# -*- coding: utf-8 -*-

# Copyright (C) 2011-2017 RhodeCode GmbH
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License, version 3
# (only), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
# This program is dual-licensed. If you wish to learn more about the
# RhodeCode Enterprise Edition, including its added features, Support services,
# and proprietary license terms, please see https://rhodecode.com/licenses/

import logging
import time

import rhodecode
from rhodecode.api import (
    jsonrpc_method, JSONRPCError, JSONRPCForbidden, JSONRPCValidationError)
from rhodecode.api.utils import (
    has_superadmin_permission, Optional, OAttr, get_repo_or_error,
    get_user_group_or_error, get_user_or_error, validate_repo_permissions,
    get_perm_or_error, parse_args, get_origin, build_commit_data,
    validate_set_owner_permissions)
from rhodecode.lib import audit_logger
from rhodecode.lib import repo_maintenance
from rhodecode.lib.auth import HasPermissionAnyApi, HasUserGroupPermissionAnyApi
from rhodecode.lib.utils2 import str2bool, time_to_datetime
from rhodecode.lib.ext_json import json
from rhodecode.lib.exceptions import StatusChangeOnClosedPullRequestError
from rhodecode.model.changeset_status import ChangesetStatusModel
from rhodecode.model.comment import CommentsModel
from rhodecode.model.db import (
    Session, ChangesetStatus, RepositoryField, Repository, RepoGroup,
    ChangesetComment)
from rhodecode.model.repo import RepoModel
from rhodecode.model.scm import ScmModel, RepoList
from rhodecode.model.settings import SettingsModel, VcsSettingsModel
from rhodecode.model import validation_schema
from rhodecode.model.validation_schema.schemas import repo_schema

log = logging.getLogger(__name__)


@jsonrpc_method()
def get_repo(request, apiuser, repoid, cache=Optional(True)):
    """
    Gets an existing repository by its name or repository_id.

    The members section so the output returns users groups or users
    associated with that repository.

    This command can only be run using an |authtoken| with admin rights,
    or users with at least read rights to the |repo|.

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repoid: The repository name or repository id.
    :type repoid: str or int
    :param cache: use the cached value for last changeset
    :type: cache: Optional(bool)

    Example output:

    .. code-block:: bash

        {
          "error": null,
          "id": <repo_id>,
          "result": {
            "clone_uri": null,
            "created_on": "timestamp",
            "description": "repo description",
            "enable_downloads": false,
            "enable_locking": false,
            "enable_statistics": false,
            "followers": [
              {
                "active": true,
                "admin": false,
                "api_key": "****************************************",
                "api_keys": [
                  "****************************************"
                ],
                "email": "user@example.com",
                "emails": [
                  "user@example.com"
                ],
                "extern_name": "rhodecode",
                "extern_type": "rhodecode",
                "firstname": "username",
                "ip_addresses": [],
                "language": null,
                "last_login": "2015-09-16T17:16:35.854",
                "lastname": "surname",
                "user_id": <user_id>,
                "username": "name"
              }
            ],
            "fork_of": "parent-repo",
            "landing_rev": [
              "rev",
              "tip"
            ],
            "last_changeset": {
              "author": "User <user@example.com>",
              "branch": "default",
              "date": "timestamp",
              "message": "last commit message",
              "parents": [
                {
                  "raw_id": "commit-id"
                }
              ],
              "raw_id": "commit-id",
              "revision": <revision number>,
              "short_id": "short id"
            },
            "lock_reason": null,
            "locked_by": null,
            "locked_date": null,
            "members": [
              {
                "name": "super-admin-name",
                "origin": "super-admin",
                "permission": "repository.admin",
                "type": "user"
              },
              {
                "name": "owner-name",
                "origin": "owner",
                "permission": "repository.admin",
                "type": "user"
              },
              {
                "name": "user-group-name",
                "origin": "permission",
                "permission": "repository.write",
                "type": "user_group"
              }
            ],
            "owner": "owner-name",
            "permissions": [
              {
                "name": "super-admin-name",
                "origin": "super-admin",
                "permission": "repository.admin",
                "type": "user"
              },
              {
                "name": "owner-name",
                "origin": "owner",
                "permission": "repository.admin",
                "type": "user"
              },
              {
                "name": "user-group-name",
                "origin": "permission",
                "permission": "repository.write",
                "type": "user_group"
              }
            ],
            "private": true,
            "repo_id": 676,
            "repo_name": "user-group/repo-name",
            "repo_type": "hg"
          }
        }
    """

    repo = get_repo_or_error(repoid)
    cache = Optional.extract(cache)

    include_secrets = False
    if has_superadmin_permission(apiuser):
        include_secrets = True
    else:
        # check if we have at least read permission for this repo !
        _perms = (
            'repository.admin', 'repository.write', 'repository.read',)
        validate_repo_permissions(apiuser, repoid, repo, _perms)

    permissions = []
    for _user in repo.permissions():
        user_data = {
            'name': _user.username,
            'permission': _user.permission,
            'origin': get_origin(_user),
            'type': "user",
        }
        permissions.append(user_data)

    for _user_group in repo.permission_user_groups():
        user_group_data = {
            'name': _user_group.users_group_name,
            'permission': _user_group.permission,
            'origin': get_origin(_user_group),
            'type': "user_group",
        }
        permissions.append(user_group_data)

    following_users = [
        user.user.get_api_data(include_secrets=include_secrets)
        for user in repo.followers]

    if not cache:
        repo.update_commit_cache()
    data = repo.get_api_data(include_secrets=include_secrets)
    data['members'] = permissions  # TODO: this should be deprecated soon
    data['permissions'] = permissions
    data['followers'] = following_users
    return data


@jsonrpc_method()
def get_repos(request, apiuser, root=Optional(None), traverse=Optional(True)):
    """
    Lists all existing repositories.

    This command can only be run using an |authtoken| with admin rights,
    or users with at least read rights to |repos|.

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param root: specify root repository group to fetch repositories.
        filters the returned repositories to be members of given root group.
    :type root: Optional(None)
    :param traverse: traverse given root into subrepositories. With this flag
        set to False, it will only return top-level repositories from `root`.
        if root is empty it will return just top-level repositories.
    :type traverse: Optional(True)


    Example output:

    .. code-block:: bash

        id : <id_given_in_input>
        result: [
                  {
                    "repo_id" :          "<repo_id>",
                    "repo_name" :        "<reponame>"
                    "repo_type" :        "<repo_type>",
                    "clone_uri" :        "<clone_uri>",
                    "private": :         "<bool>",
                    "created_on" :       "<datetimecreated>",
                    "description" :      "<description>",
                    "landing_rev":       "<landing_rev>",
                    "owner":             "<repo_owner>",
                    "fork_of":           "<name_of_fork_parent>",
                    "enable_downloads":  "<bool>",
                    "enable_locking":    "<bool>",
                    "enable_statistics": "<bool>",
                  },
                  ...
                ]
        error:  null
    """

    include_secrets = has_superadmin_permission(apiuser)
    _perms = ('repository.read', 'repository.write', 'repository.admin',)
    extras = {'user': apiuser}

    root = Optional.extract(root)
    traverse = Optional.extract(traverse, binary=True)

    if root:
        # verify parent existance, if it's empty return an error
        parent = RepoGroup.get_by_group_name(root)
        if not parent:
            raise JSONRPCError(
                'Root repository group `{}` does not exist'.format(root))

        if traverse:
            repos = RepoModel().get_repos_for_root(root=root, traverse=traverse)
        else:
            repos = RepoModel().get_repos_for_root(root=parent)
    else:
        if traverse:
            repos = RepoModel().get_all()
        else:
            # return just top-level
            repos = RepoModel().get_repos_for_root(root=None)

    repo_list = RepoList(repos, perm_set=_perms, extra_kwargs=extras)
    return [repo.get_api_data(include_secrets=include_secrets)
            for repo in repo_list]


@jsonrpc_method()
def get_repo_changeset(request, apiuser, repoid, revision,
                       details=Optional('basic')):
    """
    Returns information about a changeset.

    Additionally parameters define the amount of details returned by
    this function.

    This command can only be run using an |authtoken| with admin rights,
    or users with at least read rights to the |repo|.

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repoid: The repository name or repository id
    :type repoid: str or int
    :param revision: revision for which listing should be done
    :type revision: str
    :param details: details can be 'basic|extended|full' full gives diff
        info details like the diff itself, and number of changed files etc.
    :type details: Optional(str)

    """
    repo = get_repo_or_error(repoid)
    if not has_superadmin_permission(apiuser):
        _perms = (
            'repository.admin', 'repository.write', 'repository.read',)
        validate_repo_permissions(apiuser, repoid, repo, _perms)

    changes_details = Optional.extract(details)
    _changes_details_types = ['basic', 'extended', 'full']
    if changes_details not in _changes_details_types:
        raise JSONRPCError(
            'ret_type must be one of %s' % (
                ','.join(_changes_details_types)))

    pre_load = ['author', 'branch', 'date', 'message', 'parents',
                'status', '_commit', '_file_paths']

    try:
        cs = repo.get_commit(commit_id=revision, pre_load=pre_load)
    except TypeError as e:
        raise JSONRPCError(e.message)
    _cs_json = cs.__json__()
    _cs_json['diff'] = build_commit_data(cs, changes_details)
    if changes_details == 'full':
        _cs_json['refs'] = {
            'branches': [cs.branch],
            'bookmarks': getattr(cs, 'bookmarks', []),
            'tags': cs.tags
        }
    return _cs_json


@jsonrpc_method()
def get_repo_changesets(request, apiuser, repoid, start_rev, limit,
                        details=Optional('basic')):
    """
    Returns a set of commits limited by the number starting
    from the `start_rev` option.

    Additional parameters define the amount of details returned by this
    function.

    This command can only be run using an |authtoken| with admin rights,
    or users with at least read rights to |repos|.

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repoid: The repository name or repository ID.
    :type repoid: str or int
    :param start_rev: The starting revision from where to get changesets.
    :type start_rev: str
    :param limit: Limit the number of commits to this amount
    :type limit: str or int
    :param details: Set the level of detail returned. Valid option are:
        ``basic``, ``extended`` and ``full``.
    :type details: Optional(str)

    .. note::

       Setting the parameter `details` to the value ``full`` is extensive
       and returns details like the diff itself, and the number
       of changed files.

    """
    repo = get_repo_or_error(repoid)
    if not has_superadmin_permission(apiuser):
        _perms = (
            'repository.admin', 'repository.write', 'repository.read',)
        validate_repo_permissions(apiuser, repoid, repo, _perms)

    changes_details = Optional.extract(details)
    _changes_details_types = ['basic', 'extended', 'full']
    if changes_details not in _changes_details_types:
        raise JSONRPCError(
            'ret_type must be one of %s' % (
                ','.join(_changes_details_types)))

    limit = int(limit)
    pre_load = ['author', 'branch', 'date', 'message', 'parents',
                'status', '_commit', '_file_paths']

    vcs_repo = repo.scm_instance()
    # SVN needs a special case to distinguish its index and commit id
    if vcs_repo and vcs_repo.alias == 'svn' and (start_rev == '0'):
        start_rev = vcs_repo.commit_ids[0]

    try:
        commits = vcs_repo.get_commits(
            start_id=start_rev, pre_load=pre_load)
    except TypeError as e:
        raise JSONRPCError(e.message)
    except Exception:
        log.exception('Fetching of commits failed')
        raise JSONRPCError('Error occurred during commit fetching')

    ret = []
    for cnt, commit in enumerate(commits):
        if cnt >= limit != -1:
            break
        _cs_json = commit.__json__()
        _cs_json['diff'] = build_commit_data(commit, changes_details)
        if changes_details == 'full':
            _cs_json['refs'] = {
                'branches': [commit.branch],
                'bookmarks': getattr(commit, 'bookmarks', []),
                'tags': commit.tags
            }
        ret.append(_cs_json)
    return ret


@jsonrpc_method()
def get_repo_nodes(request, apiuser, repoid, revision, root_path,
                   ret_type=Optional('all'), details=Optional('basic'),
                   max_file_bytes=Optional(None)):
    """
    Returns a list of nodes and children in a flat list for a given
    path at given revision.

    It's possible to specify ret_type to show only `files` or `dirs`.

    This command can only be run using an |authtoken| with admin rights,
    or users with at least read rights to |repos|.

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repoid: The repository name or repository ID.
    :type repoid: str or int
    :param revision: The revision for which listing should be done.
    :type revision: str
    :param root_path: The path from which to start displaying.
    :type root_path: str
    :param ret_type: Set the return type. Valid options are
        ``all`` (default), ``files`` and ``dirs``.
    :type ret_type: Optional(str)
    :param details: Returns extended information about nodes, such as
        md5, binary, and or content.  The valid options are ``basic`` and
        ``full``.
    :type details: Optional(str)
    :param max_file_bytes: Only return file content under this file size bytes
    :type details: Optional(int)

    Example output:

    .. code-block:: bash

        id : <id_given_in_input>
        result: [
                  {
                    "name" : "<name>"
                    "type" : "<type>",
                    "binary": "<true|false>" (only in extended mode)
                    "md5"  : "<md5 of file content>" (only in extended mode)
                  },
                  ...
                ]
        error:  null
    """

    repo = get_repo_or_error(repoid)
    if not has_superadmin_permission(apiuser):
        _perms = (
            'repository.admin', 'repository.write', 'repository.read',)
        validate_repo_permissions(apiuser, repoid, repo, _perms)

    ret_type = Optional.extract(ret_type)
    details = Optional.extract(details)
    _extended_types = ['basic', 'full']
    if details not in _extended_types:
        raise JSONRPCError(
            'ret_type must be one of %s' % (','.join(_extended_types)))
    extended_info = False
    content = False
    if details == 'basic':
        extended_info = True

    if details == 'full':
        extended_info = content = True

    _map = {}
    try:
        # check if repo is not empty by any chance, skip quicker if it is.
        _scm = repo.scm_instance()
        if _scm.is_empty():
            return []

        _d, _f = ScmModel().get_nodes(
            repo, revision, root_path, flat=False,
            extended_info=extended_info, content=content,
            max_file_bytes=max_file_bytes)
        _map = {
            'all': _d + _f,
            'files': _f,
            'dirs': _d,
        }
        return _map[ret_type]
    except KeyError:
        raise JSONRPCError(
            'ret_type must be one of %s' % (','.join(sorted(_map.keys()))))
    except Exception:
        log.exception("Exception occurred while trying to get repo nodes")
        raise JSONRPCError(
            'failed to get repo: `%s` nodes' % repo.repo_name
        )


@jsonrpc_method()
def get_repo_refs(request, apiuser, repoid):
    """
    Returns a dictionary of current references. It returns
    bookmarks, branches, closed_branches, and tags for given repository

    It's possible to specify ret_type to show only `files` or `dirs`.

    This command can only be run using an |authtoken| with admin rights,
    or users with at least read rights to |repos|.

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repoid: The repository name or repository ID.
    :type repoid: str or int

    Example output:

    .. code-block:: bash

        id : <id_given_in_input>
        "result": {
            "bookmarks": {
              "dev": "5611d30200f4040ba2ab4f3d64e5b06408a02188",
              "master": "367f590445081d8ec8c2ea0456e73ae1f1c3d6cf"
            },
            "branches": {
              "default": "5611d30200f4040ba2ab4f3d64e5b06408a02188",
              "stable": "367f590445081d8ec8c2ea0456e73ae1f1c3d6cf"
            },
            "branches_closed": {},
            "tags": {
              "tip": "5611d30200f4040ba2ab4f3d64e5b06408a02188",
              "v4.4.0": "1232313f9e6adac5ce5399c2a891dc1e72b79022",
              "v4.4.1": "cbb9f1d329ae5768379cdec55a62ebdd546c4e27",
              "v4.4.2": "24ffe44a27fcd1c5b6936144e176b9f6dd2f3a17",
            }
        }
        error:  null
    """

    repo = get_repo_or_error(repoid)
    if not has_superadmin_permission(apiuser):
        _perms = ('repository.admin', 'repository.write', 'repository.read',)
        validate_repo_permissions(apiuser, repoid, repo, _perms)

    try:
        # check if repo is not empty by any chance, skip quicker if it is.
        vcs_instance = repo.scm_instance()
        refs = vcs_instance.refs()
        return refs
    except Exception:
        log.exception("Exception occurred while trying to get repo refs")
        raise JSONRPCError(
            'failed to get repo: `%s` references' % repo.repo_name
        )


@jsonrpc_method()
def create_repo(
        request, apiuser, repo_name, repo_type,
        owner=Optional(OAttr('apiuser')),
        description=Optional(''),
        private=Optional(False),
        clone_uri=Optional(None),
        landing_rev=Optional('rev:tip'),
        enable_statistics=Optional(False),
        enable_locking=Optional(False),
        enable_downloads=Optional(False),
        copy_permissions=Optional(False)):
    """
    Creates a repository.

    * If the repository name contains "/", repository will be created inside
      a repository group or nested repository groups

      For example "foo/bar/repo1" will create |repo| called "repo1" inside
      group "foo/bar". You have to have permissions to access and write to
      the last repository group ("bar" in this example)

    This command can only be run using an |authtoken| with at least
    permissions to create repositories, or write permissions to
    parent repository groups.

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repo_name: Set the repository name.
    :type repo_name: str
    :param repo_type: Set the repository type; 'hg','git', or 'svn'.
    :type repo_type: str
    :param owner: user_id or username
    :type owner: Optional(str)
    :param description: Set the repository description.
    :type description: Optional(str)
    :param private: set repository as private
    :type private: bool
    :param clone_uri: set clone_uri
    :type clone_uri: str
    :param landing_rev: <rev_type>:<rev>
    :type landing_rev: str
    :param enable_locking:
    :type enable_locking: bool
    :param enable_downloads:
    :type enable_downloads: bool
    :param enable_statistics:
    :type enable_statistics: bool
    :param copy_permissions: Copy permission from group in which the
        repository is being created.
    :type copy_permissions: bool


    Example output:

    .. code-block:: bash

        id : <id_given_in_input>
        result: {
                  "msg": "Created new repository `<reponame>`",
                  "success": true,
                  "task": "<celery task id or None if done sync>"
                }
        error:  null


    Example error output:

    .. code-block:: bash

      id : <id_given_in_input>
      result : null
      error :  {
         'failed to create repository `<repo_name>`'
      }

    """

    owner = validate_set_owner_permissions(apiuser, owner)

    description = Optional.extract(description)
    copy_permissions = Optional.extract(copy_permissions)
    clone_uri = Optional.extract(clone_uri)
    landing_commit_ref = Optional.extract(landing_rev)

    defs = SettingsModel().get_default_repo_settings(strip_prefix=True)
    if isinstance(private, Optional):
        private = defs.get('repo_private') or Optional.extract(private)
    if isinstance(repo_type, Optional):
        repo_type = defs.get('repo_type')
    if isinstance(enable_statistics, Optional):
        enable_statistics = defs.get('repo_enable_statistics')
    if isinstance(enable_locking, Optional):
        enable_locking = defs.get('repo_enable_locking')
    if isinstance(enable_downloads, Optional):
        enable_downloads = defs.get('repo_enable_downloads')

    schema = repo_schema.RepoSchema().bind(
        repo_type_options=rhodecode.BACKENDS.keys(),
        # user caller
        user=apiuser)

    try:
        schema_data = schema.deserialize(dict(
            repo_name=repo_name,
            repo_type=repo_type,
            repo_owner=owner.username,
            repo_description=description,
            repo_landing_commit_ref=landing_commit_ref,
            repo_clone_uri=clone_uri,
            repo_private=private,
            repo_copy_permissions=copy_permissions,
            repo_enable_statistics=enable_statistics,
            repo_enable_downloads=enable_downloads,
            repo_enable_locking=enable_locking))
    except validation_schema.Invalid as err:
        raise JSONRPCValidationError(colander_exc=err)

    try:
        data = {
            'owner': owner,
            'repo_name': schema_data['repo_group']['repo_name_without_group'],
            'repo_name_full': schema_data['repo_name'],
            'repo_group': schema_data['repo_group']['repo_group_id'],
            'repo_type': schema_data['repo_type'],
            'repo_description': schema_data['repo_description'],
            'repo_private': schema_data['repo_private'],
            'clone_uri': schema_data['repo_clone_uri'],
            'repo_landing_rev': schema_data['repo_landing_commit_ref'],
            'enable_statistics': schema_data['repo_enable_statistics'],
            'enable_locking': schema_data['repo_enable_locking'],
            'enable_downloads': schema_data['repo_enable_downloads'],
            'repo_copy_permissions': schema_data['repo_copy_permissions'],
        }

        task = RepoModel().create(form_data=data, cur_user=owner)
        from celery.result import BaseAsyncResult
        task_id = None
        if isinstance(task, BaseAsyncResult):
            task_id = task.task_id
        # no commit, it's done in RepoModel, or async via celery
        return {
            'msg': "Created new repository `%s`" % (schema_data['repo_name'],),
            'success': True,  # cannot return the repo data here since fork
            # can be done async
            'task': task_id
        }
    except Exception:
        log.exception(
            u"Exception while trying to create the repository %s",
            schema_data['repo_name'])
        raise JSONRPCError(
            'failed to create repository `%s`' % (schema_data['repo_name'],))


@jsonrpc_method()
def add_field_to_repo(request, apiuser, repoid, key, label=Optional(''),
                      description=Optional('')):
    """
    Adds an extra field to a repository.

    This command can only be run using an |authtoken| with at least
    write permissions to the |repo|.

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repoid: Set the repository name or repository id.
    :type repoid: str or int
    :param key: Create a unique field key for this repository.
    :type key: str
    :param label:
    :type label: Optional(str)
    :param description:
    :type description: Optional(str)
    """
    repo = get_repo_or_error(repoid)
    if not has_superadmin_permission(apiuser):
        _perms = ('repository.admin',)
        validate_repo_permissions(apiuser, repoid, repo, _perms)

    label = Optional.extract(label) or key
    description = Optional.extract(description)

    field = RepositoryField.get_by_key_name(key, repo)
    if field:
        raise JSONRPCError('Field with key '
                           '`%s` exists for repo `%s`' % (key, repoid))

    try:
        RepoModel().add_repo_field(repo, key, field_label=label,
                                   field_desc=description)
        Session().commit()
        return {
            'msg': "Added new repository field `%s`" % (key,),
            'success': True,
        }
    except Exception:
        log.exception("Exception occurred while trying to add field to repo")
        raise JSONRPCError(
            'failed to create new field for repository `%s`' % (repoid,))


@jsonrpc_method()
def remove_field_from_repo(request, apiuser, repoid, key):
    """
    Removes an extra field from a repository.

    This command can only be run using an |authtoken| with at least
    write permissions to the |repo|.

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repoid: Set the repository name or repository ID.
    :type repoid: str or int
    :param key: Set the unique field key for this repository.
    :type key: str
    """

    repo = get_repo_or_error(repoid)
    if not has_superadmin_permission(apiuser):
        _perms = ('repository.admin',)
        validate_repo_permissions(apiuser, repoid, repo, _perms)

    field = RepositoryField.get_by_key_name(key, repo)
    if not field:
        raise JSONRPCError('Field with key `%s` does not '
                           'exists for repo `%s`' % (key, repoid))

    try:
        RepoModel().delete_repo_field(repo, field_key=key)
        Session().commit()
        return {
            'msg': "Deleted repository field `%s`" % (key,),
            'success': True,
        }
    except Exception:
        log.exception(
            "Exception occurred while trying to delete field from repo")
        raise JSONRPCError(
            'failed to delete field for repository `%s`' % (repoid,))


@jsonrpc_method()
def update_repo(
        request, apiuser, repoid, repo_name=Optional(None),
        owner=Optional(OAttr('apiuser')), description=Optional(''),
        private=Optional(False), clone_uri=Optional(None),
        landing_rev=Optional('rev:tip'), fork_of=Optional(None),
        enable_statistics=Optional(False),
        enable_locking=Optional(False),
        enable_downloads=Optional(False), fields=Optional('')):
    """
    Updates a repository with the given information.

    This command can only be run using an |authtoken| with at least
    admin permissions to the |repo|.

    * If the repository name contains "/", repository will be updated
      accordingly with a repository group or nested repository groups

      For example repoid=repo-test name="foo/bar/repo-test" will update |repo|
      called "repo-test" and place it inside group "foo/bar".
      You have to have permissions to access and write to the last repository
      group ("bar" in this example)

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repoid: repository name or repository ID.
    :type repoid: str or int
    :param repo_name: Update the |repo| name, including the
        repository group it's in.
    :type repo_name: str
    :param owner: Set the |repo| owner.
    :type owner: str
    :param fork_of: Set the |repo| as fork of another |repo|.
    :type fork_of: str
    :param description: Update the |repo| description.
    :type description: str
    :param private: Set the |repo| as private. (True | False)
    :type private: bool
    :param clone_uri: Update the |repo| clone URI.
    :type clone_uri: str
    :param landing_rev: Set the |repo| landing revision. Default is ``rev:tip``.
    :type landing_rev: str
    :param enable_statistics: Enable statistics on the |repo|, (True | False).
    :type enable_statistics: bool
    :param enable_locking: Enable |repo| locking.
    :type enable_locking: bool
    :param enable_downloads: Enable downloads from the |repo|, (True | False).
    :type enable_downloads: bool
    :param fields: Add extra fields to the |repo|. Use the following
        example format: ``field_key=field_val,field_key2=fieldval2``.
        Escape ', ' with \,
    :type fields: str
    """

    repo = get_repo_or_error(repoid)

    include_secrets = False
    if not has_superadmin_permission(apiuser):
        validate_repo_permissions(apiuser, repoid, repo, ('repository.admin',))
    else:
        include_secrets = True

    updates = dict(
        repo_name=repo_name
        if not isinstance(repo_name, Optional) else repo.repo_name,

        fork_id=fork_of
        if not isinstance(fork_of, Optional) else repo.fork.repo_name if repo.fork else None,

        user=owner
        if not isinstance(owner, Optional) else repo.user.username,

        repo_description=description
        if not isinstance(description, Optional) else repo.description,

        repo_private=private
        if not isinstance(private, Optional) else repo.private,

        clone_uri=clone_uri
        if not isinstance(clone_uri, Optional) else repo.clone_uri,

        repo_landing_rev=landing_rev
        if not isinstance(landing_rev, Optional) else repo._landing_revision,

        repo_enable_statistics=enable_statistics
        if not isinstance(enable_statistics, Optional) else repo.enable_statistics,

        repo_enable_locking=enable_locking
        if not isinstance(enable_locking, Optional) else repo.enable_locking,

        repo_enable_downloads=enable_downloads
        if not isinstance(enable_downloads, Optional) else repo.enable_downloads)

    ref_choices, _labels = ScmModel().get_repo_landing_revs(repo=repo)

    schema = repo_schema.RepoSchema().bind(
        repo_type_options=rhodecode.BACKENDS.keys(),
        repo_ref_options=ref_choices,
        # user caller
        user=apiuser,
        old_values=repo.get_api_data())
    try:
        schema_data = schema.deserialize(dict(
            # we save old value, users cannot change type
            repo_type=repo.repo_type,

            repo_name=updates['repo_name'],
            repo_owner=updates['user'],
            repo_description=updates['repo_description'],
            repo_clone_uri=updates['clone_uri'],
            repo_fork_of=updates['fork_id'],
            repo_private=updates['repo_private'],
            repo_landing_commit_ref=updates['repo_landing_rev'],
            repo_enable_statistics=updates['repo_enable_statistics'],
            repo_enable_downloads=updates['repo_enable_downloads'],
            repo_enable_locking=updates['repo_enable_locking']))
    except validation_schema.Invalid as err:
        raise JSONRPCValidationError(colander_exc=err)

    # save validated data back into the updates dict
    validated_updates = dict(
        repo_name=schema_data['repo_group']['repo_name_without_group'],
        repo_group=schema_data['repo_group']['repo_group_id'],

        user=schema_data['repo_owner'],
        repo_description=schema_data['repo_description'],
        repo_private=schema_data['repo_private'],
        clone_uri=schema_data['repo_clone_uri'],
        repo_landing_rev=schema_data['repo_landing_commit_ref'],
        repo_enable_statistics=schema_data['repo_enable_statistics'],
        repo_enable_locking=schema_data['repo_enable_locking'],
        repo_enable_downloads=schema_data['repo_enable_downloads'],
    )

    if schema_data['repo_fork_of']:
        fork_repo = get_repo_or_error(schema_data['repo_fork_of'])
        validated_updates['fork_id'] = fork_repo.repo_id

    # extra fields
    fields = parse_args(Optional.extract(fields), key_prefix='ex_')
    if fields:
        validated_updates.update(fields)

    try:
        RepoModel().update(repo, **validated_updates)
        Session().commit()
        return {
            'msg': 'updated repo ID:%s %s' % (repo.repo_id, repo.repo_name),
            'repository': repo.get_api_data(include_secrets=include_secrets)
        }
    except Exception:
        log.exception(
            u"Exception while trying to update the repository %s",
            repoid)
        raise JSONRPCError('failed to update repo `%s`' % repoid)


@jsonrpc_method()
def fork_repo(request, apiuser, repoid, fork_name,
              owner=Optional(OAttr('apiuser')),
              description=Optional(''),
              private=Optional(False),
              clone_uri=Optional(None),
              landing_rev=Optional('rev:tip'),
              copy_permissions=Optional(False)):
    """
    Creates a fork of the specified |repo|.

    * If the fork_name contains "/", fork will be created inside
      a repository group or nested repository groups

      For example "foo/bar/fork-repo" will create fork called "fork-repo"
      inside group "foo/bar". You have to have permissions to access and
      write to the last repository group ("bar" in this example)

    This command can only be run using an |authtoken| with minimum
    read permissions of the forked repo, create fork permissions for an user.

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repoid: Set repository name or repository ID.
    :type repoid: str or int
    :param fork_name: Set the fork name, including it's repository group membership.
    :type fork_name: str
    :param owner: Set the fork owner.
    :type owner: str
    :param description: Set the fork description.
    :type description: str
    :param copy_permissions: Copy permissions from parent |repo|. The
        default is False.
    :type copy_permissions: bool
    :param private: Make the fork private. The default is False.
    :type private: bool
    :param landing_rev: Set the landing revision. The default is tip.

    Example output:

    .. code-block:: bash

        id : <id_for_response>
        api_key : "<api_key>"
        args:     {
                    "repoid" :          "<reponame or repo_id>",
                    "fork_name":        "<forkname>",
                    "owner":            "<username or user_id = Optional(=apiuser)>",
                    "description":      "<description>",
                    "copy_permissions": "<bool>",
                    "private":          "<bool>",
                    "landing_rev":      "<landing_rev>"
                  }

    Example error output:

    .. code-block:: bash

        id : <id_given_in_input>
        result: {
                  "msg": "Created fork of `<reponame>` as `<forkname>`",
                  "success": true,
                  "task": "<celery task id or None if done sync>"
                }
        error:  null

    """

    repo = get_repo_or_error(repoid)
    repo_name = repo.repo_name

    if not has_superadmin_permission(apiuser):
        # check if we have at least read permission for
        # this repo that we fork !
        _perms = (
            'repository.admin', 'repository.write', 'repository.read')
        validate_repo_permissions(apiuser, repoid, repo, _perms)

        # check if the regular user has at least fork permissions as well
        if not HasPermissionAnyApi('hg.fork.repository')(user=apiuser):
            raise JSONRPCForbidden()

    # check if user can set owner parameter
    owner = validate_set_owner_permissions(apiuser, owner)

    description = Optional.extract(description)
    copy_permissions = Optional.extract(copy_permissions)
    clone_uri = Optional.extract(clone_uri)
    landing_commit_ref = Optional.extract(landing_rev)
    private = Optional.extract(private)

    schema = repo_schema.RepoSchema().bind(
        repo_type_options=rhodecode.BACKENDS.keys(),
        # user caller
        user=apiuser)

    try:
        schema_data = schema.deserialize(dict(
            repo_name=fork_name,
            repo_type=repo.repo_type,
            repo_owner=owner.username,
            repo_description=description,
            repo_landing_commit_ref=landing_commit_ref,
            repo_clone_uri=clone_uri,
            repo_private=private,
            repo_copy_permissions=copy_permissions))
    except validation_schema.Invalid as err:
        raise JSONRPCValidationError(colander_exc=err)

    try:
        data = {
            'fork_parent_id': repo.repo_id,

            'repo_name': schema_data['repo_group']['repo_name_without_group'],
            'repo_name_full': schema_data['repo_name'],
            'repo_group': schema_data['repo_group']['repo_group_id'],
            'repo_type': schema_data['repo_type'],
            'description': schema_data['repo_description'],
            'private': schema_data['repo_private'],
            'copy_permissions': schema_data['repo_copy_permissions'],
            'landing_rev': schema_data['repo_landing_commit_ref'],
        }

        task = RepoModel().create_fork(data, cur_user=owner)
        # no commit, it's done in RepoModel, or async via celery
        from celery.result import BaseAsyncResult
        task_id = None
        if isinstance(task, BaseAsyncResult):
            task_id = task.task_id
        return {
            'msg': 'Created fork of `%s` as `%s`' % (
                repo.repo_name, schema_data['repo_name']),
            'success': True,  # cannot return the repo data here since fork
            # can be done async
            'task': task_id
        }
    except Exception:
        log.exception(
            u"Exception while trying to create fork %s",
            schema_data['repo_name'])
        raise JSONRPCError(
            'failed to fork repository `%s` as `%s`' % (
                repo_name, schema_data['repo_name']))


@jsonrpc_method()
def delete_repo(request, apiuser, repoid, forks=Optional('')):
    """
    Deletes a repository.

    * When the `forks` parameter is set it's possible to detach or delete
      forks of deleted repository.

    This command can only be run using an |authtoken| with admin
    permissions on the |repo|.

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repoid: Set the repository name or repository ID.
    :type repoid: str or int
    :param forks: Set to `detach` or `delete` forks from the |repo|.
    :type forks: Optional(str)

    Example error output:

    .. code-block:: bash

        id : <id_given_in_input>
        result: {
                  "msg": "Deleted repository `<reponame>`",
                  "success": true
                }
        error:  null
    """

    repo = get_repo_or_error(repoid)
    repo_name = repo.repo_name
    if not has_superadmin_permission(apiuser):
        _perms = ('repository.admin',)
        validate_repo_permissions(apiuser, repoid, repo, _perms)

    try:
        handle_forks = Optional.extract(forks)
        _forks_msg = ''
        _forks = [f for f in repo.forks]
        if handle_forks == 'detach':
            _forks_msg = ' ' + 'Detached %s forks' % len(_forks)
        elif handle_forks == 'delete':
            _forks_msg = ' ' + 'Deleted %s forks' % len(_forks)
        elif _forks:
            raise JSONRPCError(
                'Cannot delete `%s` it still contains attached forks' %
                (repo.repo_name,)
            )
        repo_data = repo.get_api_data()
        RepoModel().delete(repo, forks=forks)

        repo = audit_logger.RepoWrap(repo_id=None,
                                     repo_name=repo.repo_name)

        audit_logger.store_api(
            action='repo.delete',
            action_data={'data': repo_data},
            user=apiuser, repo=repo)

        ScmModel().mark_for_invalidation(repo_name, delete=True)
        Session().commit()
        return {
            'msg': 'Deleted repository `%s`%s' % (repo_name, _forks_msg),
            'success': True
        }
    except Exception:
        log.exception("Exception occurred while trying to delete repo")
        raise JSONRPCError(
            'failed to delete repository `%s`' % (repo_name,)
        )


#TODO: marcink, change name ?
@jsonrpc_method()
def invalidate_cache(request, apiuser, repoid, delete_keys=Optional(False)):
    """
    Invalidates the cache for the specified repository.

    This command can only be run using an |authtoken| with admin rights to
    the specified repository.

    This command takes the following options:

    :param apiuser: This is filled automatically from |authtoken|.
    :type apiuser: AuthUser
    :param repoid: Sets the repository name or repository ID.
    :type repoid: str or int
    :param delete_keys: This deletes the invalidated keys instead of
        just flagging them.
    :type delete_keys: Optional(``True`` | ``False``)

    Example output:

    .. code-block:: bash

      id : <id_given_in_input>
      result : {
        'msg': Cache for repository `<repository name>` was invalidated,
        'repository': <repository name>
      }
      error :  null

    Example error output:

    .. code-block:: bash

      id : <id_given_in_input>
      result : null
      error : {
         'Error occurred during cache invalidation action'
      }

    """

    repo = get_repo_or_error(repoid)
    if not has_superadmin_permission(apiuser):
        _perms = ('repository.admin', 'repository.write',)
        validate_repo_permissions(apiuser, repoid, repo, _perms)

    delete = Optional.extract(delete_keys)
    try:
        ScmModel().mark_for_invalidation(repo.repo_name, delete=delete)
        return {
            'msg': 'Cache for repository `%s` was invalidated' % (repoid,),
            'repository': repo.repo_name
        }
    except Exception:
        log.exception(
            "Exception occurred while trying to invalidate repo cache")
        raise JSONRPCError(
            'Error occurred during cache invalidation action'
        )


#TODO: marcink, change name ?
@jsonrpc_method()
def lock(request, apiuser, repoid, locked=Optional(None),
         userid=Optional(OAttr('apiuser'))):
    """
    Sets the lock state of the specified |repo| by the given user.
    From more information, see :ref:`repo-locking`.

    * If the ``userid`` option is not set, the repository is locked to the
      user who called the method.
    * If the ``locked`` parameter is not set, the current lock state of the
      repository is displayed.

    This command can only be run using an |authtoken| with admin rights to
    the specified repository.

    This command takes the following options:

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repoid: Sets the repository name or repository ID.
    :type repoid: str or int
    :param locked: Sets the lock state.
    :type locked: Optional(``True`` | ``False``)
    :param userid: Set the repository lock to this user.
    :type userid: Optional(str or int)

    Example error output:

    .. code-block:: bash

      id : <id_given_in_input>
      result : {
        'repo': '<reponame>',
        'locked': <bool: lock state>,
        'locked_since': <int: lock timestamp>,
        'locked_by': <username of person who made the lock>,
        'lock_reason': <str: reason for locking>,
        'lock_state_changed': <bool: True if lock state has been changed in this request>,
        'msg': 'Repo `<reponame>` locked by `<username>` on <timestamp>.'
        or
        'msg': 'Repo `<repository name>` not locked.'
        or
        'msg': 'User `<user name>` set lock state for repo `<repository name>` to `<new lock state>`'
      }
      error :  null

    Example error output:

    .. code-block:: bash

      id : <id_given_in_input>
      result : null
      error :  {
        'Error occurred locking repository `<reponame>`'
      }
    """

    repo = get_repo_or_error(repoid)
    if not has_superadmin_permission(apiuser):
        # check if we have at least write permission for this repo !
        _perms = ('repository.admin', 'repository.write',)
        validate_repo_permissions(apiuser, repoid, repo, _perms)

        # make sure normal user does not pass someone else userid,
        # he is not allowed to do that
        if not isinstance(userid, Optional) and userid != apiuser.user_id:
            raise JSONRPCError('userid is not the same as your user')

    if isinstance(userid, Optional):
        userid = apiuser.user_id

    user = get_user_or_error(userid)

    if isinstance(locked, Optional):
        lockobj = repo.locked

        if lockobj[0] is None:
            _d = {
                'repo': repo.repo_name,
                'locked': False,
                'locked_since': None,
                'locked_by': None,
                'lock_reason': None,
                'lock_state_changed': False,
                'msg': 'Repo `%s` not locked.' % repo.repo_name
            }
            return _d
        else:
            _user_id, _time, _reason = lockobj
            lock_user = get_user_or_error(userid)
            _d = {
                'repo': repo.repo_name,
                'locked': True,
                'locked_since': _time,
                'locked_by': lock_user.username,
                'lock_reason': _reason,
                'lock_state_changed': False,
                'msg': ('Repo `%s` locked by `%s` on `%s`.'
                        % (repo.repo_name, lock_user.username,
                           json.dumps(time_to_datetime(_time))))
            }
            return _d

    # force locked state through a flag
    else:
        locked = str2bool(locked)
        lock_reason = Repository.LOCK_API
        try:
            if locked:
                lock_time = time.time()
                Repository.lock(repo, user.user_id, lock_time, lock_reason)
            else:
                lock_time = None
                Repository.unlock(repo)
            _d = {
                'repo': repo.repo_name,
                'locked': locked,
                'locked_since': lock_time,
                'locked_by': user.username,
                'lock_reason': lock_reason,
                'lock_state_changed': True,
                'msg': ('User `%s` set lock state for repo `%s` to `%s`'
                        % (user.username, repo.repo_name, locked))
            }
            return _d
        except Exception:
            log.exception(
                "Exception occurred while trying to lock repository")
            raise JSONRPCError(
                'Error occurred locking repository `%s`' % repo.repo_name
            )


@jsonrpc_method()
def comment_commit(
        request, apiuser, repoid, commit_id, message, status=Optional(None),
        comment_type=Optional(ChangesetComment.COMMENT_TYPE_NOTE),
        resolves_comment_id=Optional(None),
        userid=Optional(OAttr('apiuser'))):
    """
    Set a commit comment, and optionally change the status of the commit.

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repoid: Set the repository name or repository ID.
    :type repoid: str or int
    :param commit_id: Specify the commit_id for which to set a comment.
    :type commit_id: str
    :param message: The comment text.
    :type message: str
    :param status: (**Optional**) status of commit, one of: 'not_reviewed',
        'approved', 'rejected', 'under_review'
    :type status: str
    :param comment_type: Comment type, one of: 'note', 'todo'
    :type comment_type: Optional(str), default: 'note'
    :param userid: Set the user name of the comment creator.
    :type userid: Optional(str or int)

    Example error output:

    .. code-block:: bash

        {
            "id" : <id_given_in_input>,
            "result" : {
                "msg": "Commented on commit `<commit_id>` for repository `<repoid>`",
                "status_change": null or <status>,
                "success": true
            },
            "error" :  null
        }

    """
    repo = get_repo_or_error(repoid)
    if not has_superadmin_permission(apiuser):
        _perms = ('repository.read', 'repository.write', 'repository.admin')
        validate_repo_permissions(apiuser, repoid, repo, _perms)

    try:
        commit_id = repo.scm_instance().get_commit(commit_id=commit_id).raw_id
    except Exception as e:
        log.exception('Failed to fetch commit')
        raise JSONRPCError(e.message)

    if isinstance(userid, Optional):
        userid = apiuser.user_id

    user = get_user_or_error(userid)
    status = Optional.extract(status)
    comment_type = Optional.extract(comment_type)
    resolves_comment_id = Optional.extract(resolves_comment_id)

    allowed_statuses = [x[0] for x in ChangesetStatus.STATUSES]
    if status and status not in allowed_statuses:
        raise JSONRPCError('Bad status, must be on '
                           'of %s got %s' % (allowed_statuses, status,))

    if resolves_comment_id:
        comment = ChangesetComment.get(resolves_comment_id)
        if not comment:
            raise JSONRPCError(
                'Invalid resolves_comment_id `%s` for this commit.'
                % resolves_comment_id)
        if comment.comment_type != ChangesetComment.COMMENT_TYPE_TODO:
            raise JSONRPCError(
                'Comment `%s` is wrong type for setting status to resolved.'
                % resolves_comment_id)

    try:
        rc_config = SettingsModel().get_all_settings()
        renderer = rc_config.get('rhodecode_markup_renderer', 'rst')
        status_change_label = ChangesetStatus.get_status_lbl(status)
        comm = CommentsModel().create(
            message, repo, user, commit_id=commit_id,
            status_change=status_change_label,
            status_change_type=status,
            renderer=renderer,
            comment_type=comment_type,
            resolves_comment_id=resolves_comment_id
        )
        if status:
            # also do a status change
            try:
                ChangesetStatusModel().set_status(
                    repo, status, user, comm, revision=commit_id,
                    dont_allow_on_closed_pull_request=True
                )
            except StatusChangeOnClosedPullRequestError:
                log.exception(
                    "Exception occurred while trying to change repo commit status")
                msg = ('Changing status on a changeset associated with '
                       'a closed pull request is not allowed')
                raise JSONRPCError(msg)

        Session().commit()
        return {
            'msg': (
                'Commented on commit `%s` for repository `%s`' % (
                    comm.revision, repo.repo_name)),
            'status_change': status,
            'success': True,
        }
    except JSONRPCError:
        # catch any inside errors, and re-raise them to prevent from
        # below global catch to silence them
        raise
    except Exception:
        log.exception("Exception occurred while trying to comment on commit")
        raise JSONRPCError(
            'failed to set comment on repository `%s`' % (repo.repo_name,)
        )


@jsonrpc_method()
def grant_user_permission(request, apiuser, repoid, userid, perm):
    """
    Grant permissions for the specified user on the given repository,
    or update existing permissions if found.

    This command can only be run using an |authtoken| with admin
    permissions on the |repo|.

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repoid: Set the repository name or repository ID.
    :type repoid: str or int
    :param userid: Set the user name.
    :type userid: str
    :param perm: Set the user permissions, using the following format
        ``(repository.(none|read|write|admin))``
    :type perm: str

    Example output:

    .. code-block:: bash

        id : <id_given_in_input>
        result: {
                  "msg" : "Granted perm: `<perm>` for user: `<username>` in repo: `<reponame>`",
                  "success": true
                }
        error:  null
    """

    repo = get_repo_or_error(repoid)
    user = get_user_or_error(userid)
    perm = get_perm_or_error(perm)
    if not has_superadmin_permission(apiuser):
        _perms = ('repository.admin',)
        validate_repo_permissions(apiuser, repoid, repo, _perms)

    try:

        RepoModel().grant_user_permission(repo=repo, user=user, perm=perm)

        Session().commit()
        return {
            'msg': 'Granted perm: `%s` for user: `%s` in repo: `%s`' % (
                perm.permission_name, user.username, repo.repo_name
            ),
            'success': True
        }
    except Exception:
        log.exception(
            "Exception occurred while trying edit permissions for repo")
        raise JSONRPCError(
            'failed to edit permission for user: `%s` in repo: `%s`' % (
                userid, repoid
            )
        )


@jsonrpc_method()
def revoke_user_permission(request, apiuser, repoid, userid):
    """
    Revoke permission for a user on the specified repository.

    This command can only be run using an |authtoken| with admin
    permissions on the |repo|.

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repoid: Set the repository name or repository ID.
    :type repoid: str or int
    :param userid: Set the user name of revoked user.
    :type userid: str or int

    Example error output:

    .. code-block:: bash

        id : <id_given_in_input>
        result: {
                  "msg" : "Revoked perm for user: `<username>` in repo: `<reponame>`",
                  "success": true
                }
        error:  null
    """

    repo = get_repo_or_error(repoid)
    user = get_user_or_error(userid)
    if not has_superadmin_permission(apiuser):
        _perms = ('repository.admin',)
        validate_repo_permissions(apiuser, repoid, repo, _perms)

    try:
        RepoModel().revoke_user_permission(repo=repo, user=user)
        Session().commit()
        return {
            'msg': 'Revoked perm for user: `%s` in repo: `%s`' % (
                user.username, repo.repo_name
            ),
            'success': True
        }
    except Exception:
        log.exception(
            "Exception occurred while trying revoke permissions to repo")
        raise JSONRPCError(
            'failed to edit permission for user: `%s` in repo: `%s`' % (
                userid, repoid
            )
        )


@jsonrpc_method()
def grant_user_group_permission(request, apiuser, repoid, usergroupid, perm):
    """
    Grant permission for a user group on the specified repository,
    or update existing permissions.

    This command can only be run using an |authtoken| with admin
    permissions on the |repo|.

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repoid: Set the repository name or repository ID.
    :type repoid: str or int
    :param usergroupid: Specify the ID of the user group.
    :type usergroupid: str or int
    :param perm: Set the user group permissions using the following
        format: (repository.(none|read|write|admin))
    :type perm: str

    Example output:

    .. code-block:: bash

      id : <id_given_in_input>
      result : {
        "msg" : "Granted perm: `<perm>` for group: `<usersgroupname>` in repo: `<reponame>`",
        "success": true

      }
      error :  null

    Example error output:

    .. code-block:: bash

      id : <id_given_in_input>
      result : null
      error :  {
        "failed to edit permission for user group: `<usergroup>` in repo `<repo>`'
      }

    """

    repo = get_repo_or_error(repoid)
    perm = get_perm_or_error(perm)
    if not has_superadmin_permission(apiuser):
        _perms = ('repository.admin',)
        validate_repo_permissions(apiuser, repoid, repo, _perms)

    user_group = get_user_group_or_error(usergroupid)
    if not has_superadmin_permission(apiuser):
        # check if we have at least read permission for this user group !
        _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
        if not HasUserGroupPermissionAnyApi(*_perms)(
                user=apiuser, user_group_name=user_group.users_group_name):
            raise JSONRPCError(
                'user group `%s` does not exist' % (usergroupid,))

    try:
        RepoModel().grant_user_group_permission(
            repo=repo, group_name=user_group, perm=perm)

        Session().commit()
        return {
            'msg': 'Granted perm: `%s` for user group: `%s` in '
                   'repo: `%s`' % (
                       perm.permission_name, user_group.users_group_name,
                       repo.repo_name
                   ),
            'success': True
        }
    except Exception:
        log.exception(
            "Exception occurred while trying change permission on repo")
        raise JSONRPCError(
            'failed to edit permission for user group: `%s` in '
            'repo: `%s`' % (
                usergroupid, repo.repo_name
            )
        )


@jsonrpc_method()
def revoke_user_group_permission(request, apiuser, repoid, usergroupid):
    """
    Revoke the permissions of a user group on a given repository.

    This command can only be run using an |authtoken| with admin
    permissions on the |repo|.

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repoid: Set the repository name or repository ID.
    :type repoid: str or int
    :param usergroupid: Specify the user group ID.
    :type usergroupid: str or int

    Example output:

    .. code-block:: bash

        id : <id_given_in_input>
        result: {
                  "msg" : "Revoked perm for group: `<usersgroupname>` in repo: `<reponame>`",
                  "success": true
                }
        error:  null
    """

    repo = get_repo_or_error(repoid)
    if not has_superadmin_permission(apiuser):
        _perms = ('repository.admin',)
        validate_repo_permissions(apiuser, repoid, repo, _perms)

    user_group = get_user_group_or_error(usergroupid)
    if not has_superadmin_permission(apiuser):
        # check if we have at least read permission for this user group !
        _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
        if not HasUserGroupPermissionAnyApi(*_perms)(
                user=apiuser, user_group_name=user_group.users_group_name):
            raise JSONRPCError(
                'user group `%s` does not exist' % (usergroupid,))

    try:
        RepoModel().revoke_user_group_permission(
            repo=repo, group_name=user_group)

        Session().commit()
        return {
            'msg': 'Revoked perm for user group: `%s` in repo: `%s`' % (
                user_group.users_group_name, repo.repo_name
            ),
            'success': True
        }
    except Exception:
        log.exception("Exception occurred while trying revoke "
                      "user group permission on repo")
        raise JSONRPCError(
            'failed to edit permission for user group: `%s` in '
            'repo: `%s`' % (
                user_group.users_group_name, repo.repo_name
            )
        )


@jsonrpc_method()
def pull(request, apiuser, repoid):
    """
    Triggers a pull on the given repository from a remote location. You
    can use this to keep remote repositories up-to-date.

    This command can only be run using an |authtoken| with admin
    rights to the specified repository. For more information,
    see :ref:`config-token-ref`.

    This command takes the following options:

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repoid: The repository name or repository ID.
    :type repoid: str or int

    Example output:

    .. code-block:: bash

      id : <id_given_in_input>
      result : {
        "msg": "Pulled from `<repository name>`"
        "repository": "<repository name>"
      }
      error :  null

    Example error output:

    .. code-block:: bash

      id : <id_given_in_input>
      result : null
      error :  {
        "Unable to pull changes from `<reponame>`"
      }

    """

    repo = get_repo_or_error(repoid)
    if not has_superadmin_permission(apiuser):
        _perms = ('repository.admin',)
        validate_repo_permissions(apiuser, repoid, repo, _perms)

    try:
        ScmModel().pull_changes(repo.repo_name, apiuser.username)
        return {
            'msg': 'Pulled from `%s`' % repo.repo_name,
            'repository': repo.repo_name
        }
    except Exception:
        log.exception("Exception occurred while trying to "
                      "pull changes from remote location")
        raise JSONRPCError(
            'Unable to pull changes from `%s`' % repo.repo_name
        )


@jsonrpc_method()
def strip(request, apiuser, repoid, revision, branch):
    """
    Strips the given revision from the specified repository.

    * This will remove the revision and all of its decendants.

    This command can only be run using an |authtoken| with admin rights to
    the specified repository.

    This command takes the following options:

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repoid: The repository name or repository ID.
    :type repoid: str or int
    :param revision: The revision you wish to strip.
    :type revision: str
    :param branch: The branch from which to strip the revision.
    :type branch: str

    Example output:

    .. code-block:: bash

      id : <id_given_in_input>
      result : {
        "msg": "'Stripped commit <commit_hash> from repo `<repository name>`'"
        "repository": "<repository name>"
      }
      error :  null

    Example error output:

    .. code-block:: bash

      id : <id_given_in_input>
      result : null
      error :  {
        "Unable to strip commit <commit_hash> from repo `<repository name>`"
      }

    """

    repo = get_repo_or_error(repoid)
    if not has_superadmin_permission(apiuser):
        _perms = ('repository.admin',)
        validate_repo_permissions(apiuser, repoid, repo, _perms)

    try:
        ScmModel().strip(repo, revision, branch)
        return {
            'msg': 'Stripped commit %s from repo `%s`' % (
                revision, repo.repo_name),
            'repository': repo.repo_name
        }
    except Exception:
        log.exception("Exception while trying to strip")
        raise JSONRPCError(
            'Unable to strip commit %s from repo `%s`' % (
                revision, repo.repo_name)
        )


@jsonrpc_method()
def get_repo_settings(request, apiuser, repoid, key=Optional(None)):
    """
    Returns all settings for a repository. If key is given it only returns the
    setting identified by the key or null.

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repoid: The repository name or repository id.
    :type repoid: str or int
    :param key: Key of the setting to return.
    :type: key: Optional(str)

    Example output:

    .. code-block:: bash

        {
            "error": null,
            "id": 237,
            "result": {
                "extensions_largefiles": true,
                "extensions_evolve": true,
                "hooks_changegroup_push_logger": true,
                "hooks_changegroup_repo_size": false,
                "hooks_outgoing_pull_logger": true,
                "phases_publish": "True",
                "rhodecode_hg_use_rebase_for_merging": true,
                "rhodecode_pr_merge_enabled": true,
                "rhodecode_use_outdated_comments": true
            }
        }
    """

    # Restrict access to this api method to admins only.
    if not has_superadmin_permission(apiuser):
        raise JSONRPCForbidden()

    try:
        repo = get_repo_or_error(repoid)
        settings_model = VcsSettingsModel(repo=repo)
        settings = settings_model.get_global_settings()
        settings.update(settings_model.get_repo_settings())

        # If only a single setting is requested fetch it from all settings.
        key = Optional.extract(key)
        if key is not None:
            settings = settings.get(key, None)
    except Exception:
        msg = 'Failed to fetch settings for repository `{}`'.format(repoid)
        log.exception(msg)
        raise JSONRPCError(msg)

    return settings


@jsonrpc_method()
def set_repo_settings(request, apiuser, repoid, settings):
    """
    Update repository settings. Returns true on success.

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repoid: The repository name or repository id.
    :type repoid: str or int
    :param settings: The new settings for the repository.
    :type: settings: dict

    Example output:

    .. code-block:: bash

        {
            "error": null,
            "id": 237,
            "result": true
        }
    """
    # Restrict access to this api method to admins only.
    if not has_superadmin_permission(apiuser):
        raise JSONRPCForbidden()

    if type(settings) is not dict:
        raise JSONRPCError('Settings have to be a JSON Object.')

    try:
        settings_model = VcsSettingsModel(repo=repoid)

        # Merge global, repo and incoming settings.
        new_settings = settings_model.get_global_settings()
        new_settings.update(settings_model.get_repo_settings())
        new_settings.update(settings)

        # Update the settings.
        inherit_global_settings = new_settings.get(
            'inherit_global_settings', False)
        settings_model.create_or_update_repo_settings(
            new_settings, inherit_global_settings=inherit_global_settings)
        Session().commit()
    except Exception:
        msg = 'Failed to update settings for repository `{}`'.format(repoid)
        log.exception(msg)
        raise JSONRPCError(msg)

    # Indicate success.
    return True


@jsonrpc_method()
def maintenance(request, apiuser, repoid):
    """
    Triggers a maintenance on the given repository.

    This command can only be run using an |authtoken| with admin
    rights to the specified repository. For more information,
    see :ref:`config-token-ref`.

    This command takes the following options:

    :param apiuser: This is filled automatically from the |authtoken|.
    :type apiuser: AuthUser
    :param repoid: The repository name or repository ID.
    :type repoid: str or int

    Example output:

    .. code-block:: bash

      id : <id_given_in_input>
      result : {
        "msg": "executed maintenance command",
        "executed_actions": [
           <action_message>, <action_message2>...
        ],
        "repository": "<repository name>"
      }
      error :  null

    Example error output:

    .. code-block:: bash

      id : <id_given_in_input>
      result : null
      error :  {
        "Unable to execute maintenance on `<reponame>`"
      }

    """

    repo = get_repo_or_error(repoid)
    if not has_superadmin_permission(apiuser):
        _perms = ('repository.admin',)
        validate_repo_permissions(apiuser, repoid, repo, _perms)

    try:
        maintenance = repo_maintenance.RepoMaintenance()
        executed_actions = maintenance.execute(repo)

        return {
            'msg': 'executed maintenance command',
            'executed_actions': executed_actions,
            'repository': repo.repo_name
        }
    except Exception:
        log.exception("Exception occurred while trying to run maintenance")
        raise JSONRPCError(
            'Unable to execute maintenance on `%s`' % repo.repo_name)