method = request.rpc_method
                     log.debug('json-rpc method `%s` not found in list of '
                               'api calls: %s, rpc_id:%s',
                               method, request.registry.jsonrpc_methods.keys(), rpc_id)
                     fault_message = "No such method: {}".format(method)
                 return jsonrpc_error(request, fault_message, rpc_id)
             def request_view(request):
                 """
                 Main request handling method. It handles all logic to call a specific
                 exposed method
                 """
                 # check if we can find this session using api_key, get_by_auth_token
                 # search not expired tokens only
                 try:
                     u = User.get_by_auth_token(request.rpc_api_key)
                     if u is None:
                         return jsonrpc_error(
                             request, retid=request.rpc_id, message='Invalid API KEY')
                     if not u.active:
                         return jsonrpc_error(
                             request, retid=request.rpc_id,
                             message='Request from this user not allowed')
                     # check if we are allowed to use this IP
                     auth_u = AuthUser(
                         u.user_id, request.rpc_api_key, ip_addr=request.rpc_ip_addr)
                     if not auth_u.ip_allowed:
                         return jsonrpc_error(
                             request, retid=request.rpc_id,
                             message='Request from IP:%s not allowed' % (
                             request.rpc_ip_addr,))
                     else:
                         log.info('Access for IP:%s allowed' % (request.rpc_ip_addr,))
                     # now check if token is valid for API
                     role = UserApiKeys.ROLE_API
                     extra_auth_tokens = [
                         x.api_key for x in User.extra_valid_auth_tokens(u, role=role)]
                     active_tokens = [u.api_key] + extra_auth_tokens
                     log.debug('Checking if API key has proper role')
                     if request.rpc_api_key not in active_tokens:
                         return jsonrpc_error(
                             request, retid=request.rpc_id,
                             message='API KEY has bad role for an API call')
                 except Exception as e:
                     log.exception('Error on API AUTH')
                     return jsonrpc_error(
                         request, retid=request.rpc_id, message='Invalid API KEY')
                 method = request.rpc_method
                 func = request.registry.jsonrpc_methods[method]
                 # now that we have a method, add request._req_params to
                 # self.kargs and dispatch control to WGIController
                 argspec = inspect.getargspec(func)
                 arglist = argspec[0]
                 defaults = map(type, argspec[3] or [])
                 default_empty = types.NotImplementedType
                 # kw arguments required by this method
                 func_kwargs = dict(itertools.izip_longest(
                     reversed(arglist), reversed(defaults), fillvalue=default_empty))
                 # This attribute will need to be first param of a method that uses
                 # api_key, which is translated to instance of user at that name
                 user_var = 'apiuser'
                 request_var = 'request'
                 for arg in [user_var, request_var]:
                     if arg not in arglist:
                         return jsonrpc_error(
                             request,
                             retid=request.rpc_id,
                             message='This method [%s] does not support '
                                     'required parameter `%s`' % (func.__name__, arg))
                 # get our arglist and check if we provided them as args
                 for arg, default in func_kwargs.items():
                     if arg in [user_var, request_var]:
                         # user_var and request_var are pre-hardcoded parameters and we
                         # don't need to do any translation
                         continue
                     # skip the required param check if it's default value is
                     # NotImplementedType (default_empty)
                     if default == default_empty and arg not in request.rpc_params:
                         return jsonrpc_error(
                             request,
                             retid=request.rpc_id,
                             message=('Missing non optional `%s` arg in JSON DATA' % arg)
                         )
                 # sanitze extra passed arguments
                 for k in request.rpc_params.keys()[:]:
                     if k not in func_kwargs:
                         del request.rpc_params[k]
                 call_params = request.rpc_params
                 call_params.update({
                     'request': request,
                     'apiuser': auth_u
                 })
                 try:
                     ret_value = func(**call_params)
                     return jsonrpc_response(request, ret_value)
                 except JSONRPCBaseError:
                     raise
                 except Exception:
                     log.exception('Unhandled exception occured on api call: %s', func)
                     return jsonrpc_error(request, retid=request.rpc_id,
                                          message='Internal server error')
             def setup_request(request):
                 """
                 Parse a JSON-RPC request body. It's used inside the predicates method
                 to validate and bootstrap requests for usage in rpc calls.
                 We need to raise JSONRPCError here if we want to return some errors back to
                 user.
                 """
                 log.debug('Executing setup request: %r', request)
                 request.rpc_ip_addr = get_ip_addr(request.environ)
                 # TODO: marcink, deprecate GET at some point
                 if request.method not in ['POST', 'GET']:
                     log.debug('unsupported request method "%s"', request.method)
                     raise JSONRPCError(
                         'unsupported request method "%s". Please use POST' % request.method)
                 if 'CONTENT_LENGTH' not in request.environ:
                     log.debug("No Content-Length")
                     raise JSONRPCError("Empty body, No Content-Length in request")
                 else:
                     length = request.environ['CONTENT_LENGTH']
                     log.debug('Content-Length: %s', length)
                     if length == 0:
                         log.debug("Content-Length is 0")
                         raise JSONRPCError("Content-Length is 0")
                 raw_body = request.body
                 try:
                     json_body = json.loads(raw_body)
                 except ValueError as e:
                     # catch JSON errors Here
                     raise JSONRPCError("JSON parse error ERR:%s RAW:%r" % (e, raw_body))
                 request.rpc_id = json_body.get('id')
                 request.rpc_method = json_body.get('method')
                 # check required base parameters
                 try:
                     api_key = json_body.get('api_key')
                     if not api_key:
                         api_key = json_body.get('auth_token')
                     if not api_key:
                         raise KeyError('api_key or auth_token')
                     request.rpc_api_key = api_key
                     request.rpc_id = json_body['id']
                     request.rpc_method = json_body['method']
                     request.rpc_params = json_body['args'] \
                         if isinstance(json_body['args'], dict) else {}
                     log.debug(
                         'method: %s, params: %s' % (request.rpc_method, request.rpc_params))
                 except KeyError as e:
                     raise JSONRPCError('Incorrect JSON data. Missing %s' % e)
                 log.debug('setup complete, now handling method:%s rpcid:%s',
                           request.rpc_method, request.rpc_id, )
             class RoutePredicate(object):
                 def __init__(self, val, config):
                     self.val = val
                 def text(self):
                     return 'jsonrpc route = %s' % self.val
                 phash = text
                 def __call__(self, info, request):
                     if self.val:
                         # potentially setup and bootstrap our call
                         setup_request(request)
                         # Always return True so that even if it isn't a valid RPC it
                         # will fall through to the underlaying handlers like notfound_view
                         return True
             class NotFoundPredicate(object):
                 def __init__(self, val, config):
                     self.val = val
                 def text(self):
                     return 'jsonrpc method not found = %s' % self.val
                 phash = text
                 def __call__(self, info, request):
                     return hasattr(request, 'rpc_method')
             class MethodPredicate(object):
                 def __init__(self, val, config):
                     self.method = val
                 def text(self):
                     return 'jsonrpc method = %s' % self.method
                 phash = text
                 def __call__(self, context, request):
                     # we need to explicitly return False here, so pyramid doesn't try to
                     # execute our view directly. We need our main handler to execute things
                     return getattr(request, 'rpc_method') == self.method
             def add_jsonrpc_method(config, view, **kwargs):
                 # pop the method name
                 method = kwargs.pop('method', None)
                 if method is None:
                     raise ConfigurationError(
                         'Cannot register a JSON-RPC method without specifying the '
                         '"method"')
                 # we define custom predicate, to enable to detect conflicting methods,
                 # those predicates are kind of "translation" from the decorator variables
                 # to internal predicates names
                 kwargs['jsonrpc_method'] = method
                 # register our view into global view store for validation
                 config.registry.jsonrpc_methods[method] = view
                 # we're using our main request_view handler, here, so each method
                 # has a unified handler for itself
                 config.add_view(request_view, route_name='apiv2', **kwargs)
             class jsonrpc_method(object):
                 """
                 decorator that works similar to @add_view_config decorator,
                 but tailored for our JSON RPC
                 """
                 venusian = venusian  # for testing injection
                 def __init__(self, method=None, **kwargs):
                     self.method = method
                     self.kwargs = kwargs
                 def __call__(self, wrapped):
                     kwargs = self.kwargs.copy()
                     kwargs['method'] = self.method or wrapped.__name__
                     depth = kwargs.pop('_depth', 0)
                     def callback(context, name, ob):
                         config = context.config.with_package(info.module)
                         config.add_jsonrpc_method(view=ob, **kwargs)
                     info = venusian.attach(wrapped, callback, category='pyramid',
                                            depth=depth + 1)
                     if info.scope == 'class':
                         # ensure that attr is set if decorating a class method
                         kwargs.setdefault('attr', wrapped.__name__)
                     kwargs['_info'] = info.codeinfo  # fbo action_method
                     return wrapped
             class jsonrpc_deprecated_method(object):
                 """
                 Marks method as deprecated, adds log.warning, and inject special key to
                 the request variable to mark method as deprecated.
                 Also injects special docstring that extract_docs will catch to mark
                 method as deprecated.
                 :param use_method: specify which method should be used instead of
                     the decorated one
                 Use like::
                     @jsonrpc_method()
                     @jsonrpc_deprecated_method(use_method='new_func', deprecated_at_version='3.0.0')
                     def old_func(request, apiuser, arg1, arg2):
                         ...
                 """
                 def __init__(self, use_method, deprecated_at_version):
                     self.use_method = use_method
                     self.deprecated_at_version = deprecated_at_version
                     self.deprecated_msg = ''
                 def __call__(self, func):
                     self.deprecated_msg = 'Please use method `{method}` instead.'.format(
                         method=self.use_method)
                     docstring = """\n
                     .. deprecated:: {version}
                        {deprecation_message}
                     {original_docstring}
                     """
                     func.__doc__ = docstring.format(
                         version=self.deprecated_at_version,
                         deprecation_message=self.deprecated_msg,
                         original_docstring=func.__doc__)
                     return decorator.decorator(self.__wrapper, func)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     log.warning('DEPRECATED API CALL on function %s, please '
                                 'use `%s` instead', func, self.use_method)
                     # alter function docstring to mark as deprecated, this is picked up
                     # via fabric file that generates API DOC.
                     result = func(*fargs, **fkwargs)
                     request = fargs[0]
                     request.rpc_deprecation = 'DEPRECATED METHOD ' + self.deprecated_msg
                     return result
             def includeme(config):
                 plugin_module = 'rhodecode.api'
                 plugin_settings = get_plugin_settings(
                     plugin_module, config.registry.settings)
                 if not hasattr(config.registry, 'jsonrpc_methods'):
                     config.registry.jsonrpc_methods = {}
                 # match filter by given method only
                 config.add_view_predicate(
                     'jsonrpc_method', MethodPredicate)
                 config.add_renderer(DEFAULT_RENDERER, ExtJsonRenderer(
                     serializer=json.dumps, indent=4))
                 config.add_directive('add_jsonrpc_method', add_jsonrpc_method)
                 config.add_route_predicate(
                     'jsonrpc_call', RoutePredicate)
                 config.add_route(
                     'apiv2', plugin_settings.get('url', DEFAULT_URL), jsonrpc_call=True)
                 config.scan(plugin_module, ignore='rhodecode.api.tests')
                 # register some exception handling view
                 config.add_view(exception_view, context=JSONRPCBaseError)
                 config.add_view_predicate('jsonrpc_method_not_found', NotFoundPredicate)
                 config.add_notfound_view(exception_view, jsonrpc_method_not_found=True)

rhodecode/api/exc.py

0 +8 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2011-2016  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             class JSONRPCBaseError(Exception):
                 pass
             class JSONRPCError(JSONRPCBaseError):
                 pass
+            class JSONRPCValidationError(JSONRPCBaseError):
+                def __init__(self, *args, **kwargs):
+                    self.colander_exception = kwargs.pop('colander_exc')
+                    super(JSONRPCValidationError, self).__init__(*args, **kwargs)
             class JSONRPCForbidden(JSONRPCBaseError):
                 pass

rhodecode/api/tests/test_create_gist.py

0 +27 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2016  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import mock
             import pytest
             from rhodecode.model.db import Gist
             from rhodecode.model.gist import GistModel
             from rhodecode.api.tests.utils import (
                 build_data, api_call, assert_error, assert_ok, crash)
             from rhodecode.tests.fixture import Fixture
             @pytest.mark.usefixtures("testuser_api", "app")
             class TestApiCreateGist(object):
                 @pytest.mark.parametrize("lifetime, gist_type, gist_acl_level", [
                     (10, Gist.GIST_PUBLIC, Gist.ACL_LEVEL_PUBLIC),
                     (20, Gist.GIST_PUBLIC, Gist.ACL_LEVEL_PRIVATE),
                     (40, Gist.GIST_PRIVATE, Gist.ACL_LEVEL_PUBLIC),
                     (80, Gist.GIST_PRIVATE, Gist.ACL_LEVEL_PRIVATE),
                 ])
                 def test_api_create_gist(self, lifetime, gist_type, gist_acl_level):
                     id_, params = build_data(
                         self.apikey_regular, 'create_gist',
                         lifetime=lifetime,
                         description='foobar-gist',
                         gist_type=gist_type,
                         acl_level=gist_acl_level,
-                        files={'foobar': {'content': 'foo'}})
+                        files={'foobar_ąć': {'content': 'foo'}})
                     response = api_call(self.app, params)
                     response_json = response.json
                     gist = response_json['result']['gist']
                     expected = {
                         'gist': {
                             'access_id': gist['access_id'],
                             'created_on': gist['created_on'],
                             'modified_at': gist['modified_at'],
                             'description': 'foobar-gist',
                             'expires': gist['expires'],
                             'gist_id': gist['gist_id'],
                             'type': gist_type,
                             'url': gist['url'],
                             # content is empty since we don't show it here
                             'content': None,
                             'acl_level': gist_acl_level,
                         },
                         'msg': 'created new gist'
                     }
                     try:
                         assert_ok(id_, expected, given=response.body)
                     finally:
                         Fixture().destroy_gists()
+                @pytest.mark.parametrize("expected, lifetime, gist_type, gist_acl_level, files", [
+                    ({'gist_type': '"ups" is not one of private, public'},
+, 'ups', Gist.ACL_LEVEL_PUBLIC, {'f': {'content': 'f'}}),
+                    ({'lifetime': '-120 is less than minimum value -1'},
+                     -120, Gist.GIST_PUBLIC, Gist.ACL_LEVEL_PUBLIC, {'f': {'content': 'f'}}),
+                    ({'0.content': 'Required'},
+, Gist.GIST_PUBLIC, Gist.ACL_LEVEL_PUBLIC, {'f': {'x': 'f'}}),
+                ])
+                def test_api_try_create_gist(
+                        self, expected, lifetime, gist_type, gist_acl_level, files):
+                    id_, params = build_data(
+                        self.apikey_regular, 'create_gist',
+                        lifetime=lifetime,
+                        description='foobar-gist',
+                        gist_type=gist_type,
+                        acl_level=gist_acl_level,
+                        files=files)
+                    response = api_call(self.app, params)
+                    try:
+                        assert_error(id_, expected, given=response.body)
+                    finally:
+                        Fixture().destroy_gists()
                 @mock.patch.object(GistModel, 'create', crash)
                 def test_api_create_gist_exception_occurred(self):
                     id_, params = build_data(self.apikey_regular, 'create_gist', files={})
                     response = api_call(self.app, params)
                     expected = 'failed to create gist'
                     assert_error(id_, expected, given=response.body)

rhodecode/api/utils.py

0 0 -2

             # -*- coding: utf-8 -*-
             # Copyright (C) 2014-2016  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             JSON RPC utils
             """
             import collections
             import logging
             from rhodecode.api.exc import JSONRPCError
             from rhodecode.lib.auth import HasPermissionAnyApi, HasRepoPermissionAnyApi
             from rhodecode.lib.utils import safe_unicode
             from rhodecode.controllers.utils import get_commit_from_ref_name
             from rhodecode.lib.vcs.exceptions import RepositoryError
             log = logging.getLogger(__name__)
             class OAttr(object):
                 """
                 Special Option that defines other attribute, and can default to them
                 Example::
                     def test(apiuser, userid=Optional(OAttr('apiuser')):
                         user = Optional.extract(userid, evaluate_locals=local())
                         #if we pass in userid, we get it, else it will default to apiuser
                         #attribute
                 """
                 def __init__(self, attr_name):
                     self.attr_name = attr_name
                 def __repr__(self):
                     return '<OptionalAttr:%s>' % self.attr_name
                 def __call__(self):
                     return self
             class Optional(object):
                 """
                 Defines an optional parameter::
                     param = param.getval() if isinstance(param, Optional) else param
                     param = param() if isinstance(param, Optional) else param
                 is equivalent of::
                     param = Optional.extract(param)
                 """
                 def __init__(self, type_):
                     self.type_ = type_
                 def __repr__(self):
                     return '<Optional:%s>' % self.type_.__repr__()
                 def __call__(self):
                     return self.getval()
                 def getval(self, evaluate_locals=None):
                     """
                     returns value from this Optional instance
                     """
                     if isinstance(self.type_, OAttr):
                         param_name = self.type_.attr_name
                         if evaluate_locals:
                             return evaluate_locals[param_name]
                         # use params name
                         return param_name
                     return self.type_
                 @classmethod
                 def extract(cls, val, evaluate_locals=None):
                     """
                     Extracts value from Optional() instance
                     :param val:
                     :return: original value if it's not Optional instance else
                         value of instance
                     """
                     if isinstance(val, cls):
                         return val.getval(evaluate_locals)
                     return val
             def parse_args(cli_args, key_prefix=''):
                 from rhodecode.lib.utils2 import (escape_split)
                 kwargs = collections.defaultdict(dict)
                 for el in escape_split(cli_args, ','):
                     kv = escape_split(el, '=', 1)
                     if len(kv) == 2:
                         k, v = kv
                         kwargs[key_prefix + k] = v
                 return kwargs
             def get_origin(obj):
                 """
                 Get origin of permission from object.
                 :param obj:
                 """
                 origin = 'permission'
                 if getattr(obj, 'owner_row', '') and getattr(obj, 'admin_row', ''):
                     # admin and owner case, maybe we should use dual string ?
                     origin = 'owner'
                 elif getattr(obj, 'owner_row', ''):
                     origin = 'owner'
                 elif getattr(obj, 'admin_row', ''):
                     origin = 'super-admin'
                 return origin
             def store_update(updates, attr, name):
                 """
                 Stores param in updates dict if it's not instance of Optional
                 allows easy updates of passed in params
                 """
                 if not isinstance(attr, Optional):
                     updates[name] = attr
             def has_superadmin_permission(apiuser):
                 """
                 Return True if apiuser is admin or return False
                 :param apiuser:
                 """
                 if HasPermissionAnyApi('hg.admin')(user=apiuser):
                     return True
                 return False
             def has_repo_permissions(apiuser, repoid, repo, perms):
                 """
                 Raise JsonRPCError if apiuser is not authorized or return True
                 :param apiuser:
                 :param repoid:
                 :param repo:
                 :param perms:
                 """
                 if not HasRepoPermissionAnyApi(*perms)(
                         user=apiuser, repo_name=repo.repo_name):
                     raise JSONRPCError(
                         'repository `%s` does not exist' % repoid)
                 return True
             def get_user_or_error(userid):
                 """
                 Get user by id or name or return JsonRPCError if not found
                 :param userid:
                 """
                 from rhodecode.model.user import UserModel
                 user_model = UserModel()
                 try:
                     user = user_model.get_user(int(userid))
                 except ValueError:
                     user = user_model.get_by_username(userid)
                 if user is None:
                     raise JSONRPCError("user `%s` does not exist" % (userid,))
                 return user
             def get_repo_or_error(repoid):
                 """
                 Get repo by id or name or return JsonRPCError if not found
                 :param repoid:
                 """
                 from rhodecode.model.repo import RepoModel
                 repo = RepoModel().get_repo(repoid)
                 if repo is None:
                     raise JSONRPCError('repository `%s` does not exist' % (repoid,))
                 return repo
             def get_repo_group_or_error(repogroupid):
                 """
                 Get repo group by id or name or return JsonRPCError if not found
                 :param repogroupid:
                 """
                 from rhodecode.model.repo_group import RepoGroupModel
                 repo_group = RepoGroupModel()._get_repo_group(repogroupid)
                 if repo_group is None:
                     raise JSONRPCError(
                         'repository group `%s` does not exist' % (repogroupid,))
                 return repo_group
             def get_user_group_or_error(usergroupid):
                 """
                 Get user group by id or name or return JsonRPCError if not found
                 :param usergroupid:
                 """
                 from rhodecode.model.user_group import UserGroupModel
                 user_group = UserGroupModel().get_group(usergroupid)
                 if user_group is None:
                     raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))
                 return user_group
             def get_perm_or_error(permid, prefix=None):
                 """
                 Get permission by id or name or return JsonRPCError if not found
                 :param permid:
                 """
                 from rhodecode.model.permission import PermissionModel
                 perm = PermissionModel.cls.get_by_key(permid)
                 if perm is None:
                     raise JSONRPCError('permission `%s` does not exist' % (permid,))
                 if prefix:
                     if not perm.permission_name.startswith(prefix):
                         raise JSONRPCError('permission `%s` is invalid, '
                                            'should start with %s' % (permid, prefix))
                 return perm
             def get_gist_or_error(gistid):
                 """
                 Get gist by id or gist_access_id or return JsonRPCError if not found
                 :param gistid:
                 """
                 from rhodecode.model.gist import GistModel
                 gist = GistModel.cls.get_by_access_id(gistid)
                 if gist is None:
                     raise JSONRPCError('gist `%s` does not exist' % (gistid,))
                 return gist
             def get_pull_request_or_error(pullrequestid):
                 """
                 Get pull request by id or return JsonRPCError if not found
                 :param pullrequestid:
                 """
                 from rhodecode.model.pull_request import PullRequestModel
                 try:
                     pull_request = PullRequestModel().get(int(pullrequestid))
                 except ValueError:
                     raise JSONRPCError('pullrequestid must be an integer')
                 if not pull_request:
                     raise JSONRPCError('pull request `%s` does not exist' % (
                         pullrequestid,))
                 return pull_request
             def build_commit_data(commit, detail_level):
                 parsed_diff = []
                 if detail_level == 'extended':
                     for f in commit.added:
                         parsed_diff.append(_get_commit_dict(filename=f.path, op='A'))
                     for f in commit.changed:
                         parsed_diff.append(_get_commit_dict(filename=f.path, op='M'))
                     for f in commit.removed:
                         parsed_diff.append(_get_commit_dict(filename=f.path, op='D'))
                 elif detail_level == 'full':
                     from rhodecode.lib.diffs import DiffProcessor
                     diff_processor = DiffProcessor(commit.diff())
                     for dp in diff_processor.prepare():
                         del dp['stats']['ops']
                         _stats = dp['stats']
                         parsed_diff.append(_get_commit_dict(
                             filename=dp['filename'], op=dp['operation'],
                             new_revision=dp['new_revision'],
                             old_revision=dp['old_revision'],
                             raw_diff=dp['raw_diff'], stats=_stats))
                 return parsed_diff
             def get_commit_or_error(ref, repo):
                 try:
                     ref_type, _, ref_hash = ref.split(':')
                 except ValueError:
                     raise JSONRPCError(
                         'Ref `{ref}` given in a wrong format. Please check the API'
                         ' documentation for more details'.format(ref=ref))
                 try:
                     # TODO: dan: refactor this to use repo.scm_instance().get_commit()
                     # once get_commit supports ref_types
                     return get_commit_from_ref_name(repo, ref_hash)
                 except RepositoryError:
                     raise JSONRPCError('Ref `{ref}` does not exist'.format(ref=ref))
             def resolve_ref_or_error(ref, repo):
                 def _parse_ref(type_, name, hash_=None):
                     return type_, name, hash_
                 try:
                     ref_type, ref_name, ref_hash = _parse_ref(*ref.split(':'))
                 except TypeError:
                     raise JSONRPCError(
                         'Ref `{ref}` given in a wrong format. Please check the API'
                         ' documentation for more details'.format(ref=ref))
                 try:
                     ref_hash = ref_hash or _get_ref_hash(repo, ref_type, ref_name)
                 except (KeyError, ValueError):
                     raise JSONRPCError(
                         'The specified {type} `{name}` does not exist'.format(
                             type=ref_type, name=ref_name))
                 return ':'.join([ref_type, ref_name, ref_hash])
             def _get_commit_dict(
                     filename, op, new_revision=None, old_revision=None,
                     raw_diff=None, stats=None):
                 if stats is None:
                     stats = {
                         "added": None,
                         "binary": None,
                         "deleted": None
                     }
                 return {
                     "filename": safe_unicode(filename),
                     "op": op,
                     # extra details
                     "new_revision": new_revision,
                     "old_revision": old_revision,
                     "raw_diff": raw_diff,
                     "stats": stats
                 }
             # TODO: mikhail: Think about moving this function to some library
             def _get_ref_hash(repo, type_, name):
                 vcs_repo = repo.scm_instance()
                 if type_ == 'branch' and vcs_repo.alias in ('hg', 'git'):
                     return vcs_repo.branches[name]
                 elif type_ == 'bookmark' and vcs_repo.alias == 'hg':
                     return vcs_repo.bookmarks[name]
                 else:
                     raise ValueError()

rhodecode/api/views/gist_api.py

0 +41 -12

             # -*- coding: utf-8 -*-
             # Copyright (C) 2011-2016  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import time
             from rhodecode.api import jsonrpc_method, JSONRPCError
+            from rhodecode.api.exc import JSONRPCValidationError
             from rhodecode.api.utils import (
                 Optional, OAttr, get_gist_or_error, get_user_or_error,
                 has_superadmin_permission)
             from rhodecode.model.db import Session, or_
             from rhodecode.model.gist import Gist, GistModel
             log = logging.getLogger(__name__)
             @jsonrpc_method()
             def get_gist(request, apiuser, gistid, content=Optional(False)):
                 """
                 Get the specified gist, based on the gist ID.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param gistid: Set the id of the private or public gist
                 :type gistid: str
                 :param content: Return the gist content. Default is false.
                 :type content: Optional(bool)
                 """
                 gist = get_gist_or_error(gistid)
                 content = Optional.extract(content)
                 if not has_superadmin_permission(apiuser):
                     if gist.gist_owner != apiuser.user_id:
                         raise JSONRPCError('gist `%s` does not exist' % (gistid,))
                 data = gist.get_api_data()
                 if content:
                     from rhodecode.model.gist import GistModel
                     rev, gist_files = GistModel().get_gist_files(gistid)
                     data['content'] = dict([(x.path, x.content) for x in gist_files])
                 return data
             @jsonrpc_method()
             def get_gists(request, apiuser, userid=Optional(OAttr('apiuser'))):
                 """
                 Get all gists for given user. If userid is empty returned gists
                 are for user who called the api
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param userid: user to get gists for
                 :type userid: Optional(str or int)
                 """
                 if not has_superadmin_permission(apiuser):
                     # make sure normal user does not pass someone else userid,
                     # he is not allowed to do that
                     if not isinstance(userid, Optional) and userid != apiuser.user_id:
                         raise JSONRPCError(
                             'userid is not the same as your user'
                         )
                 if isinstance(userid, Optional):
                     user_id = apiuser.user_id
                 else:
                     user_id = get_user_or_error(userid).user_id
                 gists = []
                 _gists = Gist().query() \
                     .filter(or_(
                     Gist.gist_expires == -1, Gist.gist_expires >= time.time())) \
                     .filter(Gist.gist_owner == user_id) \
                     .order_by(Gist.created_on.desc())
                 for gist in _gists:
                     gists.append(gist.get_api_data())
                 return gists
             @jsonrpc_method()
             def create_gist(
-                    request, apiuser, files, owner=Optional(OAttr('apiuser')),
+                    request, apiuser, files, gistid=Optional(None),
+                    owner=Optional(OAttr('apiuser')),
                     gist_type=Optional(Gist.GIST_PUBLIC), lifetime=Optional(-1),
                     acl_level=Optional(Gist.ACL_LEVEL_PUBLIC),
                     description=Optional('')):
                 """
                 Creates a new Gist.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param files: files to be added to the gist. The data structure has
                     to match the following example::
-                      {'filename': {'content':'...', 'lexer': null},
+                      {'filename1': {'content':'...'}, 'filename2': {'content':'...'}}
-                       'filename2': {'content':'...', 'lexer': null}}
                 :type files: dict
+                :param gistid: Set a custom id for the gist
+                :type gistid: Optional(str)
                 :param owner: Set the gist owner, defaults to api method caller
                 :type owner: Optional(str or int)
                 :param gist_type: type of gist ``public`` or ``private``
                 :type gist_type: Optional(str)
                 :param lifetime: time in minutes of gist lifetime
                 :type lifetime: Optional(int)
                 :param acl_level: acl level for this gist, can be
                     ``acl_public`` or ``acl_private`` If the value is set to
                     ``acl_private`` only logged in users are able to access this gist.
                     If not set it defaults to ``acl_public``.
                 :type acl_level: Optional(str)
                 :param description: gist description
                 :type description: Optional(str)
                 Example  output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     "msg": "created new gist",
                     "gist": {}
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     "failed to create gist"
                   }
                 """
+                from rhodecode.model import validation_schema
+                from rhodecode.model.validation_schema.schemas import gist_schema
-                try:
                 if isinstance(owner, Optional):
                     owner = apiuser.user_id
                 owner = get_user_or_error(owner)
-                    description = Optional.extract(description)
-                    gist_type = Optional.extract(gist_type)
                 lifetime = Optional.extract(lifetime)
-                    acl_level = Optional.extract(acl_level)
+                schema = gist_schema.GistSchema().bind(
+                    # bind the given values if it's allowed, however the deferred
+                    # validator will still validate it according to other rules
+                    lifetime_options=[lifetime])
+                try:
+                    nodes = gist_schema.nodes_to_sequence(
+                        files, colander_node=schema.get('nodes'))
-                    gist = GistModel().create(description=description,
+                    schema_data = schema.deserialize(dict(
+                        gistid=Optional.extract(gistid),
+                        description=Optional.extract(description),
+                        gist_type=Optional.extract(gist_type),
+                        lifetime=lifetime,
+                        gist_acl_level=Optional.extract(acl_level),
+                        nodes=nodes
+                    ))
+                    # convert to safer format with just KEYs so we sure no duplicates
+                    schema_data['nodes'] = gist_schema.sequence_to_nodes(
+                        schema_data['nodes'], colander_node=schema.get('nodes'))
+                except validation_schema.Invalid as err:
+                    raise JSONRPCValidationError(colander_exc=err)
+                try:
+                    gist = GistModel().create(
                         owner=owner,
-                                              gist_mapping=files,
+                        gist_id=schema_data['gistid'],
-                                              gist_type=gist_type,
+                        description=schema_data['description'],
-                                              lifetime=lifetime,
+                        gist_mapping=schema_data['nodes'],
-                                              gist_acl_level=acl_level)
+                        gist_type=schema_data['gist_type'],
+                        lifetime=schema_data['lifetime'],
+                        gist_acl_level=schema_data['gist_acl_level'])
                     Session().commit()
                     return {
                         'msg': 'created new gist',
                         'gist': gist.get_api_data()
                     }
                 except Exception:
                     log.exception('Error occurred during creation of gist')
                     raise JSONRPCError('failed to create gist')
             @jsonrpc_method()
             def delete_gist(request, apiuser, gistid):
                 """
                 Deletes existing gist
                 :param apiuser: filled automatically from apikey
                 :type apiuser: AuthUser
                 :param gistid: id of gist to delete
                 :type gistid: str
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     "deleted gist ID: <gist_id>",
                     "gist": null
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     "failed to delete gist ID:<gist_id>"
                   }
                 """
                 gist = get_gist_or_error(gistid)
                 if not has_superadmin_permission(apiuser):
                     if gist.gist_owner != apiuser.user_id:
                         raise JSONRPCError('gist `%s` does not exist' % (gistid,))
                 try:
                     GistModel().delete(gist)
                     Session().commit()
                     return {
                         'msg': 'deleted gist ID:%s' % (gist.gist_access_id,),
                         'gist': None
                     }
                 except Exception:
                     log.exception('Error occured during gist deletion')
                     raise JSONRPCError('failed to delete gist ID:%s'
                                        % (gist.gist_access_id,))

rhodecode/api/views/repo_api.py

0 +2 -2

             # -*- coding: utf-8 -*-
             # Copyright (C) 2011-2016  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import time
             import colander
             from rhodecode import BACKENDS
             from rhodecode.api import jsonrpc_method, JSONRPCError, JSONRPCForbidden, json
             from rhodecode.api.utils import (
                 has_superadmin_permission, Optional, OAttr, get_repo_or_error,
                 get_user_group_or_error, get_user_or_error, has_repo_permissions,
                 get_perm_or_error, store_update, get_repo_group_or_error, parse_args,
                 get_origin, build_commit_data)
             from rhodecode.lib.auth import (
                 HasPermissionAnyApi, HasRepoGroupPermissionAnyApi,
                 HasUserGroupPermissionAnyApi)
             from rhodecode.lib.exceptions import StatusChangeOnClosedPullRequestError
             from rhodecode.lib.utils import map_groups
             from rhodecode.lib.utils2 import str2bool, time_to_datetime
             from rhodecode.model.changeset_status import ChangesetStatusModel
             from rhodecode.model.comment import ChangesetCommentsModel
             from rhodecode.model.db import (
                 Session, ChangesetStatus, RepositoryField, Repository)
             from rhodecode.model.repo import RepoModel
             from rhodecode.model.repo_group import RepoGroupModel
             from rhodecode.model.scm import ScmModel, RepoList
             from rhodecode.model.settings import SettingsModel, VcsSettingsModel
-            from rhodecode.model.validation_schema import RepoSchema
+            from rhodecode.model.validation_schema.schemas import repo_schema
             log = logging.getLogger(__name__)
             @jsonrpc_method()
             def get_repo(request, apiuser, repoid, cache=Optional(True)):
                 """
                 Gets an existing repository by its name or repository_id.
                 The members section so the output returns users groups or users
                 associated with that repository.
                 This command can only be run using an |authtoken| with admin rights,
                 or users with at least read rights to the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository id.
                 :type repoid: str or int
                 :param cache: use the cached value for last changeset
                 :type: cache: Optional(bool)
                 Example output:
                 .. code-block:: bash
                     {
                       "error": null,
                       "id": <repo_id>,
                       "result": {
                         "clone_uri": null,
                         "created_on": "timestamp",
                         "description": "repo description",
                         "enable_downloads": false,
                         "enable_locking": false,
                         "enable_statistics": false,
                         "followers": [
                           {
                             "active": true,
                             "admin": false,
                             "api_key": "****************************************",
                             "api_keys": [
                               "****************************************"
                             ],
                             "email": "user@example.com",
                             "emails": [
                               "user@example.com"
                             ],
                             "extern_name": "rhodecode",
                             "extern_type": "rhodecode",
                             "firstname": "username",
                             "ip_addresses": [],
                             "language": null,
                             "last_login": "2015-09-16T17:16:35.854",
                             "lastname": "surname",
                             "user_id": <user_id>,
                             "username": "name"
                           }
                         ],
                         "fork_of": "parent-repo",
                         "landing_rev": [
                           "rev",
                           "tip"
                         ],
                         "last_changeset": {
                           "author": "User <user@example.com>",
                           "branch": "default",
                           "date": "timestamp",
                           "message": "last commit message",
                           "parents": [
                             {
                               "raw_id": "commit-id"
                             }
                           ],
                           "raw_id": "commit-id",
                           "revision": <revision number>,
                           "short_id": "short id"
                         },
                         "lock_reason": null,
                         "locked_by": null,
                         "locked_date": null,
                         "members": [
                           {
                             "name": "super-admin-name",
                             "origin": "super-admin",
                             "permission": "repository.admin",
                             "type": "user"
                           },
                           {
                             "name": "owner-name",
                             "origin": "owner",
                             "permission": "repository.admin",
                             "type": "user"
                           },
                           {
                             "name": "user-group-name",
                             "origin": "permission",
                             "permission": "repository.write",
                             "type": "user_group"
                           }
                         ],
                         "owner": "owner-name",
                         "permissions": [
                           {
                             "name": "super-admin-name",
                             "origin": "super-admin",
                             "permission": "repository.admin",
                             "type": "user"
                           },
                           {
                             "name": "owner-name",
                             "origin": "owner",
                             "permission": "repository.admin",
                             "type": "user"
                           },
                           {
                             "name": "user-group-name",
                             "origin": "permission",
                             "permission": "repository.write",
                             "type": "user_group"
                           }
                         ],
                         "private": true,
                         "repo_id": 676,
                         "repo_name": "user-group/repo-name",
                         "repo_type": "hg"
                       }
                     }
                 """
                 repo = get_repo_or_error(repoid)
                 cache = Optional.extract(cache)
                 include_secrets = False
                 if has_superadmin_permission(apiuser):
                     include_secrets = True
                 else:
                     # check if we have at least read permission for this repo !
                     _perms = (
                         'repository.admin', 'repository.write', 'repository.read',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 permissions = []
                 for _user in repo.permissions():
                     user_data = {
                         'name': _user.username,
                         'permission': _user.permission,
                         'origin': get_origin(_user),
                         'type': "user",
                     }
                     permissions.append(user_data)
                 for _user_group in repo.permission_user_groups():
                     user_group_data = {
                         'name': _user_group.users_group_name,
                         'permission': _user_group.permission,
                         'origin': get_origin(_user_group),
                         'type': "user_group",
                     }
                     permissions.append(user_group_data)
                 following_users = [
                     user.user.get_api_data(include_secrets=include_secrets)
                     for user in repo.followers]
                 if not cache:
                     repo.update_commit_cache()
                 data = repo.get_api_data(include_secrets=include_secrets)
                 data['members'] = permissions  # TODO: this should be deprecated soon
                 data['permissions'] = permissions
                 data['followers'] = following_users
                 return data
             @jsonrpc_method()
             def get_repos(request, apiuser):
                 """
                 Lists all existing repositories.
                 This command can only be run using an |authtoken| with admin rights,
                 or users with at least read rights to |repos|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: [
                               {
                                 "repo_id" :          "<repo_id>",
                                 "repo_name" :        "<reponame>"
                                 "repo_type" :        "<repo_type>",
                                 "clone_uri" :        "<clone_uri>",
                                 "private": :         "<bool>",
                                 "created_on" :       "<datetimecreated>",
                                 "description" :      "<description>",
                                 "landing_rev":       "<landing_rev>",
                                 "owner":             "<repo_owner>",
                                 "fork_of":           "<name_of_fork_parent>",
                                 "enable_downloads":  "<bool>",
                                 "enable_locking":    "<bool>",
                                 "enable_statistics": "<bool>",
                               },
                               ...
                             ]
                     error:  null
                 """
                 include_secrets = has_superadmin_permission(apiuser)
                 _perms = ('repository.read', 'repository.write', 'repository.admin',)
                 extras = {'user': apiuser}
                 repo_list = RepoList(
                     RepoModel().get_all(), perm_set=_perms, extra_kwargs=extras)
                 return [repo.get_api_data(include_secrets=include_secrets)
                         for repo in repo_list]
             @jsonrpc_method()
             def get_repo_changeset(request, apiuser, repoid, revision,
                                    details=Optional('basic')):
                 """
                 Returns information about a changeset.
                 Additionally parameters define the amount of details returned by
                 this function.
                 This command can only be run using an |authtoken| with admin rights,
                 or users with at least read rights to the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository id
                 :type repoid: str or int
                 :param revision: revision for which listing should be done
                 :type revision: str
                 :param details: details can be 'basic|extended|full' full gives diff
                     info details like the diff itself, and number of changed files etc.
                 :type details: Optional(str)
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = (
                         'repository.admin', 'repository.write', 'repository.read',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 changes_details = Optional.extract(details)
                 _changes_details_types = ['basic', 'extended', 'full']
                 if changes_details not in _changes_details_types:
                     raise JSONRPCError(
                         'ret_type must be one of %s' % (
                             ','.join(_changes_details_types)))
                 pre_load = ['author', 'branch', 'date', 'message', 'parents',
                             'status', '_commit', '_file_paths']
                 try:
                     cs = repo.get_commit(commit_id=revision, pre_load=pre_load)
                 except TypeError as e:
                     raise JSONRPCError(e.message)
                 _cs_json = cs.__json__()
                 _cs_json['diff'] = build_commit_data(cs, changes_details)
                 if changes_details == 'full':
                     _cs_json['refs'] = {
                         'branches': [cs.branch],
                         'bookmarks': getattr(cs, 'bookmarks', []),
                         'tags': cs.tags
                     }
                 return _cs_json
             @jsonrpc_method()
             def get_repo_changesets(request, apiuser, repoid, start_rev, limit,
                                     details=Optional('basic')):
                 """
                 Returns a set of commits limited by the number starting
                 from the `start_rev` option.
                 Additional parameters define the amount of details returned by this
                 function.
                 This command can only be run using an |authtoken| with admin rights,
                 or users with at least read rights to |repos|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository ID.
                 :type repoid: str or int
                 :param start_rev: The starting revision from where to get changesets.
                 :type start_rev: str
                 :param limit: Limit the number of commits to this amount
                 :type limit: str or int
                 :param details: Set the level of detail returned. Valid option are:
                     ``basic``, ``extended`` and ``full``.
                 :type details: Optional(str)
                 .. note::
                    Setting the parameter `details` to the value ``full`` is extensive
                    and returns details like the diff itself, and the number
                    of changed files.
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = (
                         'repository.admin', 'repository.write', 'repository.read',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 changes_details = Optional.extract(details)
                 _changes_details_types = ['basic', 'extended', 'full']
                 if changes_details not in _changes_details_types:
                     raise JSONRPCError(
                         'ret_type must be one of %s' % (
                             ','.join(_changes_details_types)))
                 limit = int(limit)
                 pre_load = ['author', 'branch', 'date', 'message', 'parents',
                             'status', '_commit', '_file_paths']
                 vcs_repo = repo.scm_instance()
                 # SVN needs a special case to distinguish its index and commit id
                 if vcs_repo and vcs_repo.alias == 'svn' and (start_rev == '0'):
                     start_rev = vcs_repo.commit_ids[0]
                 try:
                     commits = vcs_repo.get_commits(
                         start_id=start_rev, pre_load=pre_load)
                 except TypeError as e:
                     raise JSONRPCError(e.message)
                 except Exception:
                     log.exception('Fetching of commits failed')
                     raise JSONRPCError('Error occurred during commit fetching')
                 ret = []
                 for cnt, commit in enumerate(commits):
                     if cnt >= limit != -1:
                         break
                     _cs_json = commit.__json__()
                     _cs_json['diff'] = build_commit_data(commit, changes_details)
                     if changes_details == 'full':
                         _cs_json['refs'] = {
                             'branches': [commit.branch],
                             'bookmarks': getattr(commit, 'bookmarks', []),
                             'tags': commit.tags
                         }
                     ret.append(_cs_json)
                 return ret
             @jsonrpc_method()
             def get_repo_nodes(request, apiuser, repoid, revision, root_path,
                                ret_type=Optional('all'), details=Optional('basic'),
                                max_file_bytes=Optional(None)):
                 """
                 Returns a list of nodes and children in a flat list for a given
                 path at given revision.
                 It's possible to specify ret_type to show only `files` or `dirs`.
                 This command can only be run using an |authtoken| with admin rights,
                 or users with at least read rights to |repos|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository ID.
                 :type repoid: str or int
                 :param revision: The revision for which listing should be done.
                 :type revision: str
                 :param root_path: The path from which to start displaying.
                 :type root_path: str
                 :param ret_type: Set the return type. Valid options are
                     ``all`` (default), ``files`` and ``dirs``.
                 :type ret_type: Optional(str)
                 :param details: Returns extended information about nodes, such as
                     md5, binary, and or content.  The valid options are ``basic`` and
                     ``full``.
                 :type details: Optional(str)
                 :param max_file_bytes: Only return file content under this file size bytes
                 :type details: Optional(int)
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: [
                               {
                                 "name" : "<name>"
                                 "type" : "<type>",
                                 "binary": "<true|false>" (only in extended mode)
                                 "md5"  : "<md5 of file content>" (only in extended mode)
                               },
                               ...
                             ]
                     error:  null
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = (
                         'repository.admin', 'repository.write', 'repository.read',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 ret_type = Optional.extract(ret_type)
                 details = Optional.extract(details)
                 _extended_types = ['basic', 'full']
                 if details not in _extended_types:
                     raise JSONRPCError(
                         'ret_type must be one of %s' % (','.join(_extended_types)))
                 extended_info = False
                 content = False
                 if details == 'basic':
                     extended_info = True
                 if details == 'full':
                     extended_info = content = True
                 _map = {}
                 try:
                     # check if repo is not empty by any chance, skip quicker if it is.
                     _scm = repo.scm_instance()
                     if _scm.is_empty():
                         return []
                     _d, _f = ScmModel().get_nodes(
                         repo, revision, root_path, flat=False,
                         extended_info=extended_info, content=content,
                         max_file_bytes=max_file_bytes)
                     _map = {
                         'all': _d + _f,
                         'files': _f,
                         'dirs': _d,
                     }
                     return _map[ret_type]
                 except KeyError:
                     raise JSONRPCError(
                         'ret_type must be one of %s' % (','.join(sorted(_map.keys()))))
                 except Exception:
                     log.exception("Exception occurred while trying to get repo nodes")
                     raise JSONRPCError(
                         'failed to get repo: `%s` nodes' % repo.repo_name
                     )
             @jsonrpc_method()
             def get_repo_refs(request, apiuser, repoid):
                 """
                 Returns a dictionary of current references. It returns
                 bookmarks, branches, closed_branches, and tags for given repository
                 It's possible to specify ret_type to show only `files` or `dirs`.
                 This command can only be run using an |authtoken| with admin rights,
                 or users with at least read rights to |repos|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository ID.
                 :type repoid: str or int
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: [
                               TODO...
                             ]
                     error:  null
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin', 'repository.write', 'repository.read',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 try:
                     # check if repo is not empty by any chance, skip quicker if it is.
                     vcs_instance = repo.scm_instance()
                     refs = vcs_instance.refs()
                     return refs
                 except Exception:
                     log.exception("Exception occurred while trying to get repo refs")
                     raise JSONRPCError(
                         'failed to get repo: `%s` references' % repo.repo_name
                     )
             @jsonrpc_method()
             def create_repo(request, apiuser, repo_name, repo_type,
                             owner=Optional(OAttr('apiuser')), description=Optional(''),
                             private=Optional(False), clone_uri=Optional(None),
                             landing_rev=Optional('rev:tip'),
                             enable_statistics=Optional(False),
                             enable_locking=Optional(False),
                             enable_downloads=Optional(False),
                             copy_permissions=Optional(False)):
                 """
                 Creates a repository.
                 * If the repository name contains "/", all the required repository
                   groups will be created.
                   For example "foo/bar/baz" will create |repo| groups "foo" and "bar"
                   (with "foo" as parent). It will also create the "baz" repository
                   with "bar" as |repo| group.
                 This command can only be run using an |authtoken| with at least
                 write permissions to the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repo_name: Set the repository name.
                 :type repo_name: str
                 :param repo_type: Set the repository type; 'hg','git', or 'svn'.
                 :type repo_type: str
                 :param owner: user_id or username
                 :type owner: Optional(str)
                 :param description: Set the repository description.
                 :type description: Optional(str)
                 :param private:
                 :type private: bool
                 :param clone_uri:
                 :type clone_uri: str
                 :param landing_rev: <rev_type>:<rev>
                 :type landing_rev: str
                 :param enable_locking:
                 :type enable_locking: bool
                 :param enable_downloads:
                 :type enable_downloads: bool
                 :param enable_statistics:
                 :type enable_statistics: bool
                 :param copy_permissions: Copy permission from group in which the
                     repository is being created.
                 :type copy_permissions: bool
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                               "msg": "Created new repository `<reponame>`",
                               "success": true,
                               "task": "<celery task id or None if done sync>"
                             }
                     error:  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                      'failed to create repository `<repo_name>`
                   }
                 """
-                schema = RepoSchema()
+                schema = repo_schema.RepoSchema()
                 try:
                     data = schema.deserialize({
                         'repo_name': repo_name
                     })
                 except colander.Invalid as e:
                     raise JSONRPCError("Validation failed: %s" % (e.asdict(),))
                 repo_name = data['repo_name']
                 (repo_name_cleaned,
                  parent_group_name) = RepoGroupModel()._get_group_name_and_parent(
                     repo_name)
                 if not HasPermissionAnyApi(
                         'hg.admin', 'hg.create.repository')(user=apiuser):
                     # check if we have admin permission for this repo group if given !
                     if parent_group_name:
                         repogroupid = parent_group_name
                         repo_group = get_repo_group_or_error(parent_group_name)
                         _perms = ('group.admin',)
                         if not HasRepoGroupPermissionAnyApi(*_perms)(
                                 user=apiuser, group_name=repo_group.group_name):
                             raise JSONRPCError(
                                 'repository group `%s` does not exist' % (
                                     repogroupid,))
                     else:
                         raise JSONRPCForbidden()
                 if not has_superadmin_permission(apiuser):
                     if not isinstance(owner, Optional):
                         # forbid setting owner for non-admins
                         raise JSONRPCError(
                             'Only RhodeCode admin can specify `owner` param')
                 if isinstance(owner, Optional):
                     owner = apiuser.user_id
                 owner = get_user_or_error(owner)
                 if RepoModel().get_by_repo_name(repo_name):
                     raise JSONRPCError("repo `%s` already exist" % repo_name)
                 defs = SettingsModel().get_default_repo_settings(strip_prefix=True)
                 if isinstance(private, Optional):
                     private = defs.get('repo_private') or Optional.extract(private)
                 if isinstance(repo_type, Optional):
                     repo_type = defs.get('repo_type')
                 if isinstance(enable_statistics, Optional):
                     enable_statistics = defs.get('repo_enable_statistics')
                 if isinstance(enable_locking, Optional):
                     enable_locking = defs.get('repo_enable_locking')
                 if isinstance(enable_downloads, Optional):
                     enable_downloads = defs.get('repo_enable_downloads')
                 clone_uri = Optional.extract(clone_uri)
                 description = Optional.extract(description)
                 landing_rev = Optional.extract(landing_rev)
                 copy_permissions = Optional.extract(copy_permissions)
                 try:
                     # create structure of groups and return the last group
                     repo_group = map_groups(repo_name)
                     data = {
                         'repo_name': repo_name_cleaned,
                         'repo_name_full': repo_name,
                         'repo_type': repo_type,
                         'repo_description': description,
                         'owner': owner,
                         'repo_private': private,
                         'clone_uri': clone_uri,
                         'repo_group': repo_group.group_id if repo_group else None,
                         'repo_landing_rev': landing_rev,
                         'enable_statistics': enable_statistics,
                         'enable_locking': enable_locking,
                         'enable_downloads': enable_downloads,
                         'repo_copy_permissions': copy_permissions,
                     }
                     if repo_type not in BACKENDS.keys():
                         raise Exception("Invalid backend type %s" % repo_type)
                     task = RepoModel().create(form_data=data, cur_user=owner)
                     from celery.result import BaseAsyncResult
                     task_id = None
                     if isinstance(task, BaseAsyncResult):
                         task_id = task.task_id
                     # no commit, it's done in RepoModel, or async via celery
                     return {
                         'msg': "Created new repository `%s`" % (repo_name,),
                         'success': True,  # cannot return the repo data here since fork
                         # cann be done async
                         'task': task_id
                     }
                 except Exception:
                     log.exception(
                         u"Exception while trying to create the repository %s",
                         repo_name)
                     raise JSONRPCError(
                         'failed to create repository `%s`' % (repo_name,))
             @jsonrpc_method()
             def add_field_to_repo(request, apiuser, repoid, key, label=Optional(''),
                                   description=Optional('')):
                 """
                 Adds an extra field to a repository.
                 This command can only be run using an |authtoken| with at least
                 write permissions to the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository id.
                 :type repoid: str or int
                 :param key: Create a unique field key for this repository.
                 :type key: str
                 :param label:
                 :type label: Optional(str)
                 :param description:
                 :type description: Optional(str)
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 label = Optional.extract(label) or key
                 description = Optional.extract(description)
                 field = RepositoryField.get_by_key_name(key, repo)
                 if field:
                     raise JSONRPCError('Field with key '
                                        '`%s` exists for repo `%s`' % (key, repoid))
                 try:
                     RepoModel().add_repo_field(repo, key, field_label=label,
                                                field_desc=description)
                     Session().commit()
                     return {
                         'msg': "Added new repository field `%s`" % (key,),
                         'success': True,
                     }
                 except Exception:
                     log.exception("Exception occurred while trying to add field to repo")
                     raise JSONRPCError(
                         'failed to create new field for repository `%s`' % (repoid,))
             @jsonrpc_method()
             def remove_field_from_repo(request, apiuser, repoid, key):
                 """
                 Removes an extra field from a repository.
                 This command can only be run using an |authtoken| with at least
                 write permissions to the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param key: Set the unique field key for this repository.
                 :type key: str
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 field = RepositoryField.get_by_key_name(key, repo)
                 if not field:
                     raise JSONRPCError('Field with key `%s` does not '
                                        'exists for repo `%s`' % (key, repoid))
                 try:
                     RepoModel().delete_repo_field(repo, field_key=key)
                     Session().commit()
                     return {
                         'msg': "Deleted repository field `%s`" % (key,),
                         'success': True,
                     }
                 except Exception:
                     log.exception(
                         "Exception occurred while trying to delete field from repo")
                     raise JSONRPCError(
                         'failed to delete field for repository `%s`' % (repoid,))
             @jsonrpc_method()
             def update_repo(request, apiuser, repoid, name=Optional(None),
                             owner=Optional(OAttr('apiuser')),
                             group=Optional(None),
                             fork_of=Optional(None),
                             description=Optional(''), private=Optional(False),
                             clone_uri=Optional(None), landing_rev=Optional('rev:tip'),
                             enable_statistics=Optional(False),
                             enable_locking=Optional(False),
                             enable_downloads=Optional(False),
                             fields=Optional('')):
                 """
                 Updates a repository with the given information.
                 This command can only be run using an |authtoken| with at least
                 write permissions to the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: repository name or repository ID.
                 :type repoid: str or int
                 :param name: Update the |repo| name.
                 :type name: str
                 :param owner: Set the |repo| owner.
                 :type owner: str
                 :param group: Set the |repo| group the |repo| belongs to.
                 :type group: str
                 :param fork_of: Set the master |repo| name.
                 :type fork_of: str
                 :param description: Update the |repo| description.
                 :type description: str
                 :param private: Set the |repo| as private. (True | False)
                 :type private: bool
                 :param clone_uri: Update the |repo| clone URI.
                 :type clone_uri: str
                 :param landing_rev: Set the |repo| landing revision. Default is
                     ``tip``.
                 :type landing_rev: str
                 :param enable_statistics: Enable statistics on the |repo|,
                     (True | False).
                 :type enable_statistics: bool
                 :param enable_locking: Enable |repo| locking.
                 :type enable_locking: bool
                 :param enable_downloads: Enable downloads from the |repo|,
                     (True | False).
                 :type enable_downloads: bool
                 :param fields: Add extra fields to the |repo|. Use the following
                     example format: ``field_key=field_val,field_key2=fieldval2``.
                     Escape ', ' with \,
                 :type fields: str
                 """
                 repo = get_repo_or_error(repoid)
                 include_secrets = False
                 if has_superadmin_permission(apiuser):
                     include_secrets = True
                 else:
                     _perms = ('repository.admin',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 updates = {
                     # update function requires this.
                     'repo_name': repo.just_name
                 }
                 repo_group = group
                 if not isinstance(repo_group, Optional):
                     repo_group = get_repo_group_or_error(repo_group)
                     repo_group = repo_group.group_id
                 repo_fork_of = fork_of
                 if not isinstance(repo_fork_of, Optional):
                     repo_fork_of = get_repo_or_error(repo_fork_of)
                     repo_fork_of = repo_fork_of.repo_id
                 try:
                     store_update(updates, name, 'repo_name')
                     store_update(updates, repo_group, 'repo_group')
                     store_update(updates, repo_fork_of, 'fork_id')
                     store_update(updates, owner, 'user')
                     store_update(updates, description, 'repo_description')
                     store_update(updates, private, 'repo_private')
                     store_update(updates, clone_uri, 'clone_uri')
                     store_update(updates, landing_rev, 'repo_landing_rev')
                     store_update(updates, enable_statistics, 'repo_enable_statistics')
                     store_update(updates, enable_locking, 'repo_enable_locking')
                     store_update(updates, enable_downloads, 'repo_enable_downloads')
                     # extra fields
                     fields = parse_args(Optional.extract(fields), key_prefix='ex_')
                     if fields:
                         updates.update(fields)
                     RepoModel().update(repo, **updates)
                     Session().commit()
                     return {
                         'msg': 'updated repo ID:%s %s' % (
                             repo.repo_id, repo.repo_name),
                         'repository': repo.get_api_data(
                             include_secrets=include_secrets)
                     }
                 except Exception:
                     log.exception(
                         u"Exception while trying to update the repository %s",
                         repoid)
                     raise JSONRPCError('failed to update repo `%s`' % repoid)
             @jsonrpc_method()
             def fork_repo(request, apiuser, repoid, fork_name,
                           owner=Optional(OAttr('apiuser')),
                           description=Optional(''), copy_permissions=Optional(False),
                           private=Optional(False), landing_rev=Optional('rev:tip')):
                 """
                 Creates a fork of the specified |repo|.
                 * If using |RCE| with Celery this will immediately return a success
                   message, even though the fork will be created asynchronously.
                 This command can only be run using an |authtoken| with fork
                 permissions on the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set repository name or repository ID.
                 :type repoid: str or int
                 :param fork_name: Set the fork name.
                 :type fork_name: str
                 :param owner: Set the fork owner.
                 :type owner: str
                 :param description: Set the fork descripton.
                 :type description: str
                 :param copy_permissions: Copy permissions from parent |repo|. The
                     default is False.
                 :type copy_permissions: bool
                 :param private: Make the fork private. The default is False.
                 :type private: bool
                 :param landing_rev: Set the landing revision. The default is tip.
                 Example output:
                 .. code-block:: bash
                     id : <id_for_response>
                     api_key : "<api_key>"
                     args:     {
                                 "repoid" :          "<reponame or repo_id>",
                                 "fork_name":        "<forkname>",
                                 "owner":            "<username or user_id = Optional(=apiuser)>",
                                 "description":      "<description>",
                                 "copy_permissions": "<bool>",
                                 "private":          "<bool>",
                                 "landing_rev":      "<landing_rev>"
                               }
                 Example error output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                               "msg": "Created fork of `<reponame>` as `<forkname>`",
                               "success": true,
                               "task": "<celery task id or None if done sync>"
                             }
                     error:  null
                 """
                 if not has_superadmin_permission(apiuser):
                     if not HasPermissionAnyApi('hg.fork.repository')(user=apiuser):
                         raise JSONRPCForbidden()
                 repo = get_repo_or_error(repoid)
                 repo_name = repo.repo_name
                 (fork_name_cleaned,
                  parent_group_name) = RepoGroupModel()._get_group_name_and_parent(
                     fork_name)
                 if not has_superadmin_permission(apiuser):
                     # check if we have at least read permission for
                     # this repo that we fork !
                     _perms = (
                         'repository.admin', 'repository.write', 'repository.read')
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                     if not isinstance(owner, Optional):
                         # forbid setting owner for non super admins
                         raise JSONRPCError(
                             'Only RhodeCode admin can specify `owner` param'
                         )
                     # check if we have a create.repo permission if not maybe the parent
                     # group permission
                     if not HasPermissionAnyApi('hg.create.repository')(user=apiuser):
                         if parent_group_name:
                             repogroupid = parent_group_name
                             repo_group = get_repo_group_or_error(parent_group_name)
                             _perms = ('group.admin',)
                             if not HasRepoGroupPermissionAnyApi(*_perms)(
                                     user=apiuser, group_name=repo_group.group_name):
                                 raise JSONRPCError(
                                     'repository group `%s` does not exist' % (
                                         repogroupid,))
                         else:
                             raise JSONRPCForbidden()
                 _repo = RepoModel().get_by_repo_name(fork_name)
                 if _repo:
                     type_ = 'fork' if _repo.fork else 'repo'
                     raise JSONRPCError("%s `%s` already exist" % (type_, fork_name))
                 if isinstance(owner, Optional):
                     owner = apiuser.user_id
                 owner = get_user_or_error(owner)
                 try:
                     # create structure of groups and return the last group
                     repo_group = map_groups(fork_name)
                     form_data = {
                         'repo_name': fork_name_cleaned,
                         'repo_name_full': fork_name,
                         'repo_group': repo_group.group_id if repo_group else None,
                         'repo_type': repo.repo_type,
                         'description': Optional.extract(description),
                         'private': Optional.extract(private),
                         'copy_permissions': Optional.extract(copy_permissions),
                         'landing_rev': Optional.extract(landing_rev),
                         'fork_parent_id': repo.repo_id,
                     }
                     task = RepoModel().create_fork(form_data, cur_user=owner)
                     # no commit, it's done in RepoModel, or async via celery
                     from celery.result import BaseAsyncResult
                     task_id = None
                     if isinstance(task, BaseAsyncResult):
                         task_id = task.task_id
                     return {
                         'msg': 'Created fork of `%s` as `%s`' % (
                             repo.repo_name, fork_name),
                         'success': True,  # cannot return the repo data here since fork
                         # can be done async
                         'task': task_id
                     }
                 except Exception:
                     log.exception("Exception occurred while trying to fork a repo")
                     raise JSONRPCError(
                         'failed to fork repository `%s` as `%s`' % (
                             repo_name, fork_name))
             @jsonrpc_method()
             def delete_repo(request, apiuser, repoid, forks=Optional('')):
                 """
                 Deletes a repository.
                 * When the `forks` parameter is set it's possible to detach or delete
                   forks of deleted repository.
                 This command can only be run using an |authtoken| with admin
                 permissions on the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param forks: Set to `detach` or `delete` forks from the |repo|.
                 :type forks: Optional(str)
                 Example error output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                               "msg": "Deleted repository `<reponame>`",
                               "success": true
                             }
                     error:  null
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 try:
                     handle_forks = Optional.extract(forks)
                     _forks_msg = ''
                     _forks = [f for f in repo.forks]
                     if handle_forks == 'detach':
                         _forks_msg = ' ' + 'Detached %s forks' % len(_forks)
                     elif handle_forks == 'delete':
                         _forks_msg = ' ' + 'Deleted %s forks' % len(_forks)
                     elif _forks:
                         raise JSONRPCError(
                             'Cannot delete `%s` it still contains attached forks' %
                             (repo.repo_name,)
                         )
                     RepoModel().delete(repo, forks=forks)
                     Session().commit()
                     return {
                         'msg': 'Deleted repository `%s`%s' % (
                             repo.repo_name, _forks_msg),
                         'success': True
                     }
                 except Exception:
                     log.exception("Exception occurred while trying to delete repo")
                     raise JSONRPCError(
                         'failed to delete repository `%s`' % (repo.repo_name,)
                     )
             #TODO: marcink, change name ?
             @jsonrpc_method()
             def invalidate_cache(request, apiuser, repoid, delete_keys=Optional(False)):
                 """
                 Invalidates the cache for the specified repository.
                 This command can only be run using an |authtoken| with admin rights to
                 the specified repository.
                 This command takes the following options:
                 :param apiuser: This is filled automatically from |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Sets the repository name or repository ID.
                 :type repoid: str or int
                 :param delete_keys: This deletes the invalidated keys instead of
                     just flagging them.
                 :type delete_keys: Optional(``True`` | ``False``)
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     'msg': Cache for repository `<repository name>` was invalidated,
                     'repository': <repository name>
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error : {
                      'Error occurred during cache invalidation action'
                   }
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin', 'repository.write',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 delete = Optional.extract(delete_keys)
                 try:
                     ScmModel().mark_for_invalidation(repo.repo_name, delete=delete)
                     return {
                         'msg': 'Cache for repository `%s` was invalidated' % (repoid,),
                         'repository': repo.repo_name
                     }
                 except Exception:
                     log.exception(
                         "Exception occurred while trying to invalidate repo cache")
                     raise JSONRPCError(
                         'Error occurred during cache invalidation action'
                     )
             #TODO: marcink, change name ?
             @jsonrpc_method()
             def lock(request, apiuser, repoid, locked=Optional(None),
                      userid=Optional(OAttr('apiuser'))):
                 """
                 Sets the lock state of the specified |repo| by the given user.
                 From more information, see :ref:`repo-locking`.
                 * If the ``userid`` option is not set, the repository is locked to the
                   user who called the method.
                 * If the ``locked`` parameter is not set, the current lock state of the
                   repository is displayed.
                 This command can only be run using an |authtoken| with admin rights to
                 the specified repository.
                 This command takes the following options:
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Sets the repository name or repository ID.
                 :type repoid: str or int
                 :param locked: Sets the lock state.
                 :type locked: Optional(``True`` | ``False``)
                 :param userid: Set the repository lock to this user.
                 :type userid: Optional(str or int)
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     'repo': '<reponame>',
                     'locked': <bool: lock state>,
                     'locked_since': <int: lock timestamp>,
                     'locked_by': <username of person who made the lock>,
                     'lock_reason': <str: reason for locking>,
                     'lock_state_changed': <bool: True if lock state has been changed in this request>,
                     'msg': 'Repo `<reponame>` locked by `<username>` on <timestamp>.'
                     or
                     'msg': 'Repo `<repository name>` not locked.'
                     or
                     'msg': 'User `<user name>` set lock state for repo `<repository name>` to `<new lock state>`'
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     'Error occurred locking repository `<reponame>`
                   }
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     # check if we have at least write permission for this repo !
                     _perms = ('repository.admin', 'repository.write',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                     # make sure normal user does not pass someone else userid,
                     # he is not allowed to do that
                     if not isinstance(userid, Optional) and userid != apiuser.user_id:
                         raise JSONRPCError('userid is not the same as your user')
                 if isinstance(userid, Optional):
                     userid = apiuser.user_id
                 user = get_user_or_error(userid)
                 if isinstance(locked, Optional):
                     lockobj = repo.locked
                     if lockobj[0] is None:
                         _d = {
                             'repo': repo.repo_name,
                             'locked': False,
                             'locked_since': None,
                             'locked_by': None,
                             'lock_reason': None,
                             'lock_state_changed': False,
                             'msg': 'Repo `%s` not locked.' % repo.repo_name
                         }
                         return _d
                     else:
                         _user_id, _time, _reason = lockobj
                         lock_user = get_user_or_error(userid)
                         _d = {
                             'repo': repo.repo_name,
                             'locked': True,
                             'locked_since': _time,
                             'locked_by': lock_user.username,
                             'lock_reason': _reason,
                             'lock_state_changed': False,
                             'msg': ('Repo `%s` locked by `%s` on `%s`.'
                                     % (repo.repo_name, lock_user.username,
                                        json.dumps(time_to_datetime(_time))))
                         }
                         return _d
                 # force locked state through a flag
                 else:
                     locked = str2bool(locked)
                     lock_reason = Repository.LOCK_API
                     try:
                         if locked:
                             lock_time = time.time()
                             Repository.lock(repo, user.user_id, lock_time, lock_reason)
                         else:
                             lock_time = None
                             Repository.unlock(repo)
                         _d = {
                             'repo': repo.repo_name,
                             'locked': locked,
                             'locked_since': lock_time,
                             'locked_by': user.username,
                             'lock_reason': lock_reason,
                             'lock_state_changed': True,
                             'msg': ('User `%s` set lock state for repo `%s` to `%s`'
                                     % (user.username, repo.repo_name, locked))
                         }
                         return _d
                     except Exception:
                         log.exception(
                             "Exception occurred while trying to lock repository")
                         raise JSONRPCError(
                             'Error occurred locking repository `%s`' % repo.repo_name
                         )
             @jsonrpc_method()
             def comment_commit(
                     request, apiuser, repoid, commit_id, message,
                     userid=Optional(OAttr('apiuser')), status=Optional(None)):
                 """
                 Set a commit comment, and optionally change the status of the commit.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param commit_id: Specify the commit_id for which to set a comment.
                 :type commit_id: str
                 :param message: The comment text.
                 :type message: str
                 :param userid: Set the user name of the comment creator.
                 :type userid: Optional(str or int)
                 :param status: status, one of 'not_reviewed', 'approved', 'rejected',
                    'under_review'
                 :type status: str
                 Example error output:
                 .. code-block:: json
                     {
                         "id" : <id_given_in_input>,
                         "result" : {
                             "msg": "Commented on commit `<commit_id>` for repository `<repoid>`",
                             "status_change": null or <status>,
                             "success": true
                         },
                         "error" :  null
                     }
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.read', 'repository.write', 'repository.admin')
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 if isinstance(userid, Optional):
                     userid = apiuser.user_id
                 user = get_user_or_error(userid)
                 status = Optional.extract(status)
                 allowed_statuses = [x[0] for x in ChangesetStatus.STATUSES]
                 if status and status not in allowed_statuses:
                     raise JSONRPCError('Bad status, must be on '
                                        'of %s got %s' % (allowed_statuses, status,))
                 try:
                     rc_config = SettingsModel().get_all_settings()
                     renderer = rc_config.get('rhodecode_markup_renderer', 'rst')
                     comm = ChangesetCommentsModel().create(
                         message, repo, user, revision=commit_id, status_change=status,
                         renderer=renderer)
                     if status:
                         # also do a status change
                         try:
                             ChangesetStatusModel().set_status(
                                 repo, status, user, comm, revision=commit_id,
                                 dont_allow_on_closed_pull_request=True
                             )
                         except StatusChangeOnClosedPullRequestError:
                             log.exception(
                                 "Exception occurred while trying to change repo commit status")
                             msg = ('Changing status on a changeset associated with '
                                    'a closed pull request is not allowed')
                             raise JSONRPCError(msg)
                     Session().commit()
                     return {
                         'msg': (
                             'Commented on commit `%s` for repository `%s`' % (
                                 comm.revision, repo.repo_name)),
                         'status_change': status,
                         'success': True,
                     }
                 except JSONRPCError:
                     # catch any inside errors, and re-raise them to prevent from
                     # below global catch to silence them
                     raise
                 except Exception:
                     log.exception("Exception occurred while trying to comment on commit")
                     raise JSONRPCError(
                         'failed to set comment on repository `%s`' % (repo.repo_name,)
                     )
             @jsonrpc_method()
             def grant_user_permission(request, apiuser, repoid, userid, perm):
                 """
                 Grant permissions for the specified user on the given repository,
                 or update existing permissions if found.
                 This command can only be run using an |authtoken| with admin
                 permissions on the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param userid: Set the user name.
                 :type userid: str
                 :param perm: Set the user permissions, using the following format
                     ``(repository.(none|read|write|admin))``
                 :type perm: str
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                               "msg" : "Granted perm: `<perm>` for user: `<username>` in repo: `<reponame>`",
                               "success": true
                             }
                     error:  null
                 """
                 repo = get_repo_or_error(repoid)
                 user = get_user_or_error(userid)
                 perm = get_perm_or_error(perm)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 try:
                     RepoModel().grant_user_permission(repo=repo, user=user, perm=perm)
                     Session().commit()
                     return {
                         'msg': 'Granted perm: `%s` for user: `%s` in repo: `%s`' % (
                             perm.permission_name, user.username, repo.repo_name
                         ),
                         'success': True
                     }
                 except Exception:
                     log.exception(
                         "Exception occurred while trying edit permissions for repo")
                     raise JSONRPCError(
                         'failed to edit permission for user: `%s` in repo: `%s`' % (
                             userid, repoid
                         )
                     )
             @jsonrpc_method()
             def revoke_user_permission(request, apiuser, repoid, userid):
                 """
                 Revoke permission for a user on the specified repository.
                 This command can only be run using an |authtoken| with admin
                 permissions on the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param userid: Set the user name of revoked user.
                 :type userid: str or int
                 Example error output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                               "msg" : "Revoked perm for user: `<username>` in repo: `<reponame>`",
                               "success": true
                             }
                     error:  null
                 """
                 repo = get_repo_or_error(repoid)
                 user = get_user_or_error(userid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 try:
                     RepoModel().revoke_user_permission(repo=repo, user=user)
                     Session().commit()
                     return {
                         'msg': 'Revoked perm for user: `%s` in repo: `%s`' % (
                             user.username, repo.repo_name
                         ),
                         'success': True
                     }
                 except Exception:
                     log.exception(
                         "Exception occurred while trying revoke permissions to repo")
                     raise JSONRPCError(
                         'failed to edit permission for user: `%s` in repo: `%s`' % (
                             userid, repoid
                         )
                     )
             @jsonrpc_method()
             def grant_user_group_permission(request, apiuser, repoid, usergroupid, perm):
                 """
                 Grant permission for a user group on the specified repository,
                 or update existing permissions.
                 This command can only be run using an |authtoken| with admin
                 permissions on the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param usergroupid: Specify the ID of the user group.
                 :type usergroupid: str or int
                 :param perm: Set the user group permissions using the following
                     format: (repository.(none|read|write|admin))
                 :type perm: str
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     "msg" : "Granted perm: `<perm>` for group: `<usersgroupname>` in repo: `<reponame>`",
                     "success": true
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     "failed to edit permission for user group: `<usergroup>` in repo `<repo>`'
                   }
                 """
                 repo = get_repo_or_error(repoid)
                 perm = get_perm_or_error(perm)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 user_group = get_user_group_or_error(usergroupid)
                 if not has_superadmin_permission(apiuser):
                     # check if we have at least read permission for this user group !
                     _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
                     if not HasUserGroupPermissionAnyApi(*_perms)(
                             user=apiuser, user_group_name=user_group.users_group_name):
                         raise JSONRPCError(
                             'user group `%s` does not exist' % (usergroupid,))
                 try:
                     RepoModel().grant_user_group_permission(
                         repo=repo, group_name=user_group, perm=perm)
                     Session().commit()
                     return {
                         'msg': 'Granted perm: `%s` for user group: `%s` in '
                                'repo: `%s`' % (
                                    perm.permission_name, user_group.users_group_name,
                                    repo.repo_name
                                ),
                         'success': True
                     }
                 except Exception:
                     log.exception(
                         "Exception occurred while trying change permission on repo")
                     raise JSONRPCError(
                         'failed to edit permission for user group: `%s` in '
                         'repo: `%s`' % (
                             usergroupid, repo.repo_name
                         )
                     )
             @jsonrpc_method()
             def revoke_user_group_permission(request, apiuser, repoid, usergroupid):
                 """
                 Revoke the permissions of a user group on a given repository.
                 This command can only be run using an |authtoken| with admin
                 permissions on the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param usergroupid: Specify the user group ID.
                 :type usergroupid: str or int
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                               "msg" : "Revoked perm for group: `<usersgroupname>` in repo: `<reponame>`",
                               "success": true
                             }
                     error:  null
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 user_group = get_user_group_or_error(usergroupid)
                 if not has_superadmin_permission(apiuser):
                     # check if we have at least read permission for this user group !
                     _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
                     if not HasUserGroupPermissionAnyApi(*_perms)(
                             user=apiuser, user_group_name=user_group.users_group_name):
                         raise JSONRPCError(
                             'user group `%s` does not exist' % (usergroupid,))
                 try:
                     RepoModel().revoke_user_group_permission(
                         repo=repo, group_name=user_group)
                     Session().commit()
                     return {
                         'msg': 'Revoked perm for user group: `%s` in repo: `%s`' % (
                             user_group.users_group_name, repo.repo_name
                         ),
                         'success': True
                     }
                 except Exception:
                     log.exception("Exception occurred while trying revoke "
                                   "user group permission on repo")
                     raise JSONRPCError(
                         'failed to edit permission for user group: `%s` in '
                         'repo: `%s`' % (
                             user_group.users_group_name, repo.repo_name
                         )
                     )
             @jsonrpc_method()
             def pull(request, apiuser, repoid):
                 """
                 Triggers a pull on the given repository from a remote location. You
                 can use this to keep remote repositories up-to-date.
                 This command can only be run using an |authtoken| with admin
                 rights to the specified repository. For more information,
                 see :ref:`config-token-ref`.
                 This command takes the following options:
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository ID.
                 :type repoid: str or int
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     "msg": "Pulled from `<repository name>`"
                     "repository": "<repository name>"
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     "Unable to pull changes from `<reponame>`"
                   }
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 try:
                     ScmModel().pull_changes(repo.repo_name, apiuser.username)
                     return {
                         'msg': 'Pulled from `%s`' % repo.repo_name,
                         'repository': repo.repo_name
                     }
                 except Exception:
                     log.exception("Exception occurred while trying to "
                                   "pull changes from remote location")
                     raise JSONRPCError(
                         'Unable to pull changes from `%s`' % repo.repo_name
                     )
             @jsonrpc_method()
             def strip(request, apiuser, repoid, revision, branch):
                 """
                 Strips the given revision from the specified repository.
                 * This will remove the revision and all of its decendants.
                 This command can only be run using an |authtoken| with admin rights to
                 the specified repository.
                 This command takes the following options:
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository ID.
                 :type repoid: str or int
                 :param revision: The revision you wish to strip.
                 :type revision: str
                 :param branch: The branch from which to strip the revision.
                 :type branch: str
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     "msg": "'Stripped commit <commit_hash> from repo `<repository name>`'"
                     "repository": "<repository name>"
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     "Unable to strip commit <commit_hash> from repo `<repository name>`"
                   }
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 try:
                     ScmModel().strip(repo, revision, branch)
                     return {
                         'msg': 'Stripped commit %s from repo `%s`' % (
                             revision, repo.repo_name),
                         'repository': repo.repo_name
                     }
                 except Exception:
                     log.exception("Exception while trying to strip")
                     raise JSONRPCError(
                         'Unable to strip commit %s from repo `%s`' % (
                             revision, repo.repo_name)
                     )
             @jsonrpc_method()
             def get_repo_settings(request, apiuser, repoid, key=Optional(None)):
                 """
                 Returns all settings for a repository. If key is given it only returns the
                 setting identified by the key or null.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository id.
                 :type repoid: str or int
                 :param key: Key of the setting to return.
                 :type: key: Optional(str)
                 Example output:
                 .. code-block:: bash
                     {
                         "error": null,
                         "id": 237,
                         "result": {
                             "extensions_largefiles": true,
                             "hooks_changegroup_push_logger": true,
                             "hooks_changegroup_repo_size": false,
                             "hooks_outgoing_pull_logger": true,
                             "phases_publish": "True",
                             "rhodecode_hg_use_rebase_for_merging": true,
                             "rhodecode_pr_merge_enabled": true,
                             "rhodecode_use_outdated_comments": true
                         }
                     }
                 """
                 # Restrict access to this api method to admins only.
                 if not has_superadmin_permission(apiuser):
                     raise JSONRPCForbidden()
                 try:
                     repo = get_repo_or_error(repoid)
                     settings_model = VcsSettingsModel(repo=repo)
                     settings = settings_model.get_global_settings()
                     settings.update(settings_model.get_repo_settings())
                     # If only a single setting is requested fetch it from all settings.
                     key = Optional.extract(key)
                     if key is not None:
                         settings = settings.get(key, None)
                 except Exception:
                     msg = 'Failed to fetch settings for repository `{}`'.format(repoid)
                     log.exception(msg)
                     raise JSONRPCError(msg)
                 return settings
             @jsonrpc_method()
             def set_repo_settings(request, apiuser, repoid, settings):
                 """
                 Update repository settings. Returns true on success.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository id.
                 :type repoid: str or int
                 :param settings: The new settings for the repository.
                 :type: settings: dict
                 Example output:
                 .. code-block:: bash
                     {
                         "error": null,
                         "id": 237,
                         "result": true
                     }
                 """
                 # Restrict access to this api method to admins only.
                 if not has_superadmin_permission(apiuser):
                     raise JSONRPCForbidden()
                 if type(settings) is not dict:
                     raise JSONRPCError('Settings have to be a JSON Object.')
                 try:
                     settings_model = VcsSettingsModel(repo=repoid)
                     # Merge global, repo and incoming settings.
                     new_settings = settings_model.get_global_settings()
                     new_settings.update(settings_model.get_repo_settings())
                     new_settings.update(settings)
                     # Update the settings.
                     inherit_global_settings = new_settings.get(
                         'inherit_global_settings', False)
                     settings_model.create_or_update_repo_settings(
                         new_settings, inherit_global_settings=inherit_global_settings)
                     Session().commit()
                 except Exception:
                     msg = 'Failed to update settings for repository `{}`'.format(repoid)
                     log.exception(msg)
                     raise JSONRPCError(msg)
                 # Indicate success.
                 return True

rhodecode/api/views/repo_group_api.py

0 +2 -2

             # -*- coding: utf-8 -*-
             # Copyright (C) 2011-2016  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import colander
             from rhodecode.api import jsonrpc_method, JSONRPCError, JSONRPCForbidden
             from rhodecode.api.utils import (
                 has_superadmin_permission, Optional, OAttr, get_user_or_error,
                 store_update, get_repo_group_or_error,
                 get_perm_or_error, get_user_group_or_error, get_origin)
             from rhodecode.lib.auth import (
                 HasPermissionAnyApi, HasRepoGroupPermissionAnyApi,
                 HasUserGroupPermissionAnyApi)
             from rhodecode.model.db import Session, RepoGroup
             from rhodecode.model.repo_group import RepoGroupModel
             from rhodecode.model.scm import RepoGroupList
-            from rhodecode.model.validation_schema import RepoGroupSchema
+            from rhodecode.model.validation_schema.schemas import repo_group_schema
             log = logging.getLogger(__name__)
             @jsonrpc_method()
             def get_repo_group(request, apiuser, repogroupid):
                 """
                 Return the specified |repo| group, along with permissions,
                 and repositories inside the group
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repogroupid: Specify the name of ID of the repository group.
                 :type repogroupid: str or int
                 Example output:
                 .. code-block:: bash
                     {
                       "error": null,
                       "id": repo-group-id,
                       "result": {
                         "group_description": "repo group description",
                         "group_id": 14,
                         "group_name": "group name",
                         "members": [
                           {
                             "name": "super-admin-username",
                             "origin": "super-admin",
                             "permission": "group.admin",
                             "type": "user"
                           },
                           {
                             "name": "owner-name",
                             "origin": "owner",
                             "permission": "group.admin",
                             "type": "user"
                           },
                           {
                             "name": "user-group-name",
                             "origin": "permission",
                             "permission": "group.write",
                             "type": "user_group"
                           }
                         ],
                         "owner": "owner-name",
                         "parent_group": null,
                         "repositories": [ repo-list ]
                       }
                     }
                 """
                 repo_group = get_repo_group_or_error(repogroupid)
                 if not has_superadmin_permission(apiuser):
                     # check if we have at least read permission for this repo group !
                     _perms = ('group.admin', 'group.write', 'group.read',)
                     if not HasRepoGroupPermissionAnyApi(*_perms)(
                             user=apiuser, group_name=repo_group.group_name):
                         raise JSONRPCError(
                             'repository group `%s` does not exist' % (repogroupid,))
                 permissions = []
                 for _user in repo_group.permissions():
                     user_data = {
                         'name': _user.username,
                         'permission': _user.permission,
                         'origin': get_origin(_user),
                         'type': "user",
                     }
                     permissions.append(user_data)
                 for _user_group in repo_group.permission_user_groups():
                     user_group_data = {
                         'name': _user_group.users_group_name,
                         'permission': _user_group.permission,
                         'origin': get_origin(_user_group),
                         'type': "user_group",
                     }
                     permissions.append(user_group_data)
                 data = repo_group.get_api_data()
                 data["members"] = permissions  # TODO: this should be named permissions
                 return data
             @jsonrpc_method()
             def get_repo_groups(request, apiuser):
                 """
                 Returns all repository groups.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 """
                 result = []
                 _perms = ('group.read', 'group.write', 'group.admin',)
                 extras = {'user': apiuser}
                 for repo_group in RepoGroupList(RepoGroupModel().get_all(),
                                                 perm_set=_perms, extra_kwargs=extras):
                     result.append(repo_group.get_api_data())
                 return result
             @jsonrpc_method()
             def create_repo_group(request, apiuser, group_name, description=Optional(''),
                                   owner=Optional(OAttr('apiuser')),
                                   copy_permissions=Optional(False)):
                 """
                 Creates a repository group.
                 * If the repository group name contains "/", all the required repository
                   groups will be created.
                   For example "foo/bar/baz" will create |repo| groups "foo" and "bar"
                   (with "foo" as parent). It will also create the "baz" repository
                   with "bar" as |repo| group.
                 This command can only be run using an |authtoken| with admin
                 permissions.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param group_name: Set the repository group name.
                 :type group_name: str
                 :param description: Set the |repo| group description.
                 :type description: str
                 :param owner: Set the |repo| group owner.
                 :type owner: str
                 :param copy_permissions:
                 :type copy_permissions:
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                       "msg": "Created new repo group `<repo_group_name>`"
                       "repo_group": <repogroup_object>
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     failed to create repo group `<repogroupid>`
                   }
                 """
-                schema = RepoGroupSchema()
+                schema = repo_group_schema.RepoGroupSchema()
                 try:
                     data = schema.deserialize({
                         'group_name': group_name
                     })
                 except colander.Invalid as e:
                     raise JSONRPCError("Validation failed: %s" % (e.asdict(),))
                 group_name = data['group_name']
                 if isinstance(owner, Optional):
                     owner = apiuser.user_id
                 group_description = Optional.extract(description)
                 copy_permissions = Optional.extract(copy_permissions)
                 # get by full name with parents, check if it already exist
                 if RepoGroup.get_by_group_name(group_name):
                     raise JSONRPCError("repo group `%s` already exist" % (group_name,))
                 (group_name_cleaned,
                  parent_group_name) = RepoGroupModel()._get_group_name_and_parent(
                     group_name)
                 parent_group = None
                 if parent_group_name:
                     parent_group = get_repo_group_or_error(parent_group_name)
                 if not HasPermissionAnyApi(
                         'hg.admin', 'hg.repogroup.create.true')(user=apiuser):
                     # check if we have admin permission for this parent repo group !
                     # users without admin or hg.repogroup.create can only create other
                     # groups in groups they own so this is a required, but can be empty
                     parent_group = getattr(parent_group, 'group_name', '')
                     _perms = ('group.admin',)
                     if not HasRepoGroupPermissionAnyApi(*_perms)(
                             user=apiuser, group_name=parent_group):
                         raise JSONRPCForbidden()
                 try:
                     repo_group = RepoGroupModel().create(
                         group_name=group_name,
                         group_description=group_description,
                         owner=owner,
                         copy_permissions=copy_permissions)
                     Session().commit()
                     return {
                         'msg': 'Created new repo group `%s`' % group_name,
                         'repo_group': repo_group.get_api_data()
                     }
                 except Exception:
                     log.exception("Exception occurred while trying create repo group")
                     raise JSONRPCError(
                         'failed to create repo group `%s`' % (group_name,))
             @jsonrpc_method()
             def update_repo_group(
                     request, apiuser, repogroupid, group_name=Optional(''),
                     description=Optional(''), owner=Optional(OAttr('apiuser')),
                     parent=Optional(None), enable_locking=Optional(False)):
                 """
                 Updates repository group with the details given.
                 This command can only be run using an |authtoken| with admin
                 permissions.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repogroupid: Set the ID of repository group.
                 :type repogroupid: str or int
                 :param group_name: Set the name of the |repo| group.
                 :type group_name: str
                 :param description: Set a description for the group.
                 :type description: str
                 :param owner: Set the |repo| group owner.
                 :type owner: str
                 :param parent: Set the |repo| group parent.
                 :type parent: str or int
                 :param enable_locking: Enable |repo| locking. The default is false.
                 :type enable_locking: bool
                 """
                 repo_group = get_repo_group_or_error(repogroupid)
                 if not has_superadmin_permission(apiuser):
                     # check if we have admin permission for this repo group !
                     _perms = ('group.admin',)
                     if not HasRepoGroupPermissionAnyApi(*_perms)(
                             user=apiuser, group_name=repo_group.group_name):
                         raise JSONRPCError(
                             'repository group `%s` does not exist' % (repogroupid,))
                 updates = {}
                 try:
                     store_update(updates, group_name, 'group_name')
                     store_update(updates, description, 'group_description')
                     store_update(updates, owner, 'user')
                     store_update(updates, parent, 'group_parent_id')
                     store_update(updates, enable_locking, 'enable_locking')
                     repo_group = RepoGroupModel().update(repo_group, updates)
                     Session().commit()
                     return {
                         'msg': 'updated repository group ID:%s %s' % (
                             repo_group.group_id, repo_group.group_name),
                         'repo_group': repo_group.get_api_data()
                     }
                 except Exception:
                     log.exception("Exception occurred while trying update repo group")
                     raise JSONRPCError('failed to update repository group `%s`'
                                        % (repogroupid,))
             @jsonrpc_method()
             def delete_repo_group(request, apiuser, repogroupid):
                 """
                 Deletes a |repo| group.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repogroupid: Set the name or ID of repository group to be
                     deleted.
                 :type repogroupid: str or int
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     'msg': 'deleted repo group ID:<repogroupid> <repogroupname>
                     'repo_group': null
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     "failed to delete repo group ID:<repogroupid> <repogroupname>"
                   }
                 """
                 repo_group = get_repo_group_or_error(repogroupid)
                 if not has_superadmin_permission(apiuser):
                     # check if we have admin permission for this repo group !
                     _perms = ('group.admin',)
                     if not HasRepoGroupPermissionAnyApi(*_perms)(
                             user=apiuser, group_name=repo_group.group_name):
                         raise JSONRPCError(
                             'repository group `%s` does not exist' % (repogroupid,))
                 try:
                     RepoGroupModel().delete(repo_group)
                     Session().commit()
                     return {
                         'msg': 'deleted repo group ID:%s %s' %
                                (repo_group.group_id, repo_group.group_name),
                         'repo_group': None
                     }
                 except Exception:
                     log.exception("Exception occurred while trying to delete repo group")
                     raise JSONRPCError('failed to delete repo group ID:%s %s' %
                                        (repo_group.group_id, repo_group.group_name))
             @jsonrpc_method()
             def grant_user_permission_to_repo_group(
                     request, apiuser, repogroupid, userid, perm,
                     apply_to_children=Optional('none')):
                 """
                 Grant permission for a user on the given repository group, or update
                 existing permissions if found.
                 This command can only be run using an |authtoken| with admin
                 permissions.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repogroupid: Set the name or ID of repository group.
                 :type repogroupid: str or int
                 :param userid: Set the user name.
                 :type userid: str
                 :param perm: (group.(none|read|write|admin))
                 :type perm: str
                 :param apply_to_children: 'none', 'repos', 'groups', 'all'
                 :type apply_to_children: str
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                               "msg" : "Granted perm: `<perm>` (recursive:<apply_to_children>) for user: `<username>` in repo group: `<repo_group_name>`",
                               "success": true
                             }
                     error:  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     "failed to edit permission for user: `<userid>` in repo group: `<repo_group_name>`"
                   }
                 """
                 repo_group = get_repo_group_or_error(repogroupid)
                 if not has_superadmin_permission(apiuser):
                     # check if we have admin permission for this repo group !
                     _perms = ('group.admin',)
                     if not HasRepoGroupPermissionAnyApi(*_perms)(
                             user=apiuser, group_name=repo_group.group_name):
                         raise JSONRPCError(
                             'repository group `%s` does not exist' % (repogroupid,))
                 user = get_user_or_error(userid)
                 perm = get_perm_or_error(perm, prefix='group.')
                 apply_to_children = Optional.extract(apply_to_children)
                 perm_additions = [[user.user_id, perm, "user"]]
                 try:
                     RepoGroupModel().update_permissions(repo_group=repo_group,
                                                         perm_additions=perm_additions,
                                                         recursive=apply_to_children,
                                                         cur_user=apiuser)
                     Session().commit()
                     return {
                         'msg': 'Granted perm: `%s` (recursive:%s) for user: '
                                '`%s` in repo group: `%s`' % (
                                    perm.permission_name, apply_to_children, user.username,
                                    repo_group.name
                                ),
                         'success': True
                     }
                 except Exception:
                     log.exception("Exception occurred while trying to grant "
                                   "user permissions to repo group")
                     raise JSONRPCError(
                         'failed to edit permission for user: '
                         '`%s` in repo group: `%s`' % (userid, repo_group.name))
             @jsonrpc_method()
             def revoke_user_permission_from_repo_group(
                     request, apiuser, repogroupid, userid,
                     apply_to_children=Optional('none')):
                 """
                 Revoke permission for a user in a given repository group.
                 This command can only be run using an |authtoken| with admin
                 permissions on the |repo| group.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repogroupid: Set the name or ID of the repository group.
                 :type repogroupid: str or int
                 :param userid: Set the user name to revoke.
                 :type userid: str
                 :param apply_to_children: 'none', 'repos', 'groups', 'all'
                 :type apply_to_children: str
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                               "msg" : "Revoked perm (recursive:<apply_to_children>) for user: `<username>` in repo group: `<repo_group_name>`",
                               "success": true
                             }
                     error:  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     "failed to edit permission for user: `<userid>` in repo group: `<repo_group_name>`"
                   }
                 """
                 repo_group = get_repo_group_or_error(repogroupid)
                 if not has_superadmin_permission(apiuser):
                     # check if we have admin permission for this repo group !
                     _perms = ('group.admin',)
                     if not HasRepoGroupPermissionAnyApi(*_perms)(
                             user=apiuser, group_name=repo_group.group_name):
                         raise JSONRPCError(
                             'repository group `%s` does not exist' % (repogroupid,))
                 user = get_user_or_error(userid)
                 apply_to_children = Optional.extract(apply_to_children)
                 perm_deletions = [[user.user_id, None, "user"]]
                 try:
                     RepoGroupModel().update_permissions(repo_group=repo_group,
                                                         perm_deletions=perm_deletions,
                                                         recursive=apply_to_children,
                                                         cur_user=apiuser)
                     Session().commit()
                     return {
                         'msg': 'Revoked perm (recursive:%s) for user: '
                                '`%s` in repo group: `%s`' % (
                                    apply_to_children, user.username, repo_group.name
                                ),
                         'success': True
                     }
                 except Exception:
                     log.exception("Exception occurred while trying revoke user "
                                   "permission from repo group")
                     raise JSONRPCError(
                         'failed to edit permission for user: '
                         '`%s` in repo group: `%s`' % (userid, repo_group.name))
             @jsonrpc_method()
             def grant_user_group_permission_to_repo_group(
                     request, apiuser, repogroupid, usergroupid, perm,
                     apply_to_children=Optional('none'), ):
                 """
                 Grant permission for a user group on given repository group, or update
                 existing permissions if found.
                 This command can only be run using an |authtoken| with admin
                 permissions on the |repo| group.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repogroupid: Set the name or id of repository group
                 :type repogroupid: str or int
                 :param usergroupid: id of usergroup
                 :type usergroupid: str or int
                 :param perm: (group.(none|read|write|admin))
                 :type perm: str
                 :param apply_to_children: 'none', 'repos', 'groups', 'all'
                 :type apply_to_children: str
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     "msg" : "Granted perm: `<perm>` (recursive:<apply_to_children>) for user group: `<usersgroupname>` in repo group: `<repo_group_name>`",
                     "success": true
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     "failed to edit permission for user group: `<usergroup>` in repo group: `<repo_group_name>`"
                   }
                 """
                 repo_group = get_repo_group_or_error(repogroupid)
                 perm = get_perm_or_error(perm, prefix='group.')
                 user_group = get_user_group_or_error(usergroupid)
                 if not has_superadmin_permission(apiuser):
                     # check if we have admin permission for this repo group !
                     _perms = ('group.admin',)
                     if not HasRepoGroupPermissionAnyApi(*_perms)(
                             user=apiuser, group_name=repo_group.group_name):
                         raise JSONRPCError(
                             'repository group `%s` does not exist' % (repogroupid,))
                     # check if we have at least read permission for this user group !
                     _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
                     if not HasUserGroupPermissionAnyApi(*_perms)(
                             user=apiuser, user_group_name=user_group.users_group_name):
                         raise JSONRPCError(
                             'user group `%s` does not exist' % (usergroupid,))
                 apply_to_children = Optional.extract(apply_to_children)
                 perm_additions = [[user_group.users_group_id, perm, "user_group"]]
                 try:
                     RepoGroupModel().update_permissions(repo_group=repo_group,
                                                         perm_additions=perm_additions,
                                                         recursive=apply_to_children,
                                                         cur_user=apiuser)
                     Session().commit()
                     return {
                         'msg': 'Granted perm: `%s` (recursive:%s) '
                                'for user group: `%s` in repo group: `%s`' % (
                                    perm.permission_name, apply_to_children,
                                    user_group.users_group_name, repo_group.name
                                ),
                         'success': True
                     }
                 except Exception:
                     log.exception("Exception occurred while trying to grant user "
                                   "group permissions to repo group")
                     raise JSONRPCError(
                         'failed to edit permission for user group: `%s` in '
                         'repo group: `%s`' % (
                             usergroupid, repo_group.name
                         )
                     )
             @jsonrpc_method()
             def revoke_user_group_permission_from_repo_group(
                     request, apiuser, repogroupid, usergroupid,
                     apply_to_children=Optional('none')):
                 """
                 Revoke permission for user group on given repository.
                 This command can only be run using an |authtoken| with admin
                 permissions on the |repo| group.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repogroupid: name or id of repository group
                 :type repogroupid: str or int
                 :param usergroupid:
                 :param apply_to_children: 'none', 'repos', 'groups', 'all'
                 :type apply_to_children: str
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                               "msg" : "Revoked perm (recursive:<apply_to_children>) for user group: `<usersgroupname>` in repo group: `<repo_group_name>`",
                               "success": true
                             }
                     error:  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     "failed to edit permission for user group: `<usergroup>` in repo group: `<repo_group_name>`"
                   }
                 """
                 repo_group = get_repo_group_or_error(repogroupid)
                 user_group = get_user_group_or_error(usergroupid)
                 if not has_superadmin_permission(apiuser):
                     # check if we have admin permission for this repo group !
                     _perms = ('group.admin',)
                     if not HasRepoGroupPermissionAnyApi(*_perms)(
                             user=apiuser, group_name=repo_group.group_name):
                         raise JSONRPCError(
                             'repository group `%s` does not exist' % (repogroupid,))
                     # check if we have at least read permission for this user group !
                     _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
                     if not HasUserGroupPermissionAnyApi(*_perms)(
                             user=apiuser, user_group_name=user_group.users_group_name):
                         raise JSONRPCError(
                             'user group `%s` does not exist' % (usergroupid,))
                 apply_to_children = Optional.extract(apply_to_children)
                 perm_deletions = [[user_group.users_group_id, None, "user_group"]]
                 try:
                     RepoGroupModel().update_permissions(repo_group=repo_group,
                                                         perm_deletions=perm_deletions,
                                                         recursive=apply_to_children,
                                                         cur_user=apiuser)
                     Session().commit()
                     return {
                         'msg': 'Revoked perm (recursive:%s) for user group: '
                                '`%s` in repo group: `%s`' % (
                                    apply_to_children, user_group.users_group_name,
                                    repo_group.name
                                ),
                         'success': True
                     }
                 except Exception:
                     log.exception("Exception occurred while trying revoke user group "
                                   "permissions from repo group")
                     raise JSONRPCError(
                         'failed to edit permission for user group: '
                         '`%s` in repo group: `%s`' % (
                             user_group.users_group_name, repo_group.name
                         )
                     )

rhodecode/controllers/admin/gists.py

0 +79 -51

             # -*- coding: utf-8 -*-
             # Copyright (C) 2013-2016  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             gist controller for RhodeCode
             """
             import time
             import logging
-            import traceback
             import formencode
+            import peppercorn
             from formencode import htmlfill
             from pylons import request, response, tmpl_context as c, url
             from pylons.controllers.util import abort, redirect
             from pylons.i18n.translation import _
+            from webob.exc import HTTPNotFound, HTTPForbidden
+            from sqlalchemy.sql.expression import or_
-            from rhodecode.model.forms import GistForm
             from rhodecode.model.gist import GistModel
             from rhodecode.model.meta import Session
             from rhodecode.model.db import Gist, User
             from rhodecode.lib import auth
             from rhodecode.lib import helpers as h
             from rhodecode.lib.base import BaseController, render
             from rhodecode.lib.auth import LoginRequired, NotAnonymous
             from rhodecode.lib.utils import jsonify
             from rhodecode.lib.utils2 import safe_str, safe_int, time_to_datetime
             from rhodecode.lib.ext_json import json
-            from webob.exc import HTTPNotFound, HTTPForbidden
-            from sqlalchemy.sql.expression import or_
             from rhodecode.lib.vcs.exceptions import VCSError, NodeNotChangedError
+            from rhodecode.model import validation_schema
+            from rhodecode.model.validation_schema.schemas import gist_schema
             log = logging.getLogger(__name__)
             class GistsController(BaseController):
                 """REST Controller styled on the Atom Publishing Protocol"""
                 def __load_defaults(self, extra_values=None):
                     c.lifetime_values = [
-                        (str(-1), _('forever')),
+                        (-1, _('forever')),
-                        (str(5), _('5 minutes')),
+                        (5, _('5 minutes')),
-                        (str(60), _('1 hour')),
+                        (60, _('1 hour')),
-                        (str(60 * 24), _('1 day')),
+                        (60 * 24, _('1 day')),
-                        (str(60 * 24 * 30), _('1 month')),
+                        (60 * 24 * 30, _('1 month')),
                     ]
                     if extra_values:
                         c.lifetime_values.append(extra_values)
                     c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]
                     c.acl_options = [
                         (Gist.ACL_LEVEL_PRIVATE, _("Requires registered account")),
                         (Gist.ACL_LEVEL_PUBLIC, _("Can be accessed by anonymous users"))
                     ]
                 @LoginRequired()
                 def index(self):
                     """GET /admin/gists: All items in the collection"""
                     # url('gists')
                     not_default_user = c.rhodecode_user.username != User.DEFAULT_USER
                     c.show_private = request.GET.get('private') and not_default_user
                     c.show_public = request.GET.get('public') and not_default_user
                     c.show_all = request.GET.get('all') and c.rhodecode_user.admin
                     gists = _gists = Gist().query()\
                         .filter(or_(Gist.gist_expires == -1, Gist.gist_expires >= time.time()))\
                         .order_by(Gist.created_on.desc())
                     c.active = 'public'
                     # MY private
                     if c.show_private and not c.show_public:
                         gists = _gists.filter(Gist.gist_type == Gist.GIST_PRIVATE)\
                                     .filter(Gist.gist_owner == c.rhodecode_user.user_id)
                         c.active = 'my_private'
                     # MY public
                     elif c.show_public and not c.show_private:
                         gists = _gists.filter(Gist.gist_type == Gist.GIST_PUBLIC)\
                                     .filter(Gist.gist_owner == c.rhodecode_user.user_id)
                         c.active = 'my_public'
                     # MY public+private
                     elif c.show_private and c.show_public:
                         gists = _gists.filter(or_(Gist.gist_type == Gist.GIST_PUBLIC,
                                                   Gist.gist_type == Gist.GIST_PRIVATE))\
                                     .filter(Gist.gist_owner == c.rhodecode_user.user_id)
                         c.active = 'my_all'
                     # Show all by super-admin
                     elif c.show_all:
                         c.active = 'all'
                         gists = _gists
                     # default show ALL public gists
                     if not c.show_public and not c.show_private and not c.show_all:
                         gists = _gists.filter(Gist.gist_type == Gist.GIST_PUBLIC)
                         c.active = 'public'
                     from rhodecode.lib.utils import PartialRenderer
                     _render = PartialRenderer('data_table/_dt_elements.html')
                     data = []
                     for gist in gists:
                         data.append({
                             'created_on': _render('gist_created', gist.created_on),
                             'created_on_raw': gist.created_on,
                             'type': _render('gist_type', gist.gist_type),
                             'access_id': _render('gist_access_id', gist.gist_access_id, gist.owner.full_contact),
                             'author': _render('gist_author', gist.owner.full_contact, gist.created_on, gist.gist_expires),
                             'author_raw': h.escape(gist.owner.full_contact),
                             'expires': _render('gist_expires', gist.gist_expires),
                             'description': _render('gist_description', gist.gist_description)
                         })
                     c.data = json.dumps(data)
                     return render('admin/gists/index.html')
                 @LoginRequired()
                 @NotAnonymous()
                 @auth.CSRFRequired()
                 def create(self):
                     """POST /admin/gists: Create a new item"""
                     # url('gists')
                     self.__load_defaults()
-                    gist_form = GistForm([x[0] for x in c.lifetime_values],
-                                         [x[0] for x in c.acl_options])()
+                    data = dict(request.POST)
+                    data['filename'] = data.get('filename') or Gist.DEFAULT_FILENAME
+                    data['nodes'] = [{
+                        'filename': data['filename'],
+                        'content': data.get('content'),
+                        'mimetype': data.get('mimetype')  # None is autodetect
+                    }]
+                    data['gist_type'] = (
+                        Gist.GIST_PUBLIC if data.get('public') else Gist.GIST_PRIVATE)
+                    data['gist_acl_level'] = (
+                        data.get('gist_acl_level') or Gist.ACL_LEVEL_PRIVATE)
+                    schema = gist_schema.GistSchema().bind(
+                        lifetime_options=[x[0] for x in c.lifetime_values])
                     try:
-                        form_result = gist_form.to_python(dict(request.POST))
-                        # TODO: multiple files support, from the form
+                        schema_data = schema.deserialize(data)
-                        filename = form_result['filename'] or Gist.DEFAULT_FILENAME
+                        # convert to safer format with just KEYs so we sure no duplicates
-                        nodes = {
+                        schema_data['nodes'] = gist_schema.sequence_to_nodes(
-                            filename: {
+                            schema_data['nodes'])
-                                'content': form_result['content'],
-                                'lexer': form_result['mimetype']  # None is autodetect
-                        _public = form_result['public']
-                        gist_type = Gist.GIST_PUBLIC if _public else Gist.GIST_PRIVATE
-                        gist_acl_level = form_result.get(
-                            'acl_level', Gist.ACL_LEVEL_PRIVATE)
                         gist = GistModel().create(
-                            description=form_result['description'],
+                            gist_id=schema_data['gistid'],  # custom access id not real ID
+                            description=schema_data['description'],
                             owner=c.rhodecode_user.user_id,
-                            gist_mapping=nodes,
+                            gist_mapping=schema_data['nodes'],
-                            gist_type=gist_type,
+                            gist_type=schema_data['gist_type'],
-                            lifetime=form_result['lifetime'],
+                            lifetime=schema_data['lifetime'],
-                            gist_id=form_result['gistid'],
+                            gist_acl_level=schema_data['gist_acl_level']
-                            gist_acl_level=gist_acl_level
                         )
                         Session().commit()
                         new_gist_id = gist.gist_access_id
-                    except formencode.Invalid as errors:
+                    except validation_schema.Invalid as errors:
-                        defaults = errors.value
+                        defaults = data
+                        errors = errors.asdict()
+                        if 'nodes.0.content' in errors:
+                            errors['content'] = errors['nodes.0.content']
+                            del errors['nodes.0.content']
+                        if 'nodes.0.filename' in errors:
+                            errors['filename'] = errors['nodes.0.filename']
+                            del errors['nodes.0.filename']
                         return formencode.htmlfill.render(
                             render('admin/gists/new.html'),
                             defaults=defaults,
-                            errors=errors.error_dict or {},
+                            errors=errors,
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                     except Exception:
                         log.exception("Exception while trying to create a gist")
                         h.flash(_('Error occurred during gist creation'), category='error')
                         return redirect(url('new_gist'))
                     return redirect(url('gist', gist_id=new_gist_id))
                 @LoginRequired()
                 @NotAnonymous()
                 def new(self, format='html'):
                     """GET /admin/gists/new: Form to create a new item"""
                     # url('new_gist')
                     self.__load_defaults()
                     return render('admin/gists/new.html')
                 @LoginRequired()
                 @NotAnonymous()
                 @auth.CSRFRequired()
                 def delete(self, gist_id):
                     """DELETE /admin/gists/gist_id: Delete an existing item"""
                     # Forms posted to this method should contain a hidden field:
                     #    <input type="hidden" name="_method" value="DELETE" />
                     # Or using helpers:
                     #    h.form(url('gist', gist_id=ID),
                     #           method='delete')
                     # url('gist', gist_id=ID)
                     c.gist = Gist.get_or_404(gist_id)
                     owner = c.gist.gist_owner == c.rhodecode_user.user_id
                     if not (h.HasPermissionAny('hg.admin')() or owner):
                         raise HTTPForbidden()
                     GistModel().delete(c.gist)
                     Session().commit()
                     h.flash(_('Deleted gist %s') % c.gist.gist_access_id, category='success')
                     return redirect(url('gists'))
                 def _add_gist_to_context(self, gist_id):
                     c.gist = Gist.get_or_404(gist_id)
                     # Check if this gist is expired
                     if c.gist.gist_expires != -1:
                         if time.time() > c.gist.gist_expires:
                             log.error(
                                 'Gist expired at %s', time_to_datetime(c.gist.gist_expires))
                             raise HTTPNotFound()
                     # check if this gist requires a login
                     is_default_user = c.rhodecode_user.username == User.DEFAULT_USER
                     if c.gist.acl_level == Gist.ACL_LEVEL_PRIVATE and is_default_user:
                         log.error("Anonymous user %s tried to access protected gist `%s`",
                                   c.rhodecode_user, gist_id)
                         raise HTTPNotFound()
                 @LoginRequired()
                 def show(self, gist_id, revision='tip', format='html', f_path=None):
                     """GET /admin/gists/gist_id: Show a specific item"""
                     # url('gist', gist_id=ID)
                     self._add_gist_to_context(gist_id)
                     c.render = not request.GET.get('no-render', False)
                     try:
                         c.file_last_commit, c.files = GistModel().get_gist_files(
                             gist_id, revision=revision)
                     except VCSError:
                         log.exception("Exception in gist show")
                         raise HTTPNotFound()
                     if format == 'raw':
-                        content = '\n\n'.join([f.content for f in c.files if (f_path is None or f.path == f_path)])
+                        content = '\n\n'.join([f.content for f in c.files
+                                               if (f_path is None or f.path == f_path)])
                         response.content_type = 'text/plain'
                         return content
                     return render('admin/gists/show.html')
                 @LoginRequired()
                 @NotAnonymous()
                 @auth.CSRFRequired()
                 def edit(self, gist_id):
+                    self.__load_defaults()
                     self._add_gist_to_context(gist_id)
                     owner = c.gist.gist_owner == c.rhodecode_user.user_id
                     if not (h.HasPermissionAny('hg.admin')() or owner):
                         raise HTTPForbidden()
-                    rpost = request.POST
+                    data = peppercorn.parse(request.POST.items())
-                    nodes = {}
-                    _file_data = zip(rpost.getall('org_files'), rpost.getall('files'),
+                    schema = gist_schema.GistSchema()
-                                     rpost.getall('mimetypes'), rpost.getall('contents'))
+                    schema = schema.bind(
-                    for org_filename, filename, mimetype, content in _file_data:
+                        # '0' is special value to leave lifetime untouched
-                        nodes[org_filename] = {
+                        lifetime_options=[x[0] for x in c.lifetime_values] + [0],
-                            'org_filename': org_filename,
-                            'filename': filename,
-                            'content': content,
-                            'lexer': mimetype,
                     try:
+                        schema_data = schema.deserialize(data)
+                        # convert to safer format with just KEYs so we sure no duplicates
+                        schema_data['nodes'] = gist_schema.sequence_to_nodes(
+                            schema_data['nodes'])
                         GistModel().update(
                             gist=c.gist,
-                            description=rpost['description'],
+                            description=schema_data['description'],
                             owner=c.gist.owner,
-                            gist_mapping=nodes,
+                            gist_mapping=schema_data['nodes'],
-                            gist_type=c.gist.gist_type,
+                            gist_type=schema_data['gist_type'],
-                            lifetime=rpost['lifetime'],
+                            lifetime=schema_data['lifetime'],
-                            gist_acl_level=rpost['acl_level']
+                            gist_acl_level=schema_data['gist_acl_level']
                         )
                         Session().commit()
                         h.flash(_('Successfully updated gist content'), category='success')
                     except NodeNotChangedError:
                         # raised if nothing was changed in repo itself. We anyway then
                         # store only DB stuff for gist
                         Session().commit()
                         h.flash(_('Successfully updated gist data'), category='success')
+                    except validation_schema.Invalid as errors:
+                        errors = errors.asdict()
+                        h.flash(_('Error occurred during update of gist {}: {}').format(
+                            gist_id, errors), category='error')
                     except Exception:
                         log.exception("Exception in gist edit")
                         h.flash(_('Error occurred during update of gist %s') % gist_id,
                                 category='error')
                     return redirect(url('gist', gist_id=gist_id))
                 @LoginRequired()
                 @NotAnonymous()
                 def edit_form(self, gist_id, format='html'):
                     """GET /admin/gists/gist_id/edit: Form to edit an existing item"""
                     # url('edit_gist', gist_id=ID)
                     self._add_gist_to_context(gist_id)
                     owner = c.gist.gist_owner == c.rhodecode_user.user_id
                     if not (h.HasPermissionAny('hg.admin')() or owner):
                         raise HTTPForbidden()
                     try:
                         c.file_last_commit, c.files = GistModel().get_gist_files(gist_id)
                     except VCSError:
                         log.exception("Exception in gist edit")
                         raise HTTPNotFound()
                     if c.gist.gist_expires == -1:
                         expiry = _('never')
                     else:
                         # this cannot use timeago, since it's used in select2 as a value
                         expiry = h.age(h.time_to_datetime(c.gist.gist_expires))
                     self.__load_defaults(
-                        extra_values=('0', _('%(expiry)s - current value') % {'expiry': expiry}))
+                        extra_values=(0, _('%(expiry)s - current value') % {'expiry': expiry}))
                     return render('admin/gists/edit.html')
                 @LoginRequired()
                 @NotAnonymous()
                 @jsonify
                 def check_revision(self, gist_id):
                     c.gist = Gist.get_or_404(gist_id)
                     last_rev = c.gist.scm_instance().get_commit()
                     success = True
                     revision = request.GET.get('revision')
                     ##TODO: maybe move this to model ?
                     if revision != last_rev.raw_id:
                         log.error('Last revision %s is different then submitted %s'
                                   % (revision, last_rev))
                         # our gist has newer version than we
                         success = False
                     return {'success': success}

rhodecode/controllers/search.py

0 +2 -2

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2016  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Search controller for RhodeCode
             """
             import logging
             import urllib
             from pylons import request, config, tmpl_context as c
             from webhelpers.util import update_params
             from rhodecode.lib.auth import LoginRequired, AuthUser
             from rhodecode.lib.base import BaseRepoController, render
             from rhodecode.lib.helpers import Page
             from rhodecode.lib.utils2 import safe_str, safe_int
             from rhodecode.lib.index import searcher_from_config
             from rhodecode.model import validation_schema
+            from rhodecode.model.validation_schema.schemas import search_schema
             log = logging.getLogger(__name__)
             class SearchController(BaseRepoController):
                 @LoginRequired()
                 def index(self, repo_name=None):
                     searcher = searcher_from_config(config)
                     formatted_results = []
                     execution_time = ''
-                    schema = validation_schema.SearchParamsSchema()
+                    schema = search_schema.SearchParamsSchema()
                     search_params = {}
                     errors = []
                     try:
                         search_params = schema.deserialize(
                             dict(search_query=request.GET.get('q'),
                                  search_type=request.GET.get('type'),
                                  search_sort=request.GET.get('sort'),
                                  page_limit=request.GET.get('page_limit'),
                                  requested_page=request.GET.get('page'))
                         )
                     except validation_schema.Invalid as e:
                         errors = e.children
                     def url_generator(**kw):
                         q = urllib.quote(safe_str(search_query))
                         return update_params(
                             "?q=%s&type=%s" % (q, safe_str(search_type)), **kw)
                     search_query = search_params.get('search_query')
                     search_type = search_params.get('search_type')
                     search_sort = search_params.get('search_sort')
                     if search_params.get('search_query'):
                         page_limit = search_params['page_limit']
                         requested_page = search_params['requested_page']
                         c.perm_user = AuthUser(user_id=c.rhodecode_user.user_id,
                                                ip_addr=self.ip_addr)
                         try:
                             search_result = searcher.search(
                                 search_query, search_type, c.perm_user, repo_name,
                                 requested_page, page_limit, search_sort)
                             formatted_results = Page(
                                 search_result['results'], page=requested_page,
                                 item_count=search_result['count'],
                                 items_per_page=page_limit, url=url_generator)
                         finally:
                             searcher.cleanup()
                         if not search_result['error']:
                             execution_time = '%s results (%.3f seconds)' % (
                                 search_result['count'],
                                 search_result['runtime'])
                         elif not errors:
                             node = schema['search_query']
                             errors = [
                                 validation_schema.Invalid(node, search_result['error'])]
                     c.sort = search_sort
                     c.url_generator = url_generator
                     c.errors = errors
                     c.formatted_results = formatted_results
                     c.runtime = execution_time
                     c.cur_query = search_query
                     c.search_type = search_type
                     # Return a rendered template
                     return render('/search/search.html')

rhodecode/model/forms.py

0 0 -17

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2016  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             this is forms validation classes
             http://formencode.org/module-formencode.validators.html
             for list off all availible validators
             we can create our own validators
             The table below outlines the options which can be used in a schema in addition to the validators themselves
             pre_validators          []     These validators will be applied before the schema
             chained_validators      []     These validators will be applied after the schema
             allow_extra_fields      False     If True, then it is not an error when keys that aren't associated with a validator are present
             filter_extra_fields     False     If True, then keys that aren't associated with a validator are removed
             if_key_missing          NoDefault If this is given, then any keys that aren't available but are expected will be replaced with this value (and then validated). This does not override a present .if_missing attribute on validators. NoDefault is a special FormEncode class to mean that no default values has been specified and therefore missing keys shouldn't take a default value.
             ignore_key_missing      False     If True, then missing keys will be missing in the result, if the validator doesn't have .if_missing on it already
             <name> = formencode.validators.<name of validator>
             <name> must equal form name
             list=[1,2,3,4,5]
             for SELECT use formencode.All(OneOf(list), Int())
             """
             import deform
             import logging
             import formencode
             from pkg_resources import resource_filename
             from formencode import All, Pipe
             from pylons.i18n.translation import _
             from rhodecode import BACKENDS
             from rhodecode.lib import helpers
             from rhodecode.model import validators as v
             log = logging.getLogger(__name__)
             deform_templates = resource_filename('deform', 'templates')
             rhodecode_templates = resource_filename('rhodecode', 'templates/forms')
             search_path = (rhodecode_templates, deform_templates)
             class RhodecodeFormZPTRendererFactory(deform.ZPTRendererFactory):
                 """ Subclass of ZPTRendererFactory to add rhodecode context variables """
                 def __call__(self, template_name, **kw):
                     kw['h'] = helpers
                     return self.load(template_name)(**kw)
             form_renderer = RhodecodeFormZPTRendererFactory(search_path)
             deform.Form.set_default_renderer(form_renderer)
             def LoginForm():
                 class _LoginForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     username = v.UnicodeString(
                         strip=True,
                         min=1,
                         not_empty=True,
                         messages={
                             'empty': _(u'Please enter a login'),
                             'tooShort': _(u'Enter a value %(min)i characters long or more')
                         }
                     )
                     password = v.UnicodeString(
                         strip=False,
                         min=3,
                         not_empty=True,
                         messages={
                             'empty': _(u'Please enter a password'),
                             'tooShort': _(u'Enter %(min)i characters or more')}
                     )
                     remember = v.StringBoolean(if_missing=False)
                     chained_validators = [v.ValidAuth()]
                 return _LoginForm
             def PasswordChangeForm(username):
                 class _PasswordChangeForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     current_password = v.ValidOldPassword(username)(not_empty=True)
                     new_password = All(v.ValidPassword(), v.UnicodeString(strip=False, min=6))
                     new_password_confirmation = All(v.ValidPassword(), v.UnicodeString(strip=False, min=6))
                     chained_validators = [v.ValidPasswordsMatch('new_password',
                                                                 'new_password_confirmation')]
                 return _PasswordChangeForm
             def UserForm(edit=False, available_languages=[], old_data={}):
                 class _UserForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     username = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                                    v.ValidUsername(edit, old_data))
                     if edit:
                         new_password = All(
                             v.ValidPassword(),
                             v.UnicodeString(strip=False, min=6, not_empty=False)
                         )
                         password_confirmation = All(
                             v.ValidPassword(),
                             v.UnicodeString(strip=False, min=6, not_empty=False),
                         )
                         admin = v.StringBoolean(if_missing=False)
                     else:
                         password = All(
                             v.ValidPassword(),
                             v.UnicodeString(strip=False, min=6, not_empty=True)
                         )
                         password_confirmation = All(
                             v.ValidPassword(),
                             v.UnicodeString(strip=False, min=6, not_empty=False)
                         )
                     password_change = v.StringBoolean(if_missing=False)
                     create_repo_group = v.StringBoolean(if_missing=False)
                     active = v.StringBoolean(if_missing=False)
                     firstname = v.UnicodeString(strip=True, min=1, not_empty=False)
                     lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
                     email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))
                     extern_name = v.UnicodeString(strip=True)
                     extern_type = v.UnicodeString(strip=True)
                     language = v.OneOf(available_languages, hideList=False,
                                        testValueList=True, if_missing=None)
                     chained_validators = [v.ValidPasswordsMatch()]
                 return _UserForm
             def UserGroupForm(edit=False, old_data=None, available_members=None,
                               allow_disabled=False):
                 old_data = old_data or {}
                 available_members = available_members or []
                 class _UserGroupForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     users_group_name = All(
                         v.UnicodeString(strip=True, min=1, not_empty=True),
                         v.ValidUserGroup(edit, old_data)
                     )
                     user_group_description = v.UnicodeString(strip=True, min=1,
                                                              not_empty=False)
                     users_group_active = v.StringBoolean(if_missing=False)
                     if edit:
                         users_group_members = v.OneOf(
                             available_members, hideList=False, testValueList=True,
                             if_missing=None, not_empty=False
                         )
                         # this is user group owner
                         user = All(
                             v.UnicodeString(not_empty=True),
                             v.ValidRepoUser(allow_disabled))
                 return _UserGroupForm
             def RepoGroupForm(edit=False, old_data=None, available_groups=None,
                                can_create_in_root=False, allow_disabled=False):
                 old_data = old_data or {}
                 available_groups = available_groups or []
                 class _RepoGroupForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     group_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                                      v.SlugifyName(),)
                     group_description = v.UnicodeString(strip=True, min=1,
                                                         not_empty=False)
                     group_copy_permissions = v.StringBoolean(if_missing=False)
                     group_parent_id = v.OneOf(available_groups, hideList=False,
                                               testValueList=True, not_empty=True)
                     enable_locking = v.StringBoolean(if_missing=False)
                     chained_validators = [
                         v.ValidRepoGroup(edit, old_data, can_create_in_root)]
                     if edit:
                         # this is repo group owner
                         user = All(
                             v.UnicodeString(not_empty=True),
                             v.ValidRepoUser(allow_disabled))
                 return _RepoGroupForm
             def RegisterForm(edit=False, old_data={}):
                 class _RegisterForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     username = All(
                         v.ValidUsername(edit, old_data),
                         v.UnicodeString(strip=True, min=1, not_empty=True)
                     )
                     password = All(
                         v.ValidPassword(),
                         v.UnicodeString(strip=False, min=6, not_empty=True)
                     )
                     password_confirmation = All(
                         v.ValidPassword(),
                         v.UnicodeString(strip=False, min=6, not_empty=True)
                     )
                     active = v.StringBoolean(if_missing=False)
                     firstname = v.UnicodeString(strip=True, min=1, not_empty=False)
                     lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
                     email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))
                     chained_validators = [v.ValidPasswordsMatch()]
                 return _RegisterForm
             def PasswordResetForm():
                 class _PasswordResetForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     email = All(v.ValidSystemEmail(), v.Email(not_empty=True))
                 return _PasswordResetForm
             def RepoForm(edit=False, old_data=None, repo_groups=None, landing_revs=None,
                          allow_disabled=False):
                 old_data = old_data or {}
                 repo_groups = repo_groups or []
                 landing_revs = landing_revs or []
                 supported_backends = BACKENDS.keys()
                 class _RepoForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                                     v.SlugifyName())
                     repo_group = All(v.CanWriteGroup(old_data),
                                      v.OneOf(repo_groups, hideList=True))
                     repo_type = v.OneOf(supported_backends, required=False,
                                         if_missing=old_data.get('repo_type'))
                     repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)
                     repo_private = v.StringBoolean(if_missing=False)
                     repo_landing_rev = v.OneOf(landing_revs, hideList=True)
                     repo_copy_permissions = v.StringBoolean(if_missing=False)
                     clone_uri = All(v.UnicodeString(strip=True, min=1, not_empty=False))
                     repo_enable_statistics = v.StringBoolean(if_missing=False)
                     repo_enable_downloads = v.StringBoolean(if_missing=False)
                     repo_enable_locking = v.StringBoolean(if_missing=False)
                     if edit:
                         # this is repo owner
                         user = All(
                             v.UnicodeString(not_empty=True),
                             v.ValidRepoUser(allow_disabled))
                         clone_uri_change = v.UnicodeString(
                             not_empty=False, if_missing=v.Missing)
                     chained_validators = [v.ValidCloneUri(),
                                           v.ValidRepoName(edit, old_data)]
                 return _RepoForm
             def RepoPermsForm():
                 class _RepoPermsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     chained_validators = [v.ValidPerms(type_='repo')]
                 return _RepoPermsForm
             def RepoGroupPermsForm(valid_recursive_choices):
                 class _RepoGroupPermsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     recursive = v.OneOf(valid_recursive_choices)
                     chained_validators = [v.ValidPerms(type_='repo_group')]
                 return _RepoGroupPermsForm
             def UserGroupPermsForm():
                 class _UserPermsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     chained_validators = [v.ValidPerms(type_='user_group')]
                 return _UserPermsForm
             def RepoFieldForm():
                 class _RepoFieldForm(formencode.Schema):
                     filter_extra_fields = True
                     allow_extra_fields = True
                     new_field_key = All(v.FieldKey(),
                                         v.UnicodeString(strip=True, min=3, not_empty=True))
                     new_field_value = v.UnicodeString(not_empty=False, if_missing=u'')
                     new_field_type = v.OneOf(['str', 'unicode', 'list', 'tuple'],
                                              if_missing='str')
                     new_field_label = v.UnicodeString(not_empty=False)
                     new_field_desc = v.UnicodeString(not_empty=False)
                 return _RepoFieldForm
             def RepoForkForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),
                              repo_groups=[], landing_revs=[]):
                 class _RepoForkForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                                     v.SlugifyName())
                     repo_group = All(v.CanWriteGroup(),
                                      v.OneOf(repo_groups, hideList=True))
                     repo_type = All(v.ValidForkType(old_data), v.OneOf(supported_backends))
                     description = v.UnicodeString(strip=True, min=1, not_empty=True)
                     private = v.StringBoolean(if_missing=False)
                     copy_permissions = v.StringBoolean(if_missing=False)
                     fork_parent_id = v.UnicodeString()
                     chained_validators = [v.ValidForkName(edit, old_data)]
                     landing_rev = v.OneOf(landing_revs, hideList=True)
                 return _RepoForkForm
             def ApplicationSettingsForm():
                 class _ApplicationSettingsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     rhodecode_title = v.UnicodeString(strip=True, max=40, not_empty=False)
                     rhodecode_realm = v.UnicodeString(strip=True, min=1, not_empty=True)
                     rhodecode_pre_code = v.UnicodeString(strip=True, min=1, not_empty=False)
                     rhodecode_post_code = v.UnicodeString(strip=True, min=1, not_empty=False)
                     rhodecode_captcha_public_key = v.UnicodeString(strip=True, min=1, not_empty=False)
                     rhodecode_captcha_private_key = v.UnicodeString(strip=True, min=1, not_empty=False)
                 return _ApplicationSettingsForm
             def ApplicationVisualisationForm():
                 class _ApplicationVisualisationForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     rhodecode_show_public_icon = v.StringBoolean(if_missing=False)
                     rhodecode_show_private_icon = v.StringBoolean(if_missing=False)
                     rhodecode_stylify_metatags = v.StringBoolean(if_missing=False)
                     rhodecode_repository_fields = v.StringBoolean(if_missing=False)
                     rhodecode_lightweight_journal = v.StringBoolean(if_missing=False)
                     rhodecode_dashboard_items = v.Int(min=5, not_empty=True)
                     rhodecode_admin_grid_items = v.Int(min=5, not_empty=True)
                     rhodecode_show_version = v.StringBoolean(if_missing=False)
                     rhodecode_use_gravatar = v.StringBoolean(if_missing=False)
                     rhodecode_markup_renderer = v.OneOf(['markdown', 'rst'])
                     rhodecode_gravatar_url = v.UnicodeString(min=3)
                     rhodecode_clone_uri_tmpl = v.UnicodeString(min=3)
                     rhodecode_support_url = v.UnicodeString()
                     rhodecode_show_revision_number = v.StringBoolean(if_missing=False)
                     rhodecode_show_sha_length = v.Int(min=4, not_empty=True)
                 return _ApplicationVisualisationForm
             class _BaseVcsSettingsForm(formencode.Schema):
                 allow_extra_fields = True
                 filter_extra_fields = False
                 hooks_changegroup_repo_size = v.StringBoolean(if_missing=False)
                 hooks_changegroup_push_logger = v.StringBoolean(if_missing=False)
                 hooks_outgoing_pull_logger = v.StringBoolean(if_missing=False)
                 extensions_largefiles = v.StringBoolean(if_missing=False)
                 phases_publish = v.StringBoolean(if_missing=False)
                 rhodecode_pr_merge_enabled = v.StringBoolean(if_missing=False)
                 rhodecode_use_outdated_comments = v.StringBoolean(if_missing=False)
                 rhodecode_hg_use_rebase_for_merging = v.StringBoolean(if_missing=False)
             def ApplicationUiSettingsForm():
                 class _ApplicationUiSettingsForm(_BaseVcsSettingsForm):
                     web_push_ssl = v.StringBoolean(if_missing=False)
                     paths_root_path = All(
                         v.ValidPath(),
                         v.UnicodeString(strip=True, min=1, not_empty=True)
                     )
                     extensions_hgsubversion = v.StringBoolean(if_missing=False)
                     extensions_hggit = v.StringBoolean(if_missing=False)
                     new_svn_branch = v.ValidSvnPattern(section='vcs_svn_branch')
                     new_svn_tag = v.ValidSvnPattern(section='vcs_svn_tag')
                 return _ApplicationUiSettingsForm
             def RepoVcsSettingsForm(repo_name):
                 class _RepoVcsSettingsForm(_BaseVcsSettingsForm):
                     inherit_global_settings = v.StringBoolean(if_missing=False)
                     new_svn_branch = v.ValidSvnPattern(
                         section='vcs_svn_branch', repo_name=repo_name)
                     new_svn_tag = v.ValidSvnPattern(
                         section='vcs_svn_tag', repo_name=repo_name)
                 return _RepoVcsSettingsForm
             def LabsSettingsForm():
                 class _LabSettingsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     rhodecode_proxy_subversion_http_requests = v.StringBoolean(
                         if_missing=False)
                     rhodecode_subversion_http_server_url = v.UnicodeString(
                         strip=True, if_missing=None)
                 return _LabSettingsForm
             def ApplicationPermissionsForm(register_choices, extern_activate_choices):
                 class _DefaultPermissionsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     anonymous = v.StringBoolean(if_missing=False)
                     default_register = v.OneOf(register_choices)
                     default_register_message = v.UnicodeString()
                     default_extern_activate = v.OneOf(extern_activate_choices)
                 return _DefaultPermissionsForm
             def ObjectPermissionsForm(repo_perms_choices, group_perms_choices,
                                       user_group_perms_choices):
                 class _ObjectPermissionsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     overwrite_default_repo = v.StringBoolean(if_missing=False)
                     overwrite_default_group = v.StringBoolean(if_missing=False)
                     overwrite_default_user_group = v.StringBoolean(if_missing=False)
                     default_repo_perm = v.OneOf(repo_perms_choices)
                     default_group_perm = v.OneOf(group_perms_choices)
                     default_user_group_perm = v.OneOf(user_group_perms_choices)
                 return _ObjectPermissionsForm
             def UserPermissionsForm(create_choices, create_on_write_choices,
                                     repo_group_create_choices, user_group_create_choices,
                                     fork_choices, inherit_default_permissions_choices):
                 class _DefaultPermissionsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     anonymous = v.StringBoolean(if_missing=False)
                     default_repo_create = v.OneOf(create_choices)
                     default_repo_create_on_write = v.OneOf(create_on_write_choices)
                     default_user_group_create = v.OneOf(user_group_create_choices)
                     default_repo_group_create = v.OneOf(repo_group_create_choices)
                     default_fork_create = v.OneOf(fork_choices)
                     default_inherit_default_permissions = v.OneOf(inherit_default_permissions_choices)
                 return _DefaultPermissionsForm
             def UserIndividualPermissionsForm():
                 class _DefaultPermissionsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     inherit_default_permissions = v.StringBoolean(if_missing=False)
                 return _DefaultPermissionsForm
             def DefaultsForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()):
                 class _DefaultsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     default_repo_type = v.OneOf(supported_backends)
                     default_repo_private = v.StringBoolean(if_missing=False)
                     default_repo_enable_statistics = v.StringBoolean(if_missing=False)
                     default_repo_enable_downloads = v.StringBoolean(if_missing=False)
                     default_repo_enable_locking = v.StringBoolean(if_missing=False)
                 return _DefaultsForm
             def AuthSettingsForm():
                 class _AuthSettingsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     auth_plugins = All(v.ValidAuthPlugins(),
                                        v.UniqueListFromString()(not_empty=True))
                 return _AuthSettingsForm
             def UserExtraEmailForm():
                 class _UserExtraEmailForm(formencode.Schema):
                     email = All(v.UniqSystemEmail(), v.Email(not_empty=True))
                 return _UserExtraEmailForm
             def UserExtraIpForm():
                 class _UserExtraIpForm(formencode.Schema):
                     ip = v.ValidIp()(not_empty=True)
                 return _UserExtraIpForm
             def PullRequestForm(repo_id):
                 class _PullRequestForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     user = v.UnicodeString(strip=True, required=True)
                     source_repo = v.UnicodeString(strip=True, required=True)
                     source_ref = v.UnicodeString(strip=True, required=True)
                     target_repo = v.UnicodeString(strip=True, required=True)
                     target_ref = v.UnicodeString(strip=True, required=True)
                     revisions = All(#v.NotReviewedRevisions(repo_id)(),
                                     v.UniqueList()(not_empty=True))
                     review_members = v.UniqueList(convert=int)(not_empty=True)
                     pullrequest_title = v.UnicodeString(strip=True, required=True)
                     pullrequest_desc = v.UnicodeString(strip=True, required=False)
                 return _PullRequestForm
-            def GistForm(lifetime_options, acl_level_options):
-                class _GistForm(formencode.Schema):
-                    gistid = All(v.UniqGistId(), v.UnicodeString(strip=True, min=3, not_empty=False, if_missing=None))
-                    filename = All(v.BasePath()(),
-                                   v.UnicodeString(strip=True, required=False))
-                    description = v.UnicodeString(required=False, if_missing=u'')
-                    lifetime = v.OneOf(lifetime_options)
-                    mimetype = v.UnicodeString(required=False, if_missing=None)
-                    content = v.UnicodeString(required=True, not_empty=True)
-                    public = v.UnicodeString(required=False, if_missing=u'')
-                    private = v.UnicodeString(required=False, if_missing=u'')
-                    acl_level = v.OneOf(acl_level_options)
-                return _GistForm
             def IssueTrackerPatternsForm():
                 class _IssueTrackerPatternsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     chained_validators = [v.ValidPattern()]
                 return _IssueTrackerPatternsForm

rhodecode/model/gist.py

0 +6 -22

             # -*- coding: utf-8 -*-
             # Copyright (C) 2013-2016  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             gist model for RhodeCode
             """
             import os
             import time
             import logging
             import traceback
             import shutil
             from rhodecode.lib.utils2 import (
                 safe_unicode, unique_id, safe_int, time_to_datetime, AttributeDict)
             from rhodecode.lib.ext_json import json
             from rhodecode.model import BaseModel
             from rhodecode.model.db import Gist
             from rhodecode.model.repo import RepoModel
             from rhodecode.model.scm import ScmModel
             log = logging.getLogger(__name__)
             GIST_STORE_LOC = '.rc_gist_store'
             GIST_METADATA_FILE = '.rc_gist_metadata'
             class GistModel(BaseModel):
                 cls = Gist
                 def _get_gist(self, gist):
                     """
                     Helper method to get gist by ID, or gist_access_id as a fallback
                     :param gist: GistID, gist_access_id, or Gist instance
                     """
                     return self._get_instance(Gist, gist, callback=Gist.get_by_access_id)
                 def __delete_gist(self, gist):
                     """
                     removes gist from filesystem
                     :param gist: gist object
                     """
                     root_path = RepoModel().repos_path
                     rm_path = os.path.join(root_path, GIST_STORE_LOC, gist.gist_access_id)
                     log.info("Removing %s", rm_path)
                     shutil.rmtree(rm_path)
                 def _store_metadata(self, repo, gist_id, gist_access_id, user_id, username,
                                     gist_type, gist_expires, gist_acl_level):
                     """
                     store metadata inside the gist repo, this can be later used for imports
                     or gist identification. Currently we use this inside RhodeCode tools
                     to do cleanup of gists that are in storage but not in database.
                     """
                     metadata = {
                         'metadata_version': '2',
                         'gist_db_id': gist_id,
                         'gist_access_id': gist_access_id,
                         'gist_owner_id': user_id,
                         'gist_owner_username': username,
                         'gist_type': gist_type,
                         'gist_expires': gist_expires,
                         'gist_updated': time.time(),
                         'gist_acl_level': gist_acl_level,
                     }
                     metadata_file = os.path.join(repo.path, '.hg', GIST_METADATA_FILE)
                     with open(metadata_file, 'wb') as f:
                         f.write(json.dumps(metadata))
                 def get_gist(self, gist):
                     return self._get_gist(gist)
                 def get_gist_files(self, gist_access_id, revision=None):
                     """
                     Get files for given gist
                     :param gist_access_id:
                     """
                     repo = Gist.get_by_access_id(gist_access_id)
                     commit = repo.scm_instance().get_commit(commit_id=revision)
                     return commit, [n for n in commit.get_node('/')]
                 def create(self, description, owner, gist_mapping,
                            gist_type=Gist.GIST_PUBLIC, lifetime=-1, gist_id=None,
                            gist_acl_level=Gist.ACL_LEVEL_PRIVATE):
                     """
                     Create a gist
                     :param description: description of the gist
                     :param owner: user who created this gist
-                    :param gist_mapping: mapping {filename:{'content':content},...}
+                    :param gist_mapping: mapping [{'filename': 'file1.txt', 'content': content}, ...}]
                     :param gist_type: type of gist private/public
                     :param lifetime: in minutes, -1 == forever
                     :param gist_acl_level: acl level for this gist
                     """
                     owner = self._get_user(owner)
                     gist_id = safe_unicode(gist_id or unique_id(20))
                     lifetime = safe_int(lifetime, -1)
                     gist_expires = time.time() + (lifetime * 60) if lifetime != -1 else -1
                     expiration = (time_to_datetime(gist_expires)
                                   if gist_expires != -1 else 'forever')
                     log.debug('set GIST expiration date to: %s', expiration)
                     # create the Database version
                     gist = Gist()
                     gist.gist_description = description
                     gist.gist_access_id = gist_id
                     gist.gist_owner = owner.user_id
                     gist.gist_expires = gist_expires
                     gist.gist_type = safe_unicode(gist_type)
                     gist.acl_level = gist_acl_level
                     self.sa.add(gist)
                     self.sa.flush()
                     if gist_type == Gist.GIST_PUBLIC:
                         # use DB ID for easy to use GIST ID
                         gist_id = safe_unicode(gist.gist_id)
                         gist.gist_access_id = gist_id
                         self.sa.add(gist)
                     gist_repo_path = os.path.join(GIST_STORE_LOC, gist_id)
                     log.debug('Creating new %s GIST repo in %s', gist_type, gist_repo_path)
                     repo = RepoModel()._create_filesystem_repo(
                         repo_name=gist_id, repo_type='hg', repo_group=GIST_STORE_LOC,
                         use_global_config=True)
-                    processed_mapping = {}
-                    for filename in gist_mapping:
-                        if filename != os.path.basename(filename):
-                            raise Exception('Filename cannot be inside a directory')
-                        content = gist_mapping[filename]['content']
-                        # TODO: expand support for setting explicit lexers
-            #             if lexer is None:
-            #                 try:
-            #                     guess_lexer = pygments.lexers.guess_lexer_for_filename
-            #                     lexer = guess_lexer(filename,content)
-            #                 except pygments.util.ClassNotFound:
-            #                     lexer = 'text'
-                        processed_mapping[filename] = {'content': content}
                     # now create single multifile commit
                     message = 'added file'
-                    message += 's: ' if len(processed_mapping) > 1 else ': '
+                    message += 's: ' if len(gist_mapping) > 1 else ': '
-                    message += ', '.join([x for x in processed_mapping])
+                    message += ', '.join([x for x in gist_mapping])
                     # fake RhodeCode Repository object
                     fake_repo = AttributeDict({
                         'repo_name': gist_repo_path,
                         'scm_instance': lambda *args, **kwargs: repo,
                     })
                     ScmModel().create_nodes(
                         user=owner.user_id, repo=fake_repo,
                         message=message,
-                        nodes=processed_mapping,
+                        nodes=gist_mapping,
                         trigger_push_hook=False
                     )
                     self._store_metadata(repo, gist.gist_id, gist.gist_access_id,
                                          owner.user_id, owner.username, gist.gist_type,
                                          gist.gist_expires, gist_acl_level)
                     return gist
                 def delete(self, gist, fs_remove=True):
                     gist = self._get_gist(gist)
                     try:
                         self.sa.delete(gist)
                         if fs_remove:
                             self.__delete_gist(gist)
                         else:
                             log.debug('skipping removal from filesystem')
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def update(self, gist, description, owner, gist_mapping, gist_type,
                            lifetime, gist_acl_level):
                     gist = self._get_gist(gist)
                     gist_repo = gist.scm_instance()
-                    lifetime = safe_int(lifetime, -1)
                     if lifetime == 0:  # preserve old value
                         gist_expires = gist.gist_expires
                     else:
                         gist_expires = (
                             time.time() + (lifetime * 60) if lifetime != -1 else -1)
                     # calculate operation type based on given data
                     gist_mapping_op = {}
                     for k, v in gist_mapping.items():
                         # add, mod, del
-                        if not v['org_filename'] and v['filename']:
+                        if not v['filename_org'] and v['filename']:
                             op = 'add'
-                        elif v['org_filename'] and not v['filename']:
+                        elif v['filename_org'] and not v['filename']:
                             op = 'del'
                         else:
                             op = 'mod'
                         v['op'] = op
                         gist_mapping_op[k] = v
                     gist.gist_description = description
                     gist.gist_expires = gist_expires
                     gist.owner = owner
                     gist.gist_type = gist_type
                     gist.acl_level = gist_acl_level
                     self.sa.add(gist)
                     self.sa.flush()
                     message = 'updated file'
                     message += 's: ' if len(gist_mapping) > 1 else ': '
                     message += ', '.join([x for x in gist_mapping])
                     # fake RhodeCode Repository object
                     fake_repo = AttributeDict({
                         'repo_name': gist_repo.path,
                         'scm_instance': lambda *args, **kwargs: gist_repo,
                     })
                     self._store_metadata(gist_repo, gist.gist_id, gist.gist_access_id,
                                          owner.user_id, owner.username, gist.gist_type,
                                          gist.gist_expires, gist_acl_level)
                     # this can throw NodeNotChangedError, if changes we're trying to commit
                     # are not actually changes...
                     ScmModel().update_nodes(
                         user=owner.user_id,
                         repo=fake_repo,
                         message=message,
                         nodes=gist_mapping_op,
                         trigger_push_hook=False
                     )
                     return gist

rhodecode/model/validators.py

0 0 -36

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2016  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Set of generic validators
             """
             import logging
             import os
             import re
             from collections import defaultdict
             import formencode
             import ipaddress
             from formencode.validators import (
                 UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set,
                 NotEmpty, IPAddress, CIDR, String, FancyValidator
             )
             from pylons.i18n.translation import _
             from sqlalchemy.sql.expression import true
             from sqlalchemy.util import OrderedSet
             from webhelpers.pylonslib.secure_form import authentication_token
             from rhodecode.authentication import (
                 legacy_plugin_prefix, _import_legacy_plugin)
             from rhodecode.authentication.base import loadplugin
             from rhodecode.config.routing import ADMIN_PREFIX
             from rhodecode.lib.auth import HasRepoGroupPermissionAny, HasPermissionAny
             from rhodecode.lib.utils import repo_name_slug, make_db_config
             from rhodecode.lib.utils2 import safe_int, str2bool, aslist, md5
             from rhodecode.lib.vcs.backends.git.repository import GitRepository
             from rhodecode.lib.vcs.backends.hg.repository import MercurialRepository
             from rhodecode.lib.vcs.backends.svn.repository import SubversionRepository
             from rhodecode.model.db import (
                 RepoGroup, Repository, UserGroup, User, ChangesetStatus, Gist)
             from rhodecode.model.settings import VcsSettingsModel
             # silence warnings and pylint
             UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set, \
                 NotEmpty, IPAddress, CIDR, String, FancyValidator
             log = logging.getLogger(__name__)
             class _Missing(object):
                 pass
             Missing = _Missing()
             class StateObj(object):
                 """
                 this is needed to translate the messages using _() in validators
                 """
                 _ = staticmethod(_)
             def M(self, key, state=None, **kwargs):
                 """
                 returns string from self.message based on given key,
                 passed kw params are used to substitute %(named)s params inside
                 translated strings
                 :param msg:
                 :param state:
                 """
                 if state is None:
                     state = StateObj()
                 else:
                     state._ = staticmethod(_)
                 # inject validator into state object
                 return self.message(key, state, **kwargs)
             def UniqueList(convert=None):
                 class _UniqueList(formencode.FancyValidator):
                     """
                     Unique List !
                     """
                     messages = {
                         'empty': _(u'Value cannot be an empty list'),
                         'missing_value': _(u'Value cannot be an empty list'),
                     }
                     def _to_python(self, value, state):
                         ret_val = []
                         def make_unique(value):
                             seen = []
                             return [c for c in value if not (c in seen or seen.append(c))]
                         if isinstance(value, list):
                             ret_val = make_unique(value)
                         elif isinstance(value, set):
                             ret_val = make_unique(list(value))
                         elif isinstance(value, tuple):
                             ret_val = make_unique(list(value))
                         elif value is None:
                             ret_val = []
                         else:
                             ret_val = [value]
                         if convert:
                             ret_val = map(convert, ret_val)
                         return ret_val
                     def empty_value(self, value):
                         return []
                 return _UniqueList
             def UniqueListFromString():
                 class _UniqueListFromString(UniqueList()):
                     def _to_python(self, value, state):
                         if isinstance(value, basestring):
                             value = aslist(value, ',')
                         return super(_UniqueListFromString, self)._to_python(value, state)
                 return _UniqueListFromString
             def ValidSvnPattern(section, repo_name=None):
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'pattern_exists': _(u'Pattern already exists'),
                     }
                     def validate_python(self, value, state):
                         if not value:
                             return
                         model = VcsSettingsModel(repo=repo_name)
                         ui_settings = model.get_svn_patterns(section=section)
                         for entry in ui_settings:
                             if value == entry.value:
                                 msg = M(self, 'pattern_exists', state)
                                 raise formencode.Invalid(msg, value, state)
                 return _validator
             def ValidUsername(edit=False, old_data={}):
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'username_exists': _(u'Username "%(username)s" already exists'),
                         'system_invalid_username':
                             _(u'Username "%(username)s" is forbidden'),
                         'invalid_username':
                             _(u'Username may only contain alphanumeric characters '
                                 u'underscores, periods or dashes and must begin with '
                                 u'alphanumeric character or underscore')
                     }
                     def validate_python(self, value, state):
                         if value in ['default', 'new_user']:
                             msg = M(self, 'system_invalid_username', state, username=value)
                             raise formencode.Invalid(msg, value, state)
                         # check if user is unique
                         old_un = None
                         if edit:
                             old_un = User.get(old_data.get('user_id')).username
                         if old_un != value or not edit:
                             if User.get_by_username(value, case_insensitive=True):
                                 msg = M(self, 'username_exists', state, username=value)
                                 raise formencode.Invalid(msg, value, state)
                         if (re.match(r'^[\w]{1}[\w\-\.]{0,254}$', value)
                                 is None):
                             msg = M(self, 'invalid_username', state)
                             raise formencode.Invalid(msg, value, state)
                 return _validator
             def ValidRegex(msg=None):
                 class _validator(formencode.validators.Regex):
                     messages = {'invalid': msg or _(u'The input is not valid')}
                 return _validator
             def ValidRepoUser(allow_disabled=False):
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'invalid_username': _(u'Username %(username)s is not valid'),
                         'disabled_username': _(u'Username %(username)s is disabled')
                     }
                     def validate_python(self, value, state):
                         try:
                             user = User.query().filter(User.username == value).one()
                         except Exception:
                             msg = M(self, 'invalid_username', state, username=value)
                             raise formencode.Invalid(
                                 msg, value, state, error_dict={'username': msg}
                             )
                         if user and (not allow_disabled and not user.active):
                             msg = M(self, 'disabled_username', state, username=value)
                             raise formencode.Invalid(
                                 msg, value, state, error_dict={'username': msg}
                             )
                 return _validator
             def ValidUserGroup(edit=False, old_data={}):
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'invalid_group': _(u'Invalid user group name'),
                         'group_exist': _(u'User group "%(usergroup)s" already exists'),
                         'invalid_usergroup_name':
                             _(u'user group name may only contain alphanumeric '
                               u'characters underscores, periods or dashes and must begin '
                               u'with alphanumeric character')
                     }
                     def validate_python(self, value, state):
                         if value in ['default']:
                             msg = M(self, 'invalid_group', state)
                             raise formencode.Invalid(
                                 msg, value, state, error_dict={'users_group_name': msg}
                             )
                         # check if group is unique
                         old_ugname = None
                         if edit:
                             old_id = old_data.get('users_group_id')
                             old_ugname = UserGroup.get(old_id).users_group_name
                         if old_ugname != value or not edit:
                             is_existing_group = UserGroup.get_by_group_name(
                                 value, case_insensitive=True)
                             if is_existing_group:
                                 msg = M(self, 'group_exist', state, usergroup=value)
                                 raise formencode.Invalid(
                                     msg, value, state, error_dict={'users_group_name': msg}
                                 )
                         if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:
                             msg = M(self, 'invalid_usergroup_name', state)
                             raise formencode.Invalid(
                                 msg, value, state, error_dict={'users_group_name': msg}
                             )
                 return _validator
             def ValidRepoGroup(edit=False, old_data={}, can_create_in_root=False):
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'group_parent_id': _(u'Cannot assign this group as parent'),
                         'group_exists': _(u'Group "%(group_name)s" already exists'),
                         'repo_exists': _(u'Repository with name "%(group_name)s" '
                                          u'already exists'),
                         'permission_denied': _(u"no permission to store repository group"
                                                u"in this location"),
                         'permission_denied_root': _(
                             u"no permission to store repository group "
                             u"in root location")
                     }
                     def _to_python(self, value, state):
                         group_name = repo_name_slug(value.get('group_name', ''))
                         group_parent_id = safe_int(value.get('group_parent_id'))
                         gr = RepoGroup.get(group_parent_id)
                         if gr:
                             parent_group_path = gr.full_path
                             # value needs to be aware of group name in order to check
                             # db key This is an actual just the name to store in the
                             # database
                             group_name_full = (
                                 parent_group_path + RepoGroup.url_sep() + group_name)
                         else:
                             group_name_full = group_name
                         value['group_name'] = group_name
                         value['group_name_full'] = group_name_full
                         value['group_parent_id'] = group_parent_id
                         return value
                     def validate_python(self, value, state):
                         old_group_name = None
                         group_name = value.get('group_name')
                         group_name_full = value.get('group_name_full')
                         group_parent_id = safe_int(value.get('group_parent_id'))
                         if group_parent_id == -1:
                             group_parent_id = None
                         group_obj = RepoGroup.get(old_data.get('group_id'))
                         parent_group_changed = False
                         if edit:
                             old_group_name = group_obj.group_name
                             old_group_parent_id = group_obj.group_parent_id
                             if group_parent_id != old_group_parent_id:
                                 parent_group_changed = True
                             # TODO: mikhail: the following if statement is not reached
                             # since group_parent_id's OneOf validation fails before.
                             # Can be removed.
                             # check against setting a parent of self
                             parent_of_self = (
                                 old_data['group_id'] == group_parent_id
                                 if group_parent_id else False
                             )
                             if parent_of_self:
                                 msg = M(self, 'group_parent_id', state)
                                 raise formencode.Invalid(
                                     msg, value, state, error_dict={'group_parent_id': msg}
                                 )
                         # group we're moving current group inside
                         child_group = None
                         if group_parent_id:
                             child_group = RepoGroup.query().filter(
                                 RepoGroup.group_id == group_parent_id).scalar()
                         # do a special check that we cannot move a group to one of
                         # it's children
                         if edit and child_group:
                             parents = [x.group_id for x in child_group.parents]
                             move_to_children = old_data['group_id'] in parents
                             if move_to_children:
                                 msg = M(self, 'group_parent_id', state)
                                 raise formencode.Invalid(
                                     msg, value, state, error_dict={'group_parent_id': msg})
                         # Check if we have permission to store in the parent.
                         # Only check if the parent group changed.
                         if parent_group_changed:
                             if child_group is None:
                                 if not can_create_in_root:
                                     msg = M(self, 'permission_denied_root', state)
                                     raise formencode.Invalid(
                                         msg, value, state,
                                         error_dict={'group_parent_id': msg})
                             else:
                                 valid = HasRepoGroupPermissionAny('group.admin')
                                 forbidden = not valid(
                                     child_group.group_name, 'can create group validator')
                                 if forbidden:
                                     msg = M(self, 'permission_denied', state)
                                     raise formencode.Invalid(
                                         msg, value, state,
                                         error_dict={'group_parent_id': msg})
                         # if we change the name or it's new group, check for existing names
                         # or repositories with the same name
                         if old_group_name != group_name_full or not edit:
                             # check group
                             gr = RepoGroup.get_by_group_name(group_name_full)
                             if gr:
                                 msg = M(self, 'group_exists', state, group_name=group_name)
                                 raise formencode.Invalid(
                                     msg, value, state, error_dict={'group_name': msg})
                             # check for same repo
                             repo = Repository.get_by_repo_name(group_name_full)
                             if repo:
                                 msg = M(self, 'repo_exists', state, group_name=group_name)
                                 raise formencode.Invalid(
                                     msg, value, state, error_dict={'group_name': msg})
                 return _validator
             def ValidPassword():
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'invalid_password':
                             _(u'Invalid characters (non-ascii) in password')
                     }
                     def validate_python(self, value, state):
                         try:
                             (value or '').decode('ascii')
                         except UnicodeError:
                             msg = M(self, 'invalid_password', state)
                             raise formencode.Invalid(msg, value, state,)
                 return _validator
             def ValidOldPassword(username):
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'invalid_password': _(u'Invalid old password')
                     }
                     def validate_python(self, value, state):
                         from rhodecode.authentication.base import authenticate, HTTP_TYPE
                         if not authenticate(username, value, '', HTTP_TYPE):
                             msg = M(self, 'invalid_password', state)
                             raise formencode.Invalid(
                                 msg, value, state, error_dict={'current_password': msg}
                             )
                 return _validator
             def ValidPasswordsMatch(
                     passwd='new_password', passwd_confirmation='password_confirmation'):
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'password_mismatch': _(u'Passwords do not match'),
                     }
                     def validate_python(self, value, state):
                         pass_val = value.get('password') or value.get(passwd)
                         if pass_val != value[passwd_confirmation]:
                             msg = M(self, 'password_mismatch', state)
                             raise formencode.Invalid(
                                 msg, value, state,
                                 error_dict={passwd: msg, passwd_confirmation: msg}
                             )
                 return _validator
             def ValidAuth():
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'invalid_password': _(u'invalid password'),
                         'invalid_username': _(u'invalid user name'),
                         'disabled_account': _(u'Your account is disabled')
                     }
                     def validate_python(self, value, state):
                         from rhodecode.authentication.base import authenticate, HTTP_TYPE
                         password = value['password']
                         username = value['username']
                         if not authenticate(username, password, '', HTTP_TYPE,
                                             skip_missing=True):
                             user = User.get_by_username(username)
                             if user and not user.active:
                                 log.warning('user %s is disabled', username)
                                 msg = M(self, 'disabled_account', state)
                                 raise formencode.Invalid(
                                     msg, value, state, error_dict={'username': msg}
                                 )
                             else:
                                 log.warning('user `%s` failed to authenticate', username)
                                 msg = M(self, 'invalid_username', state)
                                 msg2 = M(self, 'invalid_password', state)
                                 raise formencode.Invalid(
                                     msg, value, state,
                                     error_dict={'username': msg, 'password': msg2}
                                 )
                 return _validator
             def ValidAuthToken():
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'invalid_token': _(u'Token mismatch')
                     }
                     def validate_python(self, value, state):
                         if value != authentication_token():
                             msg = M(self, 'invalid_token', state)
                             raise formencode.Invalid(msg, value, state)
                 return _validator
             def ValidRepoName(edit=False, old_data={}):
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'invalid_repo_name':
                             _(u'Repository name %(repo)s is disallowed'),
                         # top level
                         'repository_exists': _(u'Repository with name %(repo)s '
                                                u'already exists'),
                         'group_exists': _(u'Repository group with name "%(repo)s" '
                                           u'already exists'),
                         # inside a group
                         'repository_in_group_exists': _(u'Repository with name %(repo)s '
                                                         u'exists in group "%(group)s"'),
                         'group_in_group_exists': _(
                             u'Repository group with name "%(repo)s" '
                             u'exists in group "%(group)s"'),
                     }
                     def _to_python(self, value, state):
                         repo_name = repo_name_slug(value.get('repo_name', ''))
                         repo_group = value.get('repo_group')
                         if repo_group:
                             gr = RepoGroup.get(repo_group)
                             group_path = gr.full_path
                             group_name = gr.group_name
                             # value needs to be aware of group name in order to check
                             # db key This is an actual just the name to store in the
                             # database
                             repo_name_full = group_path + RepoGroup.url_sep() + repo_name
                         else:
                             group_name = group_path = ''
                             repo_name_full = repo_name
                         value['repo_name'] = repo_name
                         value['repo_name_full'] = repo_name_full
                         value['group_path'] = group_path
                         value['group_name'] = group_name
                         return value
                     def validate_python(self, value, state):
                         repo_name = value.get('repo_name')
                         repo_name_full = value.get('repo_name_full')
                         group_path = value.get('group_path')
                         group_name = value.get('group_name')
                         if repo_name in [ADMIN_PREFIX, '']:
                             msg = M(self, 'invalid_repo_name', state, repo=repo_name)
                             raise formencode.Invalid(
                                 msg, value, state, error_dict={'repo_name': msg})
                         rename = old_data.get('repo_name') != repo_name_full
                         create = not edit
                         if rename or create:
                             if group_path:
                                 if Repository.get_by_repo_name(repo_name_full):
                                     msg = M(self, 'repository_in_group_exists', state,
                                             repo=repo_name, group=group_name)
                                     raise formencode.Invalid(
                                         msg, value, state, error_dict={'repo_name': msg})
                                 if RepoGroup.get_by_group_name(repo_name_full):
                                     msg = M(self, 'group_in_group_exists', state,
                                             repo=repo_name, group=group_name)
                                     raise formencode.Invalid(
                                         msg, value, state, error_dict={'repo_name': msg})
                             else:
                                 if RepoGroup.get_by_group_name(repo_name_full):
                                     msg = M(self, 'group_exists', state, repo=repo_name)
                                     raise formencode.Invalid(
                                         msg, value, state, error_dict={'repo_name': msg})
                                 if Repository.get_by_repo_name(repo_name_full):
                                     msg = M(
                                         self, 'repository_exists', state, repo=repo_name)
                                     raise formencode.Invalid(
                                         msg, value, state, error_dict={'repo_name': msg})
                         return value
                 return _validator
             def ValidForkName(*args, **kwargs):
                 return ValidRepoName(*args, **kwargs)
             def SlugifyName():
                 class _validator(formencode.validators.FancyValidator):
                     def _to_python(self, value, state):
                         return repo_name_slug(value)
                     def validate_python(self, value, state):
                         pass
                 return _validator
             def ValidCloneUri():
                 class InvalidCloneUrl(Exception):
                     allowed_prefixes = ()
                 def url_handler(repo_type, url):
                     config = make_db_config(clear_session=False)
                     if repo_type == 'hg':
                         allowed_prefixes = ('http', 'svn+http', 'git+http')
                         if 'http' in url[:4]:
                             # initially check if it's at least the proper URL
                             # or does it pass basic auth
                             MercurialRepository.check_url(url, config)
                         elif 'svn+http' in url[:8]:  # svn->hg import
                             SubversionRepository.check_url(url, config)
                         elif 'git+http' in url[:8]:  # git->hg import
                             raise NotImplementedError()
                         else:
                             exc = InvalidCloneUrl('Clone from URI %s not allowed. '
                                                   'Allowed url must start with one of %s'
                                                   % (url, ','.join(allowed_prefixes)))
                             exc.allowed_prefixes = allowed_prefixes
                             raise exc
                     elif repo_type == 'git':
                         allowed_prefixes = ('http', 'svn+http', 'hg+http')
                         if 'http' in url[:4]:
                             # initially check if it's at least the proper URL
                             # or does it pass basic auth
                             GitRepository.check_url(url, config)
                         elif 'svn+http' in url[:8]:  # svn->git import
                             raise NotImplementedError()
                         elif 'hg+http' in url[:8]:  # hg->git import
                             raise NotImplementedError()
                         else:
                             exc = InvalidCloneUrl('Clone from URI %s not allowed. '
                                                   'Allowed url must start with one of %s'
                                                   % (url, ','.join(allowed_prefixes)))
                             exc.allowed_prefixes = allowed_prefixes
                             raise exc
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'clone_uri': _(u'invalid clone url for %(rtype)s repository'),
                         'invalid_clone_uri': _(
                             u'Invalid clone url, provide a valid clone '
                             u'url starting with one of %(allowed_prefixes)s')
                     }
                     def validate_python(self, value, state):
                         repo_type = value.get('repo_type')
                         url = value.get('clone_uri')
                         if url:
                             try:
                                 url_handler(repo_type, url)
                             except InvalidCloneUrl as e:
                                 log.warning(e)
                                 msg = M(self, 'invalid_clone_uri', rtype=repo_type,
                                         allowed_prefixes=','.join(e.allowed_prefixes))
                                 raise formencode.Invalid(msg, value, state,
                                                          error_dict={'clone_uri': msg})
                             except Exception:
                                 log.exception('Url validation failed')
                                 msg = M(self, 'clone_uri', rtype=repo_type)
                                 raise formencode.Invalid(msg, value, state,
                                                          error_dict={'clone_uri': msg})
                 return _validator
             def ValidForkType(old_data={}):
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'invalid_fork_type': _(u'Fork have to be the same type as parent')
                     }
                     def validate_python(self, value, state):
                         if old_data['repo_type'] != value:
                             msg = M(self, 'invalid_fork_type', state)
                             raise formencode.Invalid(
                                 msg, value, state, error_dict={'repo_type': msg}
                             )
                 return _validator
             def CanWriteGroup(old_data=None):
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'permission_denied': _(
                             u"You do not have the permission "
                             u"to create repositories in this group."),
                         'permission_denied_root': _(
                             u"You do not have the permission to store repositories in "
                             u"the root location.")
                     }
                     def _to_python(self, value, state):
                         # root location
                         if value in [-1, "-1"]:
                             return None
                         return value
                     def validate_python(self, value, state):
                         gr = RepoGroup.get(value)
                         gr_name = gr.group_name if gr else None  # None means ROOT location
                         # create repositories with write permission on group is set to true
                         create_on_write = HasPermissionAny(
                             'hg.create.write_on_repogroup.true')()
                         group_admin = HasRepoGroupPermissionAny('group.admin')(
                             gr_name, 'can write into group validator')
                         group_write = HasRepoGroupPermissionAny('group.write')(
                             gr_name, 'can write into group validator')
                         forbidden = not (group_admin or (group_write and create_on_write))
                         can_create_repos = HasPermissionAny(
                             'hg.admin', 'hg.create.repository')
                         gid = (old_data['repo_group'].get('group_id')
                                if (old_data and 'repo_group' in old_data) else None)
                         value_changed = gid != safe_int(value)
                         new = not old_data
                         # do check if we changed the value, there's a case that someone got
                         # revoked write permissions to a repository, he still created, we
                         # don't need to check permission if he didn't change the value of
                         # groups in form box
                         if value_changed or new:
                             # parent group need to be existing
                             if gr and forbidden:
                                 msg = M(self, 'permission_denied', state)
                                 raise formencode.Invalid(
                                     msg, value, state, error_dict={'repo_type': msg}
                                 )
                             # check if we can write to root location !
                             elif gr is None and not can_create_repos():
                                 msg = M(self, 'permission_denied_root', state)
                                 raise formencode.Invalid(
                                     msg, value, state, error_dict={'repo_type': msg}
                                 )
                 return _validator
             def ValidPerms(type_='repo'):
                 if type_ == 'repo_group':
                     EMPTY_PERM = 'group.none'
                 elif type_ == 'repo':
                     EMPTY_PERM = 'repository.none'
                 elif type_ == 'user_group':
                     EMPTY_PERM = 'usergroup.none'
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'perm_new_member_name':
                             _(u'This username or user group name is not valid')
                     }
                     def _to_python(self, value, state):
                         perm_updates = OrderedSet()
                         perm_additions = OrderedSet()
                         perm_deletions = OrderedSet()
                         # build a list of permission to update/delete and new permission
                         # Read the perm_new_member/perm_del_member attributes and group
                         # them by they IDs
                         new_perms_group = defaultdict(dict)
                         del_perms_group = defaultdict(dict)
                         for k, v in value.copy().iteritems():
                             if k.startswith('perm_del_member'):
                                 # delete from org storage so we don't process that later
                                 del value[k]
                                 # part is `id`, `type`
                                 _type, part = k.split('perm_del_member_')
                                 args = part.split('_')
                                 if len(args) == 2:
                                     _key, pos = args
                                     del_perms_group[pos][_key] = v
                             if k.startswith('perm_new_member'):
                                 # delete from org storage so we don't process that later
                                 del value[k]
                                 # part is `id`, `type`, `perm`
                                 _type, part = k.split('perm_new_member_')
                                 args = part.split('_')
                                 if len(args) == 2:
                                     _key, pos = args
                                     new_perms_group[pos][_key] = v
                         # store the deletes
                         for k in sorted(del_perms_group.keys()):
                             perm_dict = del_perms_group[k]
                             del_member = perm_dict.get('id')
                             del_type = perm_dict.get('type')
                             if del_member and del_type:
                                 perm_deletions.add((del_member, None, del_type))
                         # store additions in order of how they were added in web form
                         for k in sorted(new_perms_group.keys()):
                             perm_dict = new_perms_group[k]
                             new_member = perm_dict.get('id')
                             new_type = perm_dict.get('type')
                             new_perm = perm_dict.get('perm')
                             if new_member and new_perm and new_type:
                                 perm_additions.add((new_member, new_perm, new_type))
                         # get updates of permissions
                         # (read the existing radio button states)
                         for k, update_value in value.iteritems():
                             if k.startswith('u_perm_') or k.startswith('g_perm_'):
                                 member = k[7:]
                                 update_type = {'u': 'user',
                                                'g': 'users_group'}[k[0]]
                                 if member == User.DEFAULT_USER:
                                     if str2bool(value.get('repo_private')):
                                         # set none for default when updating to
                                         # private repo protects agains form manipulation
                                         update_value = EMPTY_PERM
                                 perm_updates.add((member, update_value, update_type))
                         # check the deletes
                         value['perm_additions'] = list(perm_additions)
                         value['perm_updates'] = list(perm_updates)
                         value['perm_deletions'] = list(perm_deletions)
                         # validate users they exist and they are active !
                         for member_id, _perm, member_type in perm_additions:
                             try:
                                 if member_type == 'user':
                                     self.user_db = User.query()\
                                         .filter(User.active == true())\
                                         .filter(User.user_id == member_id).one()
                                 if member_type == 'users_group':
                                     self.user_db = UserGroup.query()\
                                         .filter(UserGroup.users_group_active == true())\
                                         .filter(UserGroup.users_group_id == member_id)\
                                         .one()
                             except Exception:
                                 log.exception('Updated permission failed: org_exc:')
                                 msg = M(self, 'perm_new_member_type', state)
                                 raise formencode.Invalid(
                                     msg, value, state, error_dict={
                                         'perm_new_member_name': msg}
                                 )
                         return value
                 return _validator
             def ValidSettings():
                 class _validator(formencode.validators.FancyValidator):
                     def _to_python(self, value, state):
                         # settings  form for users that are not admin
                         # can't edit certain parameters, it's extra backup if they mangle
                         # with forms
                         forbidden_params = [
                             'user', 'repo_type', 'repo_enable_locking',
                             'repo_enable_downloads', 'repo_enable_statistics'
                         ]
                         for param in forbidden_params:
                             if param in value:
                                 del value[param]
                         return value
                     def validate_python(self, value, state):
                         pass
                 return _validator
             def ValidPath():
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'invalid_path': _(u'This is not a valid path')
                     }
                     def validate_python(self, value, state):
                         if not os.path.isdir(value):
                             msg = M(self, 'invalid_path', state)
                             raise formencode.Invalid(
                                 msg, value, state, error_dict={'paths_root_path': msg}
                             )
                 return _validator
             def UniqSystemEmail(old_data={}):
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'email_taken': _(u'This e-mail address is already taken')
                     }
                     def _to_python(self, value, state):
                         return value.lower()
                     def validate_python(self, value, state):
                         if (old_data.get('email') or '').lower() != value:
                             user = User.get_by_email(value, case_insensitive=True)
                             if user:
                                 msg = M(self, 'email_taken', state)
                                 raise formencode.Invalid(
                                     msg, value, state, error_dict={'email': msg}
                                 )
                 return _validator
             def ValidSystemEmail():
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'non_existing_email': _(u'e-mail "%(email)s" does not exist.')
                     }
                     def _to_python(self, value, state):
                         return value.lower()
                     def validate_python(self, value, state):
                         user = User.get_by_email(value, case_insensitive=True)
                         if user is None:
                             msg = M(self, 'non_existing_email', state, email=value)
                             raise formencode.Invalid(
                                 msg, value, state, error_dict={'email': msg}
                             )
                 return _validator
             def NotReviewedRevisions(repo_id):
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'rev_already_reviewed':
                             _(u'Revisions %(revs)s are already part of pull request '
                               u'or have set status'),
                     }
                     def validate_python(self, value, state):
                         # check revisions if they are not reviewed, or a part of another
                         # pull request
                         statuses = ChangesetStatus.query()\
                             .filter(ChangesetStatus.revision.in_(value))\
                             .filter(ChangesetStatus.repo_id == repo_id)\
                             .all()
                         errors = []
                         for status in statuses:
                             if status.pull_request_id:
                                 errors.append(['pull_req', status.revision[:12]])
                             elif status.status:
                                 errors.append(['status', status.revision[:12]])
                         if errors:
                             revs = ','.join([x[1] for x in errors])
                             msg = M(self, 'rev_already_reviewed', state, revs=revs)
                             raise formencode.Invalid(
                                 msg, value, state, error_dict={'revisions': revs})
                 return _validator
             def ValidIp():
                 class _validator(CIDR):
                     messages = {
                         'badFormat': _(u'Please enter a valid IPv4 or IpV6 address'),
                         'illegalBits': _(
                             u'The network size (bits) must be within the range '
                             u'of 0-32 (not %(bits)r)'),
                     }
                     # we ovveride the default to_python() call
                     def to_python(self, value, state):
                         v = super(_validator, self).to_python(value, state)
                         v = v.strip()
                         net = ipaddress.ip_network(address=v, strict=False)
                         return str(net)
                     def validate_python(self, value, state):
                         try:
                             addr = value.strip()
                             # this raises an ValueError if address is not IpV4 or IpV6
                             ipaddress.ip_network(addr, strict=False)
                         except ValueError:
                             raise formencode.Invalid(self.message('badFormat', state),
                                                      value, state)
                 return _validator
             def FieldKey():
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'badFormat': _(
                             u'Key name can only consist of letters, '
                             u'underscore, dash or numbers'),
                     }
                     def validate_python(self, value, state):
                         if not re.match('[a-zA-Z0-9_-]+$', value):
                             raise formencode.Invalid(self.message('badFormat', state),
                                                      value, state)
                 return _validator
-            def BasePath():
-                class _validator(formencode.validators.FancyValidator):
-                    messages = {
-                        'badPath': _(u'Filename cannot be inside a directory'),
-                    def _to_python(self, value, state):
-                        return value
-                    def validate_python(self, value, state):
-                        if value != os.path.basename(value):
-                            raise formencode.Invalid(self.message('badPath', state),
-                                                     value, state)
-                return _validator
             def ValidAuthPlugins():
                 class _validator(formencode.validators.FancyValidator):
                     messages = {
                         'import_duplicate': _(
                             u'Plugins %(loaded)s and %(next_to_load)s '
                             u'both export the same name'),
                         'missing_includeme': _(
                             u'The plugin "%(plugin_id)s" is missing an includeme '
                             u'function.'),
                         'import_error': _(
                             u'Can not load plugin "%(plugin_id)s"'),
                         'no_plugin': _(
                             u'No plugin available with ID "%(plugin_id)s"'),
                     }
                     def _to_python(self, value, state):
                         # filter empty values
                         return filter(lambda s: s not in [None, ''], value)
                     def _validate_legacy_plugin_id(self, plugin_id, value, state):
                         """
                         Validates that the plugin import works. It also checks that the
                         plugin has an includeme attribute.
                         """
                         try:
                             plugin = _import_legacy_plugin(plugin_id)
                         except Exception as e:
                             log.exception(
                                 'Exception during import of auth legacy plugin "{}"'
                                 .format(plugin_id))
                             msg = M(self, 'import_error', plugin_id=plugin_id)
                             raise formencode.Invalid(msg, value, state)
                         if not hasattr(plugin, 'includeme'):
                             msg = M(self, 'missing_includeme', plugin_id=plugin_id)
                             raise formencode.Invalid(msg, value, state)
                         return plugin
                     def _validate_plugin_id(self, plugin_id, value, state):
                         """
                         Plugins are already imported during app start up. Therefore this
                         validation only retrieves the plugin from the plugin registry and
                         if it returns something not None everything is OK.
                         """
                         plugin = loadplugin(plugin_id)
                         if plugin is None:
                             msg = M(self, 'no_plugin', plugin_id=plugin_id)
                             raise formencode.Invalid(msg, value, state)
                         return plugin
                     def validate_python(self, value, state):
                         unique_names = {}
                         for plugin_id in value:
                             # Validate legacy or normal plugin.
                             if plugin_id.startswith(legacy_plugin_prefix):
                                 plugin = self._validate_legacy_plugin_id(
                                     plugin_id, value, state)
                             else:
                                 plugin = self._validate_plugin_id(plugin_id, value, state)
                             # Only allow unique plugin names.
                             if plugin.name in unique_names:
                                 msg = M(self, 'import_duplicate', state,
                                         loaded=unique_names[plugin.name],
                                         next_to_load=plugin)
                                 raise formencode.Invalid(msg, value, state)
                             unique_names[plugin.name] = plugin
                 return _validator
-            def UniqGistId():
-                class _validator(formencode.validators.FancyValidator):
-                    messages = {
-                        'gistid_taken': _(u'This gistid is already in use')
-                    def _to_python(self, value, state):
-                        return repo_name_slug(value.lower())
-                    def validate_python(self, value, state):
-                        existing = Gist.get_by_access_id(value)
-                        if existing:
-                            msg = M(self, 'gistid_taken', state)
-                            raise formencode.Invalid(
-                                msg, value, state, error_dict={'gistid': msg}
-                return _validator
             def ValidPattern():
                 class _Validator(formencode.validators.FancyValidator):
                     def _to_python(self, value, state):
                         patterns = []
                         prefix = 'new_pattern'
                         for name, v in value.iteritems():
                             pattern_name = '_'.join((prefix, 'pattern'))
                             if name.startswith(pattern_name):
                                 new_item_id = name[len(pattern_name)+1:]
                                 def _field(name):
                                     return '%s_%s_%s' % (prefix, name, new_item_id)
                                 values = {
                                     'issuetracker_pat': value.get(_field('pattern')),
                                     'issuetracker_pat': value.get(_field('pattern')),
                                     'issuetracker_url': value.get(_field('url')),
                                     'issuetracker_pref': value.get(_field('prefix')),
                                     'issuetracker_desc': value.get(_field('description'))
                                 }
                                 new_uid = md5(values['issuetracker_pat'])
                                 has_required_fields = (
                                     values['issuetracker_pat']
                                     and values['issuetracker_url'])
                                 if has_required_fields:
                                     settings = [
                                         ('_'.join((key, new_uid)), values[key], 'unicode')
                                         for key in values]
                                     patterns.append(settings)
                         value['patterns'] = patterns
                         delete_patterns = value.get('uid') or []
                         if not isinstance(delete_patterns, (list, tuple)):
                             delete_patterns = [delete_patterns]
                         value['delete_patterns'] = delete_patterns
                         return value
                 return _Validator

rhodecode/templates/admin/gists/edit.html

0 +13 -9

             ## -*- coding: utf-8 -*-
             <%inherit file="/base/base.html"/>
             <%def name="title()">
                 ${_('Edit Gist')} &middot; ${c.gist.gist_access_id}
                 %if c.rhodecode_name:
                     &middot; ${h.branding(c.rhodecode_name)}
                 %endif
             </%def>
             <%def name="breadcrumbs_links()">
                 ${_('Edit Gist')} &middot; ${c.gist.gist_access_id}
             </%def>
             <%def name="menu_bar_nav()">
                 ${self.menu_items(active='gists')}
             </%def>
             <%def name="main()">
             <div class="box">
                 <!-- box / title -->
                 <div class="title">
                     ${self.breadcrumbs()}
                 </div>
                 <div class="table">
                     <div id="edit_error" class="flash_msg" style="display:none;">
                         <div class="alert alert-warning">
                           ${h.literal(_('Gist was updated since you started editing. Copy your changes and click %(here)s to reload the new version.')
                                          % {'here': h.link_to('here',h.url('edit_gist', gist_id=c.gist.gist_access_id))})}
                         </div>
                     </div>
                     <div id="files_data">
                       ${h.secure_form(h.url('edit_gist', gist_id=c.gist.gist_access_id), method='post', id='eform')}
                         <div>
                             <input type="hidden" value="${c.file_last_commit.raw_id}" name="parent_hash">
                             <textarea id="description" name="description"
                                       placeholder="${_('Gist description ...')}">${c.gist.gist_description}</textarea>
                             <div>
                                 <span class="gist-gravatar">
                                   ${self.gravatar(h.email_or_none(c.rhodecode_user.full_contact), 30)}
                                 </span>
                                 <label for='lifetime'>${_('Gist lifetime')}</label>
                                 ${h.dropdownmenu('lifetime', '0', c.lifetime_options)}
-                                <label for='acl_level'>${_('Gist access level')}</label>
+                                <label for='gist_acl_level'>${_('Gist access level')}</label>
-                                ${h.dropdownmenu('acl_level', c.gist.acl_level, c.acl_options)}
+                                ${h.dropdownmenu('gist_acl_level', c.gist.acl_level, c.acl_options)}
                             </div>
                         </div>
+                        ## peppercorn schema
+                        <input type="hidden" name="__start__" value="nodes:sequence"/>
                         % for cnt, file in enumerate(c.files):
+                            <input type="hidden" name="__start__" value="file:mapping"/>
                             <div id="codeblock" class="codeblock" >
                               <div class="code-header">
                                 <div class="form">
                                   <div class="fields">
-                                    <input type="hidden" value="${file.path}" name="org_files">
+                                    <input type="hidden" name="filename_org" value="${file.path}" >
-                                    <input id="filename_${h.FID('f',file.path)}" name="files" size="30" type="text" value="${file.path}">
+                                    <input id="filename_${h.FID('f',file.path)}" name="filename" size="30" type="text" value="${file.path}">
-                                      ${h.dropdownmenu('mimetypes' ,'plain',[('plain',_('plain'))],enable_filter=True, id='mimetype_'+h.FID('f',file.path))}
+                                      ${h.dropdownmenu('mimetype' ,'plain',[('plain',_('plain'))],enable_filter=True, id='mimetype_'+h.FID('f',file.path))}
                                   </div>
                                 </div>
                               </div>
                               <div class="editor_container">
                                   <pre id="editor_pre"></pre>
-                                  <textarea id="editor_${h.FID('f',file.path)}" name="contents" >${file.content}</textarea>
+                                  <textarea id="editor_${h.FID('f',file.path)}" name="content" >${file.content}</textarea>
                               </div>
                             </div>
+                            <input type="hidden" name="__end__" />
                             ## dynamic edit box.
                             <script type="text/javascript">
                             $(document).ready(function(){
                                 var myCodeMirror = initCodeMirror(
                                         "editor_${h.FID('f',file.path)}", '');
-                                var modes_select = $('#mimetype_${h.FID('f',file.path)}');
+                                var modes_select = $("#mimetype_${h.FID('f',file.path)}");
                                 fillCodeMirrorOptions(modes_select);
                                 // try to detect the mode based on the file we edit
                                 var mimetype = "${file.mimetype}";
                                 var detected_mode = detectCodeMirrorMode(
                                         "${file.path}", mimetype);
                                 if(detected_mode){
                                     $(modes_select).select2("val", mimetype);
                                     $(modes_select).change();
                                     setCodeMirrorMode(myCodeMirror, detected_mode);
                                 }
-                                var filename_selector = '#filename_${h.FID('f',file.path)}';
+                                var filename_selector = "#filename_${h.FID('f',file.path)}";
                                 // on change of select field set mode
                                 setCodeMirrorModeFromSelect(
                                         modes_select, filename_selector, myCodeMirror, null);
                                 // on entering the new filename set mode, from given extension
                                 setCodeMirrorModeFromInput(
                                     modes_select, filename_selector, myCodeMirror, null);
                             });
                             </script>
                         %endfor
+                        <input type="hidden" name="__end__" />
                         <div class="pull-right">
                         ${h.submit('update',_('Update Gist'),class_="btn btn-success")}
                         <a class="btn" href="${h.url('gist', gist_id=c.gist.gist_access_id)}">${_('Cancel')}</a>
                         </div>
                       ${h.end_form()}
                     </div>
                 </div>
             </div>
             <script>
               $('#update').on('click', function(e){
                   e.preventDefault();
                   // check for newer version.
                   $.ajax({
                     url: "${h.url('edit_gist_check_revision', gist_id=c.gist.gist_access_id)}",
                     data: {
                         'revision': '${c.file_last_commit.raw_id}'
                     },
                     dataType: 'json',
                     type: 'GET',
                     success: function(data) {
                       if(data.success === false){
                           $('#edit_error').show();
                           window.scrollTo(0,0);
                       }
                       else{
                         $('#eform').submit();
                       }
                     }
                   });
               })
             </script>
             </%def>

rhodecode/templates/admin/gists/new.html

0 +1 -1

             ## -*- coding: utf-8 -*-
             <%inherit file="/base/base.html"/>
             <%def name="title()">
                 ${_('New Gist')}
                 %if c.rhodecode_name:
                     &middot; ${h.branding(c.rhodecode_name)}
                 %endif
             </%def>
             <%def name="breadcrumbs_links()">
                 ${_('New Gist')}
             </%def>
             <%def name="menu_bar_nav()">
                 ${self.menu_items(active='gists')}
             </%def>
             <%def name="main()">
             <div class="box">
                 <!-- box / title -->
                 <div class="title">
                     ${self.breadcrumbs()}
                 </div>
                 <div class="table">
                     <div id="files_data">
                       ${h.secure_form(h.url('gists'), method='post',id='eform')}
                         <div>
                             <textarea id="description" name="description" placeholder="${_('Gist description ...')}"></textarea>
                             <span class="gist-gravatar">
                                 ${self.gravatar(c.rhodecode_user.email, 30)}
                             </span>
                              <label for='gistid'>${_('Gist id')}</label>
                              ${h.text('gistid', placeholder=_('Auto generated'))}
                              <label for='lifetime'>${_('Gist lifetime')}</label>
                              ${h.dropdownmenu('lifetime', '', c.lifetime_options)}
                              <label for='acl_level'>${_('Gist access level')}</label>
-                             ${h.dropdownmenu('acl_level', '', c.acl_options)}
+                             ${h.dropdownmenu('gist_acl_level', '', c.acl_options)}
                         </div>
                         <div id="codeblock" class="codeblock">
                             <div class="code-header">
                                 <div class="form">
                                     <div class="fields">
                                         ${h.text('filename', size=30, placeholder=_('name this file...'))}
                                         ${h.dropdownmenu('mimetype','plain',[('plain',_('plain'))],enable_filter=True)}
                                     </div>
                                 </div>
                             </div>
                             <div id="editor_container">
                                 <div id="editor_pre"></div>
                                 <textarea id="editor" name="content" ></textarea>
                             </div>
                         </div>
                         <div class="pull-right">
                         ${h.submit('private',_('Create Private Gist'),class_="btn")}
                         ${h.submit('public',_('Create Public Gist'),class_="btn")}
                         ${h.reset('reset',_('Reset'),class_="btn")}
                         </div>
                         ${h.end_form()}
                     </div>
                 </div>
             </div>
             <script type="text/javascript">
                 var myCodeMirror = initCodeMirror('editor', '');
                 var modes_select = $('#mimetype');
                 fillCodeMirrorOptions(modes_select);
                 var filename_selector = '#filename';
                 // on change of select field set mode
                 setCodeMirrorModeFromSelect(
                         modes_select, filename_selector, myCodeMirror, null);
                 // on entering the new filename set mode, from given extension
                 setCodeMirrorModeFromInput(
                     modes_select, filename_selector, myCodeMirror, null);
             </script>
             </%def>

rhodecode/tests/functional/test_admin_gists.py

0 +16 -20

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2016  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import mock
             import pytest
             from rhodecode.lib import helpers as h
             from rhodecode.model.db import User, Gist
             from rhodecode.model.gist import GistModel
             from rhodecode.model.meta import Session
             from rhodecode.tests import (
                 TEST_USER_ADMIN_LOGIN, TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS,
                 TestController, assert_session_flash, url)
             from rhodecode.tests.utils import AssertResponse
             class GistUtility(object):
                 def __init__(self):
                     self._gist_ids = []
                 def __call__(
                         self, f_name, content='some gist', lifetime=-1,
                         description='gist-desc', gist_type='public',
                         acl_level=Gist.GIST_PUBLIC, owner=TEST_USER_ADMIN_LOGIN):
                     gist_mapping = {
                         f_name: {'content': content}
                     }
                     user = User.get_by_username(owner)
                     gist = GistModel().create(
                         description, owner=user, gist_mapping=gist_mapping,
                         gist_type=gist_type, lifetime=lifetime, gist_acl_level=acl_level)
                     Session().commit()
                     self._gist_ids.append(gist.gist_id)
                     return gist
                 def cleanup(self):
                     for gist_id in self._gist_ids:
                         gist = Gist.get(gist_id)
                         if gist:
                             Session().delete(gist)
                     Session().commit()
             @pytest.fixture
             def create_gist(request):
                 gist_utility = GistUtility()
                 request.addfinalizer(gist_utility.cleanup)
                 return gist_utility
             class TestGistsController(TestController):
                 def test_index_empty(self, create_gist):
                     self.log_user()
                     response = self.app.get(url('gists'))
                     response.mustcontain('data: [],')
                 def test_index(self, create_gist):
                     self.log_user()
                     g1 = create_gist('gist1')
                     g2 = create_gist('gist2', lifetime=1400)
                     g3 = create_gist('gist3', description='gist3-desc')
                     g4 = create_gist('gist4', gist_type='private').gist_access_id
                     response = self.app.get(url('gists'))
                     response.mustcontain('gist: %s' % g1.gist_access_id)
                     response.mustcontain('gist: %s' % g2.gist_access_id)
                     response.mustcontain('gist: %s' % g3.gist_access_id)
                     response.mustcontain('gist3-desc')
                     response.mustcontain(no=['gist: %s' % g4])
                     # Expiration information should be visible
                     expires_tag = '%s' % h.age_component(
                         h.time_to_datetime(g2.gist_expires))
                     response.mustcontain(expires_tag.replace('"', '\\"'))
                 def test_index_private_gists(self, create_gist):
                     self.log_user()
                     gist = create_gist('gist5', gist_type='private')
                     response = self.app.get(url('gists', private=1))
                     # and privates
                     response.mustcontain('gist: %s' % gist.gist_access_id)
                 def test_index_show_all(self, create_gist):
                     self.log_user()
                     create_gist('gist1')
                     create_gist('gist2', lifetime=1400)
                     create_gist('gist3', description='gist3-desc')
                     create_gist('gist4', gist_type='private')
                     response = self.app.get(url('gists', all=1))
                     assert len(GistModel.get_all()) == 4
                     # and privates
                     for gist in GistModel.get_all():
                         response.mustcontain('gist: %s' % gist.gist_access_id)
                 def test_index_show_all_hidden_from_regular(self, create_gist):
                     self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
                     create_gist('gist2', gist_type='private')
                     create_gist('gist3', gist_type='private')
                     create_gist('gist4', gist_type='private')
                     response = self.app.get(url('gists', all=1))
                     assert len(GistModel.get_all()) == 3
                     # since we don't have access to private in this view, we
                     # should see nothing
                     for gist in GistModel.get_all():
                         response.mustcontain(no=['gist: %s' % gist.gist_access_id])
-                def test_create_missing_description(self):
+                def test_create(self):
                     self.log_user()
                     response = self.app.post(
                         url('gists'),
-                        params={'lifetime': -1, 'csrf_token': self.csrf_token},
-                        status=200)
-                    response.mustcontain('Missing value')
-                def test_create(self):
-                    self.log_user()
-                    response = self.app.post(url('gists'),
                         params={'lifetime': -1,
                                 'content': 'gist test',
                                 'filename': 'foo',
                                 'public': 'public',
-                                                     'acl_level': Gist.ACL_LEVEL_PUBLIC,
+                                'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
                                 'csrf_token': self.csrf_token},
                         status=302)
                     response = response.follow()
                     response.mustcontain('added file: foo')
                     response.mustcontain('gist test')
                 def test_create_with_path_with_dirs(self):
                     self.log_user()
-                    response = self.app.post(url('gists'),
+                    response = self.app.post(
+                        url('gists'),
                         params={'lifetime': -1,
                                 'content': 'gist test',
                                 'filename': '/home/foo',
                                 'public': 'public',
-                                                     'acl_level': Gist.ACL_LEVEL_PUBLIC,
+                                'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
                                 'csrf_token': self.csrf_token},
                         status=200)
-                    response.mustcontain('Filename cannot be inside a directory')
+                    response.mustcontain('Filename /home/foo cannot be inside a directory')
                 def test_access_expired_gist(self, create_gist):
                     self.log_user()
                     gist = create_gist('never-see-me')
                     gist.gist_expires = 0  # 1970
                     Session().add(gist)
                     Session().commit()
                     self.app.get(url('gist', gist_id=gist.gist_access_id), status=404)
                 def test_create_private(self):
                     self.log_user()
-                    response = self.app.post(url('gists'),
+                    response = self.app.post(
+                        url('gists'),
                         params={'lifetime': -1,
                                 'content': 'private gist test',
                                 'filename': 'private-foo',
                                 'private': 'private',
-                                                     'acl_level': Gist.ACL_LEVEL_PUBLIC,
+                                'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
                                 'csrf_token': self.csrf_token},
                         status=302)
                     response = response.follow()
                     response.mustcontain('added file: private-foo<')
                     response.mustcontain('private gist test')
                     response.mustcontain('Private Gist')
                     # Make sure private gists are not indexed by robots
                     response.mustcontain(
                         '<meta name="robots" content="noindex, nofollow">')
                 def test_create_private_acl_private(self):
                     self.log_user()
-                    response = self.app.post(url('gists'),
+                    response = self.app.post(
+                        url('gists'),
                         params={'lifetime': -1,
                                 'content': 'private gist test',
                                 'filename': 'private-foo',
                                 'private': 'private',
-                                                     'acl_level': Gist.ACL_LEVEL_PRIVATE,
+                                'gist_acl_level': Gist.ACL_LEVEL_PRIVATE,
                                 'csrf_token': self.csrf_token},
                         status=302)
                     response = response.follow()
                     response.mustcontain('added file: private-foo<')
                     response.mustcontain('private gist test')
                     response.mustcontain('Private Gist')
                     # Make sure private gists are not indexed by robots
                     response.mustcontain(
                         '<meta name="robots" content="noindex, nofollow">')
                 def test_create_with_description(self):
                     self.log_user()
-                    response = self.app.post(url('gists'),
+                    response = self.app.post(
+                        url('gists'),
                         params={'lifetime': -1,
                                 'content': 'gist test',
                                 'filename': 'foo-desc',
                                 'description': 'gist-desc',
                                 'public': 'public',
-                                                     'acl_level': Gist.ACL_LEVEL_PUBLIC,
+                                'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
                                 'csrf_token': self.csrf_token},
                          status=302)
                     response = response.follow()
                     response.mustcontain('added file: foo-desc')
                     response.mustcontain('gist test')
                     response.mustcontain('gist-desc')
                 def test_create_public_with_anonymous_access(self):
                     self.log_user()
                     params = {
                         'lifetime': -1,
                         'content': 'gist test',
                         'filename': 'foo-desc',
                         'description': 'gist-desc',
                         'public': 'public',
-                        'acl_level': Gist.ACL_LEVEL_PUBLIC,
+                        'gist_acl_level': Gist.ACL_LEVEL_PUBLIC,
                         'csrf_token': self.csrf_token
                     }
                     response = self.app.post(url('gists'), params=params, status=302)
                     self.logout_user()
                     response = response.follow()
                     response.mustcontain('added file: foo-desc')
                     response.mustcontain('gist test')
                     response.mustcontain('gist-desc')
                 def test_new(self):
                     self.log_user()
                     self.app.get(url('new_gist'))
                 def test_delete(self, create_gist):
                     self.log_user()
                     gist = create_gist('delete-me')
                     response = self.app.post(
                         url('gist', gist_id=gist.gist_id),
                         params={'_method': 'delete', 'csrf_token': self.csrf_token})
                     assert_session_flash(response, 'Deleted gist %s' % gist.gist_id)
                 def test_delete_normal_user_his_gist(self, create_gist):
                     self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
                     gist = create_gist('delete-me', owner=TEST_USER_REGULAR_LOGIN)
                     response = self.app.post(
                         url('gist', gist_id=gist.gist_id),
                         params={'_method': 'delete', 'csrf_token': self.csrf_token})
                     assert_session_flash(response, 'Deleted gist %s' % gist.gist_id)
                 def test_delete_normal_user_not_his_own_gist(self, create_gist):
                     self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
                     gist = create_gist('delete-me')
                     self.app.post(
                         url('gist', gist_id=gist.gist_id),
                         params={'_method': 'delete', 'csrf_token': self.csrf_token},
                         status=403)
                 def test_show(self, create_gist):
                     gist = create_gist('gist-show-me')
                     response = self.app.get(url('gist', gist_id=gist.gist_access_id))
                     response.mustcontain('added file: gist-show-me<')
                     assert_response = AssertResponse(response)
                     assert_response.element_equals_to(
                         'div.rc-user span.user',
                         '<span class="user"> %s</span>' % h.link_to_user('test_admin'))
                     response.mustcontain('gist-desc')
                 def test_show_without_hg(self, create_gist):
                     with mock.patch(
                             'rhodecode.lib.vcs.settings.ALIASES', ['git']):
                         gist = create_gist('gist-show-me-again')
                         self.app.get(url('gist', gist_id=gist.gist_access_id), status=200)
                 def test_show_acl_private(self, create_gist):
                     gist = create_gist('gist-show-me-only-when-im-logged-in',
                                        acl_level=Gist.ACL_LEVEL_PRIVATE)
                     self.app.get(url('gist', gist_id=gist.gist_access_id), status=404)
                     # now we log-in we should see thi gist
                     self.log_user()
                     response = self.app.get(url('gist', gist_id=gist.gist_access_id))
                     response.mustcontain('added file: gist-show-me-only-when-im-logged-in')
                     assert_response = AssertResponse(response)
                     assert_response.element_equals_to(
                         'div.rc-user span.user',
                         '<span class="user"> %s</span>' % h.link_to_user('test_admin'))
                     response.mustcontain('gist-desc')
                 def test_show_as_raw(self, create_gist):
                     gist = create_gist('gist-show-me', content='GIST CONTENT')
                     response = self.app.get(url('formatted_gist',
                                                 gist_id=gist.gist_access_id, format='raw'))
                     assert response.body == 'GIST CONTENT'
                 def test_show_as_raw_individual_file(self, create_gist):
                     gist = create_gist('gist-show-me-raw', content='GIST BODY')
                     response = self.app.get(url('formatted_gist_file',
                                                 gist_id=gist.gist_access_id, format='raw',
                                                 revision='tip', f_path='gist-show-me-raw'))
                     assert response.body == 'GIST BODY'
                 def test_edit_page(self, create_gist):
                     self.log_user()
                     gist = create_gist('gist-for-edit', content='GIST EDIT BODY')
                     response = self.app.get(url('edit_gist', gist_id=gist.gist_access_id))
                     response.mustcontain('GIST EDIT BODY')
                 def test_edit_page_non_logged_user(self, create_gist):
                     gist = create_gist('gist-for-edit', content='GIST EDIT BODY')
                     self.app.get(url('edit_gist', gist_id=gist.gist_access_id), status=302)
                 def test_edit_normal_user_his_gist(self, create_gist):
                     self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
                     gist = create_gist('gist-for-edit', owner=TEST_USER_REGULAR_LOGIN)
                     self.app.get(url('edit_gist', gist_id=gist.gist_access_id, status=200))
                 def test_edit_normal_user_not_his_own_gist(self, create_gist):
                     self.log_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS)
                     gist = create_gist('delete-me')
                     self.app.get(url('edit_gist', gist_id=gist.gist_access_id), status=403)
                 def test_user_first_name_is_escaped(self, user_util, create_gist):
                     xss_atack_string = '"><script>alert(\'First Name\')</script>'
                     xss_escaped_string = (
                         '&#34;&gt;&lt;script&gt;alert(&#39;First Name&#39;)&lt;/script'
                         '&gt;')
                     password = 'test'
                     user = user_util.create_user(
                         firstname=xss_atack_string, password=password)
                     create_gist('gist', gist_type='public', owner=user.username)
                     response = self.app.get(url('gists'))
                     response.mustcontain(xss_escaped_string)
                 def test_user_last_name_is_escaped(self, user_util, create_gist):
                     xss_atack_string = '"><script>alert(\'Last Name\')</script>'
                     xss_escaped_string = (
                         '&#34;&gt;&lt;script&gt;alert(&#39;Last Name&#39;)&lt;/script&gt;')
                     password = 'test'
                     user = user_util.create_user(
                         lastname=xss_atack_string, password=password)
                     create_gist('gist', gist_type='public', owner=user.username)
                     response = self.app.get(url('gists'))
                     response.mustcontain(xss_escaped_string)

rhodecode/tests/models/schemas/test_schema_types.py ~~rhodecode/tests/models/test_validation_schema.py~~

0 renamed +1 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2016  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import colander
             import pytest
-            from rhodecode.model.validation_schema import GroupNameType
+            from rhodecode.model.validation_schema.types import GroupNameType
             class TestGroupNameType(object):
                 @pytest.mark.parametrize('given, expected', [
                     ('//group1/group2//', 'group1/group2'),
                     ('//group1///group2//', 'group1/group2'),
                     ('group1/group2///group3', 'group1/group2/group3')
                 ])
                 def test_replace_extra_slashes_cleans_up_extra_slashes(
                         self, given, expected):
                     type_ = GroupNameType()
                     result = type_._replace_extra_slashes(given)
                     assert result == expected
                 def test_deserialize_cleans_up_extra_slashes(self):
                     class TestSchema(colander.Schema):
                         field = colander.SchemaNode(GroupNameType())
                     schema = TestSchema()
                     cleaned_data = schema.deserialize(
                         {'field': '//group1/group2///group3//'})
                     assert cleaned_data['field'] == 'group1/group2/group3'

rhodecode/model/validation_schema.py

0 removed 0 -66

NO CONTENT: file was removed

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages