upstream/kallithea Commit - r2125:097327aa

more detailed logging on auth system...

marcink -

r2125:097327aa beta

parent child

docs/usage/debugging.rst

0 +9 -4

             .. _debugging:
             ===================
-            DEBUGGING RHODECODE
+            Debugging RhodeCode
             ===================
             If you encountered problems with RhodeCode here are some instructions how to
             possibly debug them.
             ** First make sure you're using the latest version available.**
             enable detailed debug
             ---------------------
             RhodeCode uses standard python logging modules to log it's output.
             By default only loggers with INFO level are displayed. To enable full output
             change `level = DEBUG` for all logging handlers in currently used .ini file.
-            After this you can check much more detailed output of actions happening on
+            This change will allow to see much more detailed output in the logfile or
-            RhodeCode system.
+            console. This generally helps a lot to track issues.
             enable interactive debug mode
             -----------------------------
-            To enable interactive debug mode simply
+            To enable interactive debug mode simply comment out `set debug = false` in
+            .ini file, this will trigger and interactive debugger each time there an
+            error in browser, or send a http link if error occured in the backend. This
+            is a great tool for fast debugging as you get a handy python console right
+            in the web view. ** NEVER ENABLE THIS ON PRODUCTION ** the interactive console
+            can be a serious security threat to you system.

rhodecode/lib/auth.py

0 +33 -26

             # -*- coding: utf-8 -*-
             """
                 rhodecode.lib.auth
                 ~~~~~~~~~~~~~~~~~~
                 authentication and permission libraries
                 :created_on: Apr 4, 2010
                 :author: marcink
                 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import random
             import logging
             import traceback
             import hashlib
             from tempfile import _RandomNameSequence
             from decorator import decorator
             from pylons import config, url, request
             from pylons.controllers.util import abort, redirect
             from pylons.i18n.translation import _
             from rhodecode import __platform__, PLATFORM_WIN, PLATFORM_OTHERS
             from rhodecode.model.meta import Session
             if __platform__ in PLATFORM_WIN:
                 from hashlib import sha256
             if __platform__ in PLATFORM_OTHERS:
                 import bcrypt
             from rhodecode.lib.utils2 import str2bool, safe_unicode
             from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError
             from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug
             from rhodecode.lib.auth_ldap import AuthLdap
             from rhodecode.model import meta
             from rhodecode.model.user import UserModel
             from rhodecode.model.db import Permission, RhodeCodeSetting, User
             log = logging.getLogger(__name__)
             class PasswordGenerator(object):
                 """
                 This is a simple class for generating password from different sets of
                 characters
                 usage::
                     passwd_gen = PasswordGenerator()
                     #print 8-letter password containing only big and small letters
                         of alphabet
                     print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
                 """
                 ALPHABETS_NUM = r'''1234567890'''
                 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
                 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
                 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''
                 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \
                     + ALPHABETS_NUM + ALPHABETS_SPECIAL
                 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM
                 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
                 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
                 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
                 def __init__(self, passwd=''):
                     self.passwd = passwd
                 def gen_password(self, length, type_=None):
                     if type_ is None:
                         type_ = self.ALPHABETS_FULL
                     self.passwd = ''.join([random.choice(type_) for _ in xrange(length)])
                     return self.passwd
             class RhodeCodeCrypto(object):
                 @classmethod
                 def hash_string(cls, str_):
                     """
                     Cryptographic function used for password hashing based on pybcrypt
                     or pycrypto in windows
                     :param password: password to hash
                     """
                     if __platform__ in PLATFORM_WIN:
                         return sha256(str_).hexdigest()
                     elif __platform__ in PLATFORM_OTHERS:
                         return bcrypt.hashpw(str_, bcrypt.gensalt(10))
                     else:
                         raise Exception('Unknown or unsupported platform %s' \
                                         % __platform__)
                 @classmethod
                 def hash_check(cls, password, hashed):
                     """
                     Checks matching password with it's hashed value, runs different
                     implementation based on platform it runs on
                     :param password: password
                     :param hashed: password in hashed form
                     """
                     if __platform__ in PLATFORM_WIN:
                         return sha256(password).hexdigest() == hashed
                     elif __platform__ in PLATFORM_OTHERS:
                         return bcrypt.hashpw(password, hashed) == hashed
                     else:
                         raise Exception('Unknown or unsupported platform %s' \
                                         % __platform__)
             def get_crypt_password(password):
                 return RhodeCodeCrypto.hash_string(password)
             def check_password(password, hashed):
                 return RhodeCodeCrypto.hash_check(password, hashed)
             def generate_api_key(str_, salt=None):
                 """
                 Generates API KEY from given string
                 :param str_:
                 :param salt:
                 """
                 if salt is None:
                     salt = _RandomNameSequence().next()
                 return hashlib.sha1(str_ + salt).hexdigest()
             def authfunc(environ, username, password):
                 """
                 Dummy authentication wrapper function used in Mercurial and Git for
                 access control.
                 :param environ: needed only for using in Basic auth
                 """
                 return authenticate(username, password)
             def authenticate(username, password):
                 """
                 Authentication function used for access control,
                 firstly checks for db authentication then if ldap is enabled for ldap
                 authentication, also creates ldap user if not in database
                 :param username: username
                 :param password: password
                 """
                 user_model = UserModel()
                 user = User.get_by_username(username)
                 log.debug('Authenticating user using RhodeCode account')
                 if user is not None and not user.ldap_dn:
                     if user.active:
                         if user.username == 'default' and user.active:
                             log.info('user %s authenticated correctly as anonymous user' %
                                      username)
                             return True
                         elif user.username == username and check_password(password,
                                                                           user.password):
                             log.info('user %s authenticated correctly' % username)
                             return True
                     else:
                         log.warning('user %s tried auth but is disabled' % username)
                 else:
                     log.debug('Regular authentication failed')
                     user_obj = User.get_by_username(username, case_insensitive=True)
                     if user_obj is not None and not user_obj.ldap_dn:
                         log.debug('this user already exists as non ldap')
                         return False
                     ldap_settings = RhodeCodeSetting.get_ldap_settings()
                     #======================================================================
                     # FALLBACK TO LDAP AUTH IF ENABLE
                     #======================================================================
                     if str2bool(ldap_settings.get('ldap_active')):
                         log.debug("Authenticating user using ldap")
                         kwargs = {
                               'server': ldap_settings.get('ldap_host', ''),
                               'base_dn': ldap_settings.get('ldap_base_dn', ''),
                               'port': ldap_settings.get('ldap_port'),
                               'bind_dn': ldap_settings.get('ldap_dn_user'),
                               'bind_pass': ldap_settings.get('ldap_dn_pass'),
                               'tls_kind': ldap_settings.get('ldap_tls_kind'),
                               'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
                               'ldap_filter': ldap_settings.get('ldap_filter'),
                               'search_scope': ldap_settings.get('ldap_search_scope'),
                               'attr_login': ldap_settings.get('ldap_attr_login'),
                               'ldap_version': 3,
                               }
                         log.debug('Checking for ldap authentication')
                         try:
                             aldap = AuthLdap(**kwargs)
                             (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
                                                                             password)
                             log.debug('Got ldap DN response %s' % user_dn)
                             get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\
                                                                        .get(k), [''])[0]
                             user_attrs = {
                              'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),
                              'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
                              'email': get_ldap_attr('ldap_attr_email'),
                             }
                             # don't store LDAP password since we don't need it. Override
                             # with some random generated password
                             _password = PasswordGenerator().gen_password(length=8)
                             # create this user on the fly if it doesn't exist in rhodecode
                             # database
                             if user_model.create_ldap(username, _password, user_dn,
                                                       user_attrs):
                                 log.info('created new ldap user %s' % username)
                             Session.commit()
                             return True
                         except (LdapUsernameError, LdapPasswordError,):
                             pass
                         except (Exception,):
                             log.error(traceback.format_exc())
                             pass
                 return False
             def login_container_auth(username):
                 user = User.get_by_username(username)
                 if user is None:
                     user_attrs = {
                         'name': username,
                         'lastname': None,
                         'email': None,
                     }
                     user = UserModel().create_for_container_auth(username, user_attrs)
                     if not user:
                         return None
                     log.info('User %s was created by container authentication' % username)
                 if not user.active:
                     return None
                 user.update_lastlogin()
                 Session.commit()
                 log.debug('User %s is now logged in by container authentication',
                           user.username)
                 return user
             def get_container_username(environ, config):
                 username = None
                 if str2bool(config.get('container_auth_enabled', False)):
                     from paste.httpheaders import REMOTE_USER
                     username = REMOTE_USER(environ)
                 if not username and str2bool(config.get('proxypass_auth_enabled', False)):
                     username = environ.get('HTTP_X_FORWARDED_USER')
                 if username:
                     # Removing realm and domain from username
                     username = username.partition('@')[0]
                     username = username.rpartition('\\')[2]
                     log.debug('Received username %s from container' % username)
                 return username
             class CookieStoreWrapper(object):
                 def __init__(self, cookie_store):
                     self.cookie_store = cookie_store
                 def __repr__(self):
                     return 'CookieStore<%s>' % (self.cookie_store)
                 def get(self, key, other=None):
                     if isinstance(self.cookie_store, dict):
                         return self.cookie_store.get(key, other)
                     elif isinstance(self.cookie_store, AuthUser):
                         return self.cookie_store.__dict__.get(key, other)
             class  AuthUser(object):
                 """
                 A simple object that handles all attributes of user in RhodeCode
                 It does lookup based on API key,given user, or user present in session
                 Then it fills all required information for such user. It also checks if
                 anonymous access is enabled and if so, it returns default user as logged
                 in
                 """
                 def __init__(self, user_id=None, api_key=None, username=None):
                     self.user_id = user_id
                     self.api_key = None
                     self.username = username
                     self.name = ''
                     self.lastname = ''
                     self.email = ''
                     self.is_authenticated = False
                     self.admin = False
                     self.permissions = {}
                     self._api_key = api_key
                     self.propagate_data()
                     self._instance = None
                 def propagate_data(self):
                     user_model = UserModel()
                     self.anonymous_user = User.get_by_username('default', cache=True)
                     is_user_loaded = False
                     # try go get user by api key
                     if self._api_key and self._api_key != self.anonymous_user.api_key:
                         log.debug('Auth User lookup by API KEY %s' % self._api_key)
                         is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
                     # lookup by userid
                     elif (self.user_id is not None and
                           self.user_id != self.anonymous_user.user_id):
                         log.debug('Auth User lookup by USER ID %s' % self.user_id)
                         is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
                     # lookup by username
                     elif self.username and \
                         str2bool(config.get('container_auth_enabled', False)):
                         log.debug('Auth User lookup by USER NAME %s' % self.username)
                         dbuser = login_container_auth(self.username)
                         if dbuser is not None:
                             for k, v in dbuser.get_dict().items():
                                 setattr(self, k, v)
                             self.set_authenticated()
                             is_user_loaded = True
                     else:
                         log.debug('No data in %s that could been used to log in' % self)
                     if not is_user_loaded:
                         # if we cannot authenticate user try anonymous
                         if self.anonymous_user.active is True:
                             user_model.fill_data(self, user_id=self.anonymous_user.user_id)
                             # then we set this user is logged in
                             self.is_authenticated = True
                         else:
                             self.user_id = None
                             self.username = None
                             self.is_authenticated = False
                     if not self.username:
                         self.username = 'None'
                     log.debug('Auth User is now %s' % self)
                     user_model.fill_perms(self)
                 @property
                 def is_admin(self):
                     return self.admin
                 def __repr__(self):
                     return "<AuthUser('id:%s:%s|%s')>" % (self.user_id, self.username,
                                                           self.is_authenticated)
                 def set_authenticated(self, authenticated=True):
                     if self.user_id != self.anonymous_user.user_id:
                         self.is_authenticated = authenticated
                 def get_cookie_store(self):
                     return {'username': self.username,
                             'user_id': self.user_id,
                             'is_authenticated': self.is_authenticated}
                 @classmethod
                 def from_cookie_store(cls, cookie_store):
                     """
                     Creates AuthUser from a cookie store
                     :param cls:
                     :param cookie_store:
                     """
                     user_id = cookie_store.get('user_id')
                     username = cookie_store.get('username')
                     api_key = cookie_store.get('api_key')
                     return AuthUser(user_id, api_key, username)
             def set_available_permissions(config):
                 """
                 This function will propagate pylons globals with all available defined
                 permission given in db. We don't want to check each time from db for new
                 permissions since adding a new permission also requires application restart
                 ie. to decorate new views with the newly created permission
                 :param config: current pylons config instance
                 """
                 log.info('getting information about all available permissions')
                 try:
                     sa = meta.Session
                     all_perms = sa.query(Permission).all()
                 except Exception:
                     pass
                 finally:
                     meta.Session.remove()
                 config['available_permissions'] = [x.permission_name for x in all_perms]
             #==============================================================================
             # CHECK DECORATORS
             #==============================================================================
             class LoginRequired(object):
                 """
                 Must be logged in to execute this function else
                 redirect to login page
                 :param api_access: if enabled this checks only for valid auth token
                     and grants access based on valid token
                 """
                 def __init__(self, api_access=False):
                     self.api_access = api_access
                 def __call__(self, func):
                     return decorator(self.__wrapper, func)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     cls = fargs[0]
                     user = cls.rhodecode_user
                     api_access_ok = False
                     if self.api_access:
                         log.debug('Checking API KEY access for %s' % cls)
                         if user.api_key == request.GET.get('api_key'):
                             api_access_ok = True
                         else:
                             log.debug("API KEY token not valid")
                     loc = "%s:%s" % (cls.__class__.__name__, func.__name__)
                     log.debug('Checking if %s is authenticated @ %s' % (user.username, loc))
                     if user.is_authenticated or api_access_ok:
                         log.info('user %s is authenticated and granted access to %s' % (
                                    user.username, loc)
                         )
                         return func(*fargs, **fkwargs)
                     else:
                         log.warn('user %s NOT authenticated on func: %s' % (
                             user, loc)
                         )
                         p = url.current()
                         log.debug('redirecting to login page with %s' % p)
                         return redirect(url('login_home', came_from=p))
             class NotAnonymous(object):
                 """
                 Must be logged in to execute this function else
                 redirect to login page"""
                 def __call__(self, func):
                     return decorator(self.__wrapper, func)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     cls = fargs[0]
                     self.user = cls.rhodecode_user
                     log.debug('Checking if user is not anonymous @%s' % cls)
                     anonymous = self.user.username == 'default'
                     if anonymous:
                         p = url.current()
                         import rhodecode.lib.helpers as h
                         h.flash(_('You need to be a registered user to '
                                   'perform this action'),
                                 category='warning')
                         return redirect(url('login_home', came_from=p))
                     else:
                         return func(*fargs, **fkwargs)
             class PermsDecorator(object):
                 """Base class for controller decorators"""
                 def __init__(self, *required_perms):
                     available_perms = config['available_permissions']
                     for perm in required_perms:
                         if perm not in available_perms:
                             raise Exception("'%s' permission is not defined" % perm)
                     self.required_perms = set(required_perms)
                     self.user_perms = None
                 def __call__(self, func):
                     return decorator(self.__wrapper, func)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     cls = fargs[0]
                     self.user = cls.rhodecode_user
                     self.user_perms = self.user.permissions
                     log.debug('checking %s permissions %s for %s %s',
-                       self.__class__.__name__, self.required_perms, cls,
+                       self.__class__.__name__, self.required_perms, cls, self.user)
-                           self.user)
                     if self.check_permissions():
                         log.debug('Permission granted for %s %s' % (cls, self.user))
                         return func(*fargs, **fkwargs)
                     else:
                         log.debug('Permission denied for %s %s' % (cls, self.user))
                         anonymous = self.user.username == 'default'
                         if anonymous:
                             p = url.current()
                             import rhodecode.lib.helpers as h
                             h.flash(_('You need to be a signed in to '
                                       'view this page'),
                                     category='warning')
                             return redirect(url('login_home', came_from=p))
                         else:
                             # redirect with forbidden ret code
                             return abort(403)
                 def check_permissions(self):
                     """Dummy function for overriding"""
                     raise Exception('You have to write this function in child class')
             class HasPermissionAllDecorator(PermsDecorator):
                 """
                 Checks for access permission for all given predicates. All of them
                 have to be meet in order to fulfill the request
                 """
                 def check_permissions(self):
                     if self.required_perms.issubset(self.user_perms.get('global')):
                         return True
                     return False
             class HasPermissionAnyDecorator(PermsDecorator):
                 """
                 Checks for access permission for any of given predicates. In order to
                 fulfill the request any of predicates must be meet
                 """
                 def check_permissions(self):
                     if self.required_perms.intersection(self.user_perms.get('global')):
                         return True
                     return False
             class HasRepoPermissionAllDecorator(PermsDecorator):
                 """
                 Checks for access permission for all given predicates for specific
                 repository. All of them have to be meet in order to fulfill the request
                 """
                 def check_permissions(self):
                     repo_name = get_repo_slug(request)
                     try:
                         user_perms = set([self.user_perms['repositories'][repo_name]])
                     except KeyError:
                         return False
                     if self.required_perms.issubset(user_perms):
                         return True
                     return False
             class HasRepoPermissionAnyDecorator(PermsDecorator):
                 """
                 Checks for access permission for any of given predicates for specific
                 repository. In order to fulfill the request any of predicates must be meet
                 """
                 def check_permissions(self):
                     repo_name = get_repo_slug(request)
                     try:
                         user_perms = set([self.user_perms['repositories'][repo_name]])
                     except KeyError:
                         return False
                     if self.required_perms.intersection(user_perms):
                         return True
                     return False
             class HasReposGroupPermissionAllDecorator(PermsDecorator):
                 """
                 Checks for access permission for all given predicates for specific
                 repository. All of them have to be meet in order to fulfill the request
                 """
                 def check_permissions(self):
                     group_name = get_repos_group_slug(request)
                     try:
                         user_perms = set([self.user_perms['repositories_groups'][group_name]])
                     except KeyError:
                         return False
                     if self.required_perms.issubset(user_perms):
                         return True
                     return False
             class HasReposGroupPermissionAnyDecorator(PermsDecorator):
                 """
                 Checks for access permission for any of given predicates for specific
                 repository. In order to fulfill the request any of predicates must be meet
                 """
                 def check_permissions(self):
                     group_name = get_repos_group_slug(request)
                     try:
                         user_perms = set([self.user_perms['repositories_groups'][group_name]])
                     except KeyError:
                         return False
                     if self.required_perms.intersection(user_perms):
                         return True
                     return False
             #==============================================================================
             # CHECK FUNCTIONS
             #==============================================================================
             class PermsFunction(object):
                 """Base function for other check functions"""
                 def __init__(self, *perms):
                     available_perms = config['available_permissions']
                     for perm in perms:
                         if perm not in available_perms:
                             raise Exception("'%s' permission is not defined" % perm)
                     self.required_perms = set(perms)
                     self.user_perms = None
-                    self.granted_for = ''
                     self.repo_name = None
+                    self.group_name = None
                 def __call__(self, check_Location=''):
                     user = request.user
-                    log.debug('checking %s %s %s', self.__class__.__name__,
+                    cls_name = self.__class__.__name__
-                              self.required_perms, user)
+                    check_scope = {
+                        'HasPermissionAll': '',
+                        'HasPermissionAny': '',
+                        'HasRepoPermissionAll': 'repo:%s' % self.repo_name,
+                        'HasRepoPermissionAny': 'repo:%s' % self.repo_name,
+                        'HasReposGroupPermissionAll': 'group:%s' % self.group_name,
+                        'HasReposGroupPermissionAny': 'group:%s' % self.group_name,
+                    }.get(cls_name, '?')
+                    log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
+                              self.required_perms, user, check_scope,
+                              check_Location or 'unspecified location')
                     if not user:
                         log.debug('Empty request user')
                         return False
                     self.user_perms = user.permissions
-                    self.granted_for = user
                     if self.check_permissions():
-                        log.debug('Permission granted %s @ %s', self.granted_for,
+                        log.debug('Permission granted for user: %s @ %s', user,
                                   check_Location or 'unspecified location')
                         return True
                     else:
-                        log.debug('Permission denied for %s @ %s', self.granted_for,
+                        log.debug('Permission denied for user: %s @ %s', user,
                                     check_Location or 'unspecified location')
                         return False
                 def check_permissions(self):
                     """Dummy function for overriding"""
                     raise Exception('You have to write this function in child class')
             class HasPermissionAll(PermsFunction):
                 def check_permissions(self):
                     if self.required_perms.issubset(self.user_perms.get('global')):
                         return True
                     return False
             class HasPermissionAny(PermsFunction):
                 def check_permissions(self):
                     if self.required_perms.intersection(self.user_perms.get('global')):
                         return True
                     return False
             class HasRepoPermissionAll(PermsFunction):
                 def __call__(self, repo_name=None, check_Location=''):
                     self.repo_name = repo_name
                     return super(HasRepoPermissionAll, self).__call__(check_Location)
                 def check_permissions(self):
                     if not self.repo_name:
                         self.repo_name = get_repo_slug(request)
                     try:
-                        self.user_perms = set(
+                        self._user_perms = set(
                             [self.user_perms['repositories'][self.repo_name]]
                         )
                     except KeyError:
                         return False
-                    self.granted_for = self.repo_name
+                    if self.required_perms.issubset(self._user_perms):
-                    if self.required_perms.issubset(self.user_perms):
                         return True
                     return False
             class HasRepoPermissionAny(PermsFunction):
                 def __call__(self, repo_name=None, check_Location=''):
                     self.repo_name = repo_name
                     return super(HasRepoPermissionAny, self).__call__(check_Location)
                 def check_permissions(self):
                     if not self.repo_name:
                         self.repo_name = get_repo_slug(request)
                     try:
-                        self.user_perms = set(
+                        self._user_perms = set(
                             [self.user_perms['repositories'][self.repo_name]]
                         )
                     except KeyError:
                         return False
-                    self.granted_for = self.repo_name
+                    if self.required_perms.intersection(self._user_perms):
-                    if self.required_perms.intersection(self.user_perms):
                         return True
                     return False
             class HasReposGroupPermissionAny(PermsFunction):
                 def __call__(self, group_name=None, check_Location=''):
                     self.group_name = group_name
                     return super(HasReposGroupPermissionAny, self).__call__(check_Location)
                 def check_permissions(self):
                     try:
-                        self.user_perms = set(
+                        self._user_perms = set(
                             [self.user_perms['repositories_groups'][self.group_name]]
                         )
                     except KeyError:
                         return False
-                    self.granted_for = self.repo_name
+                    if self.required_perms.intersection(self._user_perms):
-                    if self.required_perms.intersection(self.user_perms):
                         return True
                     return False
             class HasReposGroupPermissionAll(PermsFunction):
                 def __call__(self, group_name=None, check_Location=''):
                     self.group_name = group_name
                     return super(HasReposGroupPermissionAny, self).__call__(check_Location)
                 def check_permissions(self):
                     try:
-                        self.user_perms = set(
+                        self._user_perms = set(
                             [self.user_perms['repositories_groups'][self.group_name]]
                         )
                     except KeyError:
                         return False
-                    self.granted_for = self.repo_name
+                    if self.required_perms.issubset(self._user_perms):
-                    if self.required_perms.issubset(self.user_perms):
                         return True
                     return False
             #==============================================================================
             # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
             #==============================================================================
             class HasPermissionAnyMiddleware(object):
                 def __init__(self, *perms):
                     self.required_perms = set(perms)
                 def __call__(self, user, repo_name):
                     # repo_name MUST be unicode, since we handle keys in permission
                     # dict by unicode
                     repo_name = safe_unicode(repo_name)
                     usr = AuthUser(user.user_id)
                     try:
                         self.user_perms = set([usr.permissions['repositories'][repo_name]])
                     except Exception:
                         log.error('Exception while accessing permissions %s' %
                                   traceback.format_exc())
                         self.user_perms = set()
-                    self.granted_for = ''
                     self.username = user.username
                     self.repo_name = repo_name
                     return self.check_permissions()
                 def check_permissions(self):
                     log.debug('checking mercurial protocol '
                               'permissions %s for user:%s repository:%s', self.user_perms,
                                                             self.username, self.repo_name)
                     if self.required_perms.intersection(self.user_perms):
-                        log.debug('permission granted')
+                        log.debug('permission granted for user:%s on repo:%s' % (
+                                      self.username, self.repo_name
+                                 )
+                        )
                         return True
-                    log.debug('permission denied')
+                    log.debug('permission denied for user:%s on repo:%s' % (
+                                  self.username, self.repo_name
+                             )
+                    )
                     return False

rhodecode/lib/helpers.py

0 +5 -5

             """Helper functions
             Consists of functions to typically be used within templates, but also
             available to Controllers. This module is available to both as 'h'.
             """
             import random
             import hashlib
             import StringIO
             import urllib
             import math
             import logging
             from datetime import datetime
             from pygments.formatters.html import HtmlFormatter
             from pygments import highlight as code_highlight
             from pylons import url, request, config
             from pylons.i18n.translation import _, ungettext
             from hashlib import md5
             from webhelpers.html import literal, HTML, escape
             from webhelpers.html.tools import *
             from webhelpers.html.builder import make_tag
             from webhelpers.html.tags import auto_discovery_link, checkbox, css_classes, \
                 end_form, file, form, hidden, image, javascript_link, link_to, \
                 link_to_if, link_to_unless, ol, required_legend, select, stylesheet_link, \
                 submit, text, password, textarea, title, ul, xml_declaration, radio
             from webhelpers.html.tools import auto_link, button_to, highlight, \
                 js_obfuscate, mail_to, strip_links, strip_tags, tag_re
             from webhelpers.number import format_byte_size, format_bit_size
             from webhelpers.pylonslib import Flash as _Flash
             from webhelpers.pylonslib.secure_form import secure_form
             from webhelpers.text import chop_at, collapse, convert_accented_entities, \
                 convert_misc_entities, lchop, plural, rchop, remove_formatting, \
                 replace_whitespace, urlify, truncate, wrap_paragraphs
             from webhelpers.date import time_ago_in_words
             from webhelpers.paginate import Page
             from webhelpers.html.tags import _set_input_attrs, _set_id_attr, \
                 convert_boolean_attrs, NotGiven, _make_safe_id_component
             from rhodecode.lib.annotate import annotate_highlight
             from rhodecode.lib.utils import repo_name_slug
             from rhodecode.lib.utils2 import str2bool, safe_unicode, safe_str, \
                 get_changeset_safe
             from rhodecode.lib.markup_renderer import MarkupRenderer
             log = logging.getLogger(__name__)
             def _reset(name, value=None, id=NotGiven, type="reset", **attrs):
                 """
                 Reset button
                 """
                 _set_input_attrs(attrs, type, name, value)
                 _set_id_attr(attrs, id, name)
                 convert_boolean_attrs(attrs, ["disabled"])
                 return HTML.input(**attrs)
             reset = _reset
             safeid = _make_safe_id_component
             def FID(raw_id, path):
                 """
                 Creates a uniqe ID for filenode based on it's hash of path and revision
                 it's safe to use in urls
                 :param raw_id:
                 :param path:
                 """
                 return 'C-%s-%s' % (short_id(raw_id), md5(path).hexdigest()[:12])
             def get_token():
                 """Return the current authentication token, creating one if one doesn't
                 already exist.
                 """
                 token_key = "_authentication_token"
                 from pylons import session
                 if not token_key in session:
                     try:
                         token = hashlib.sha1(str(random.getrandbits(128))).hexdigest()
                     except AttributeError: # Python < 2.4
                         token = hashlib.sha1(str(random.randrange(2 ** 128))).hexdigest()
                     session[token_key] = token
                     if hasattr(session, 'save'):
                         session.save()
                 return session[token_key]
             class _GetError(object):
                 """Get error from form_errors, and represent it as span wrapped error
                 message
                 :param field_name: field to fetch errors for
                 :param form_errors: form errors dict
                 """
                 def __call__(self, field_name, form_errors):
                     tmpl = """<span class="error_msg">%s</span>"""
                     if form_errors and form_errors.has_key(field_name):
                         return literal(tmpl % form_errors.get(field_name))
             get_error = _GetError()
             class _ToolTip(object):
                 def __call__(self, tooltip_title, trim_at=50):
                     """Special function just to wrap our text into nice formatted
                     autowrapped text
                     :param tooltip_title:
                     """
                     return escape(tooltip_title)
             tooltip = _ToolTip()
             class _FilesBreadCrumbs(object):
                 def __call__(self, repo_name, rev, paths):
                     if isinstance(paths, str):
                         paths = safe_unicode(paths)
                     url_l = [link_to(repo_name, url('files_home',
                                                     repo_name=repo_name,
                                                     revision=rev, f_path=''))]
                     paths_l = paths.split('/')
                     for cnt, p in enumerate(paths_l):
                         if p != '':
                             url_l.append(link_to(p,
                                                  url('files_home',
                                                      repo_name=repo_name,
                                                      revision=rev,
                                                      f_path='/'.join(paths_l[:cnt + 1])
                                                      )
                                                  )
                                          )
                     return literal('/'.join(url_l))
             files_breadcrumbs = _FilesBreadCrumbs()
             class CodeHtmlFormatter(HtmlFormatter):
                 """My code Html Formatter for source codes
                 """
                 def wrap(self, source, outfile):
                     return self._wrap_div(self._wrap_pre(self._wrap_code(source)))
                 def _wrap_code(self, source):
                     for cnt, it in enumerate(source):
                         i, t = it
                         t = '<div id="L%s">%s</div>' % (cnt + 1, t)
                         yield i, t
                 def _wrap_tablelinenos(self, inner):
                     dummyoutfile = StringIO.StringIO()
                     lncount = 0
                     for t, line in inner:
                         if t:
                             lncount += 1
                         dummyoutfile.write(line)
                     fl = self.linenostart
                     mw = len(str(lncount + fl - 1))
                     sp = self.linenospecial
                     st = self.linenostep
                     la = self.lineanchors
                     aln = self.anchorlinenos
                     nocls = self.noclasses
                     if sp:
                         lines = []
                         for i in range(fl, fl + lncount):
                             if i % st == 0:
                                 if i % sp == 0:
                                     if aln:
                                         lines.append('<a href="#%s%d" class="special">%*d</a>' %
                                                      (la, i, mw, i))
                                     else:
                                         lines.append('<span class="special">%*d</span>' % (mw, i))
                                 else:
                                     if aln:
                                         lines.append('<a href="#%s%d">%*d</a>' % (la, i, mw, i))
                                     else:
                                         lines.append('%*d' % (mw, i))
                             else:
                                 lines.append('')
                         ls = '\n'.join(lines)
                     else:
                         lines = []
                         for i in range(fl, fl + lncount):
                             if i % st == 0:
                                 if aln:
                                     lines.append('<a href="#%s%d">%*d</a>' % (la, i, mw, i))
                                 else:
                                     lines.append('%*d' % (mw, i))
                             else:
                                 lines.append('')
                         ls = '\n'.join(lines)
                     # in case you wonder about the seemingly redundant <div> here: since the
                     # content in the other cell also is wrapped in a div, some browsers in
                     # some configurations seem to mess up the formatting...
                     if nocls:
                         yield 0, ('<table class="%stable">' % self.cssclass +
                                   '<tr><td><div class="linenodiv" '
                                   'style="background-color: #f0f0f0; padding-right: 10px">'
                                   '<pre style="line-height: 125%">' +
                                   ls + '</pre></div></td><td id="hlcode" class="code">')
                     else:
                         yield 0, ('<table class="%stable">' % self.cssclass +
                                   '<tr><td class="linenos"><div class="linenodiv"><pre>' +
                                   ls + '</pre></div></td><td id="hlcode" class="code">')
                     yield 0, dummyoutfile.getvalue()
                     yield 0, '</td></tr></table>'
             def pygmentize(filenode, **kwargs):
                 """pygmentize function using pygments
                 :param filenode:
                 """
                 return literal(code_highlight(filenode.content,
                                               filenode.lexer, CodeHtmlFormatter(**kwargs)))
             def pygmentize_annotation(repo_name, filenode, **kwargs):
                 """
                 pygmentize function for annotation
                 :param filenode:
                 """
                 color_dict = {}
                 def gen_color(n=10000):
                     """generator for getting n of evenly distributed colors using
                     hsv color and golden ratio. It always return same order of colors
                     :returns: RGB tuple
                     """
                     def hsv_to_rgb(h, s, v):
                         if s == 0.0:
                             return v, v, v
                         i = int(h * 6.0)  # XXX assume int() truncates!
                         f = (h * 6.0) - i
                         p = v * (1.0 - s)
                         q = v * (1.0 - s * f)
                         t = v * (1.0 - s * (1.0 - f))
                         i = i % 6
                         if i == 0:
                             return v, t, p
                         if i == 1:
                             return q, v, p
                         if i == 2:
                             return p, v, t
                         if i == 3:
                             return p, q, v
                         if i == 4:
                             return t, p, v
                         if i == 5:
                             return v, p, q
                     golden_ratio = 0.618033988749895
                     h = 0.22717784590367374
                     for _ in xrange(n):
                         h += golden_ratio
                         h %= 1
                         HSV_tuple = [h, 0.95, 0.95]
                         RGB_tuple = hsv_to_rgb(*HSV_tuple)
                         yield map(lambda x: str(int(x * 256)), RGB_tuple)
                 cgenerator = gen_color()
                 def get_color_string(cs):
                     if cs in color_dict:
                         col = color_dict[cs]
                     else:
                         col = color_dict[cs] = cgenerator.next()
                     return "color: rgb(%s)! important;" % (', '.join(col))
                 def url_func(repo_name):
                     def _url_func(changeset):
                         author = changeset.author
                         date = changeset.date
                         message = tooltip(changeset.message)
                         tooltip_html = ("<div style='font-size:0.8em'><b>Author:</b>"
                                         " %s<br/><b>Date:</b> %s</b><br/><b>Message:"
                                         "</b> %s<br/></div>")
                         tooltip_html = tooltip_html % (author, date, message)
                         lnk_format = '%5s:%s' % ('r%s' % changeset.revision,
                                                  short_id(changeset.raw_id))
                         uri = link_to(
                                 lnk_format,
                                 url('changeset_home', repo_name=repo_name,
                                     revision=changeset.raw_id),
                                 style=get_color_string(changeset.raw_id),
                                 class_='tooltip',
                                 title=tooltip_html
                               )
                         uri += '\n'
                         return uri
                     return _url_func
                 return literal(annotate_highlight(filenode, url_func(repo_name), **kwargs))
             def is_following_repo(repo_name, user_id):
                 from rhodecode.model.scm import ScmModel
                 return ScmModel().is_following_repo(repo_name, user_id)
             flash = _Flash()
             #==============================================================================
             # SCM FILTERS available via h.
             #==============================================================================
             from rhodecode.lib.vcs.utils import author_name, author_email
             from rhodecode.lib.utils2 import credentials_filter, age as _age
             from rhodecode.model.db import User
             age = lambda  x: _age(x)
             capitalize = lambda x: x.capitalize()
             email = author_email
             short_id = lambda x: x[:12]
             hide_credentials = lambda x: ''.join(credentials_filter(x))
             def is_git(repository):
                 if hasattr(repository, 'alias'):
                     _type = repository.alias
                 elif hasattr(repository, 'repo_type'):
                     _type = repository.repo_type
                 else:
                     _type = repository
                 return _type == 'git'
             def is_hg(repository):
                 if hasattr(repository, 'alias'):
                     _type = repository.alias
                 elif hasattr(repository, 'repo_type'):
                     _type = repository.repo_type
                 else:
                     _type = repository
                 return _type == 'hg'
             def email_or_none(author):
                 _email = email(author)
                 if _email != '':
                     return _email
                 # See if it contains a username we can get an email from
                 user = User.get_by_username(author_name(author), case_insensitive=True,
                                             cache=True)
                 if user is not None:
                     return user.email
                 # No valid email, not a valid user in the system, none!
                 return None
             def person(author):
                 # attr to return from fetched user
                 person_getter = lambda usr: usr.username
                 # Valid email in the attribute passed, see if they're in the system
                 _email = email(author)
                 if _email != '':
                     user = User.get_by_email(_email, case_insensitive=True, cache=True)
                     if user is not None:
                         return person_getter(user)
                     return _email
                 # Maybe it's a username?
                 _author = author_name(author)
                 user = User.get_by_username(_author, case_insensitive=True,
                                             cache=True)
                 if user is not None:
                     return person_getter(user)
                 # Still nothing?  Just pass back the author name then
                 return _author
             def bool2icon(value):
                 """Returns True/False values represented as small html image of true/false
                 icons
                 :param value: bool value
                 """
                 if value is True:
                     return HTML.tag('img', src=url("/images/icons/accept.png"),
                                     alt=_('True'))
                 if value is False:
                     return HTML.tag('img', src=url("/images/icons/cancel.png"),
                                     alt=_('False'))
                 return value
             def action_parser(user_log, feed=False):
                 """
                 This helper will action_map the specified string action into translated
                 fancy names with icons and links
                 :param user_log: user log instance
                 :param feed: use output for feeds (no html and fancy icons)
                 """
                 action = user_log.action
                 action_params = ' '
                 x = action.split(':')
                 if len(x) > 1:
                     action, action_params = x
                 def get_cs_links():
                     revs_limit = 3  # display this amount always
                     revs_top_limit = 50  # show upto this amount of changesets hidden
                     revs_ids = action_params.split(',')
                     deleted = user_log.repository is None
                     if deleted:
                         return ','.join(revs_ids)
                     repo_name = user_log.repository.repo_name
                     repo = user_log.repository.scm_instance
                     message = lambda rev: rev.message
                     lnk = lambda rev, repo_name: (
                         link_to('r%s:%s' % (rev.revision, rev.short_id),
                                 url('changeset_home', repo_name=repo_name,
                                     revision=rev.raw_id),
                                 title=tooltip(message(rev)), class_='tooltip')
                     )
                     # get only max revs_top_limit of changeset for performance/ui reasons
                     revs = [
                         x for x in repo.get_changesets(revs_ids[0],
                                                        revs_ids[:revs_top_limit][-1])
                     ]
                     cs_links = []
                     cs_links.append(" " + ', '.join(
                         [lnk(rev, repo_name) for rev in revs[:revs_limit]]
                         )
                     )
                     compare_view = (
                         ' <div class="compare_view tooltip" title="%s">'
                         '<a href="%s">%s</a> </div>' % (
                             _('Show all combined changesets %s->%s') % (
                                 revs_ids[0], revs_ids[-1]
                             ),
                             url('changeset_home', repo_name=repo_name,
                                 revision='%s...%s' % (revs_ids[0], revs_ids[-1])
                             ),
                             _('compare view')
                         )
                     )
                     # if we have exactly one more than normally displayed
                     # just display it, takes less space than displaying
                     # "and 1 more revisions"
                     if len(revs_ids) == revs_limit + 1:
                         rev = revs[revs_limit]
                         cs_links.append(", " + lnk(rev, repo_name))
                     # hidden-by-default ones
                     if len(revs_ids) > revs_limit + 1:
                         uniq_id = revs_ids[0]
                         html_tmpl = (
                             '<span> %s <a class="show_more" id="_%s" '
                             'href="#more">%s</a> %s</span>'
                         )
                         if not feed:
                             cs_links.append(html_tmpl % (
                                   _('and'),
                                   uniq_id, _('%s more') % (len(revs_ids) - revs_limit),
                                   _('revisions')
                                 )
                             )
                         if not feed:
                             html_tmpl = '<span id="%s" style="display:none">, %s </span>'
                         else:
                             html_tmpl = '<span id="%s"> %s </span>'
                         morelinks = ', '.join(
                           [lnk(rev, repo_name) for rev in revs[revs_limit:]]
                         )
                         if len(revs_ids) > revs_top_limit:
                             morelinks += ', ...'
                         cs_links.append(html_tmpl % (uniq_id, morelinks))
                     if len(revs) > 1:
                         cs_links.append(compare_view)
                     return ''.join(cs_links)
                 def get_fork_name():
                     repo_name = action_params
                     return _('fork name ') + str(link_to(action_params, url('summary_home',
                                                       repo_name=repo_name,)))
                 action_map = {'user_deleted_repo': (_('[deleted] repository'), None),
                        'user_created_repo': (_('[created] repository'), None),
                        'user_created_fork': (_('[created] repository as fork'), None),
                        'user_forked_repo': (_('[forked] repository'), get_fork_name),
                        'user_updated_repo': (_('[updated] repository'), None),
                        'admin_deleted_repo': (_('[delete] repository'), None),
                        'admin_created_repo': (_('[created] repository'), None),
                        'admin_forked_repo': (_('[forked] repository'), None),
                        'admin_updated_repo': (_('[updated] repository'), None),
                        'push': (_('[pushed] into'), get_cs_links),
                        'push_local': (_('[committed via RhodeCode] into'), get_cs_links),
                        'push_remote': (_('[pulled from remote] into'), get_cs_links),
                        'pull': (_('[pulled] from'), None),
                        'started_following_repo': (_('[started following] repository'), None),
                        'stopped_following_repo': (_('[stopped following] repository'), None),
                         }
                 action_str = action_map.get(action, action)
                 if feed:
                     action = action_str[0].replace('[', '').replace(']', '')
                 else:
                     action = action_str[0]\
                         .replace('[', '<span class="journal_highlight">')\
                         .replace(']', '</span>')
                 action_params_func = lambda: ""
                 if callable(action_str[1]):
                     action_params_func = action_str[1]
                 return [literal(action), action_params_func]
             def action_parser_icon(user_log):
                 action = user_log.action
                 action_params = None
                 x = action.split(':')
                 if len(x) > 1:
                     action, action_params = x
                 tmpl = """<img src="%s%s" alt="%s"/>"""
                 map = {'user_deleted_repo':'database_delete.png',
                        'user_created_repo':'database_add.png',
                        'user_created_fork':'arrow_divide.png',
                        'user_forked_repo':'arrow_divide.png',
                        'user_updated_repo':'database_edit.png',
                        'admin_deleted_repo':'database_delete.png',
                        'admin_created_repo':'database_add.png',
                        'admin_forked_repo':'arrow_divide.png',
                        'admin_updated_repo':'database_edit.png',
                        'push':'script_add.png',
                        'push_local':'script_edit.png',
                        'push_remote':'connect.png',
                        'pull':'down_16.png',
                        'started_following_repo':'heart_add.png',
                        'stopped_following_repo':'heart_delete.png',
                         }
                 return literal(tmpl % ((url('/images/icons/')),
                                        map.get(action, action), action))
             #==============================================================================
             # PERMS
             #==============================================================================
             from rhodecode.lib.auth import HasPermissionAny, HasPermissionAll, \
             HasRepoPermissionAny, HasRepoPermissionAll
             #==============================================================================
             # GRAVATAR URL
             #==============================================================================
             def gravatar_url(email_address, size=30):
                 if (not str2bool(config['app_conf'].get('use_gravatar')) or
                     not email_address or email_address == 'anonymous@rhodecode.org'):
                     f = lambda a, l: min(l, key=lambda x: abs(x - a))
                     return url("/images/user%s.png" % f(size, [14, 16, 20, 24, 30]))
                 ssl_enabled = 'https' == request.environ.get('wsgi.url_scheme')
                 default = 'identicon'
                 baseurl_nossl = "http://www.gravatar.com/avatar/"
                 baseurl_ssl = "https://secure.gravatar.com/avatar/"
                 baseurl = baseurl_ssl if ssl_enabled else baseurl_nossl
                 if isinstance(email_address, unicode):
                     #hashlib crashes on unicode items
                     email_address = safe_str(email_address)
                 # construct the url
                 gravatar_url = baseurl + hashlib.md5(email_address.lower()).hexdigest() + "?"
                 gravatar_url += urllib.urlencode({'d': default, 's': str(size)})
                 return gravatar_url
             #==============================================================================
             # REPO PAGER, PAGER FOR REPOSITORY
             #==============================================================================
             class RepoPage(Page):
                 def __init__(self, collection, page=1, items_per_page=20,
                              item_count=None, url=None, **kwargs):
                     """Create a "RepoPage" instance. special pager for paging
                     repository
                     """
                     self._url_generator = url
                     # Safe the kwargs class-wide so they can be used in the pager() method
                     self.kwargs = kwargs
                     # Save a reference to the collection
                     self.original_collection = collection
                     self.collection = collection
                     # The self.page is the number of the current page.
                     # The first page has the number 1!
                     try:
                         self.page = int(page)  # make it int() if we get it as a string
                     except (ValueError, TypeError):
                         self.page = 1
                     self.items_per_page = items_per_page
                     # Unless the user tells us how many items the collections has
                     # we calculate that ourselves.
                     if item_count is not None:
                         self.item_count = item_count
                     else:
                         self.item_count = len(self.collection)
                     # Compute the number of the first and last available page
                     if self.item_count > 0:
                         self.first_page = 1
                         self.page_count = int(math.ceil(float(self.item_count) /
                                                         self.items_per_page))
                         self.last_page = self.first_page + self.page_count - 1
                         # Make sure that the requested page number is the range of
                         # valid pages
                         if self.page > self.last_page:
                             self.page = self.last_page
                         elif self.page < self.first_page:
                             self.page = self.first_page
                         # Note: the number of items on this page can be less than
                         #       items_per_page if the last page is not full
                         self.first_item = max(0, (self.item_count) - (self.page *
                                                                       items_per_page))
                         self.last_item = ((self.item_count - 1) - items_per_page *
                                           (self.page - 1))
                         self.items = list(self.collection[self.first_item:self.last_item + 1])
                         # Links to previous and next page
                         if self.page > self.first_page:
                             self.previous_page = self.page - 1
                         else:
                             self.previous_page = None
                         if self.page < self.last_page:
                             self.next_page = self.page + 1
                         else:
                             self.next_page = None
                     # No items available
                     else:
                         self.first_page = None
                         self.page_count = 0
                         self.last_page = None
                         self.first_item = None
                         self.last_item = None
                         self.previous_page = None
                         self.next_page = None
                         self.items = []
                     # This is a subclass of the 'list' type. Initialise the list now.
                     list.__init__(self, reversed(self.items))
             def changed_tooltip(nodes):
                 """
                 Generates a html string for changed nodes in changeset page.
                 It limits the output to 30 entries
                 :param nodes: LazyNodesGenerator
                 """
                 if nodes:
                     pref = ': <br/> '
                     suf = ''
                     if len(nodes) > 30:
                         suf = '<br/>' + _(' and %s more') % (len(nodes) - 30)
                     return literal(pref + '<br/> '.join([safe_unicode(x.path)
                                                          for x in nodes[:30]]) + suf)
                 else:
                     return ': ' + _('No Files')
             def repo_link(groups_and_repos):
                 """
                 Makes a breadcrumbs link to repo within a group
                 joins &raquo; on each group to create a fancy link
                 ex::
                     group >> subgroup >> repo
                 :param groups_and_repos:
                 """
                 groups, repo_name = groups_and_repos
                 if not groups:
                     return repo_name
                 else:
                     def make_link(group):
                         return link_to(group.name, url('repos_group_home',
                                                        group_name=group.group_name))
                     return literal(' &raquo; '.join(map(make_link, groups)) + \
                                    " &raquo; " + repo_name)
             def fancy_file_stats(stats):
                 """
                 Displays a fancy two colored bar for number of added/deleted
                 lines of code on file
                 :param stats: two element list of added/deleted lines of code
                 """
                 a, d, t = stats[0], stats[1], stats[0] + stats[1]
                 width = 100
                 unit = float(width) / (t or 1)
                 # needs > 9% of width to be visible or 0 to be hidden
                 a_p = max(9, unit * a) if a > 0 else 0
                 d_p = max(9, unit * d) if d > 0 else 0
                 p_sum = a_p + d_p
                 if p_sum > width:
                     #adjust the percentage to be == 100% since we adjusted to 9
                     if a_p > d_p:
                         a_p = a_p - (p_sum - width)
                     else:
                         d_p = d_p - (p_sum - width)
                 a_v = a if a > 0 else ''
                 d_v = d if d > 0 else ''
                 def cgen(l_type):
                     mapping = {'tr': 'top-right-rounded-corner-mid',
                                'tl': 'top-left-rounded-corner-mid',
                                'br': 'bottom-right-rounded-corner-mid',
                                'bl': 'bottom-left-rounded-corner-mid'}
                     map_getter = lambda x: mapping[x]
                     if l_type == 'a' and d_v:
                         #case when added and deleted are present
                         return ' '.join(map(map_getter, ['tl', 'bl']))
                     if l_type == 'a' and not d_v:
                         return ' '.join(map(map_getter, ['tr', 'br', 'tl', 'bl']))
                     if l_type == 'd' and a_v:
                         return ' '.join(map(map_getter, ['tr', 'br']))
                     if l_type == 'd' and not a_v:
                         return ' '.join(map(map_getter, ['tr', 'br', 'tl', 'bl']))
                 d_a = '<div class="added %s" style="width:%s%%">%s</div>' % (
                     cgen('a'), a_p, a_v
                 )
                 d_d = '<div class="deleted %s" style="width:%s%%">%s</div>' % (
                     cgen('d'), d_p, d_v
                 )
                 return literal('<div style="width:%spx">%s%s</div>' % (width, d_a, d_d))
             def urlify_text(text_):
                 import re
                 url_pat = re.compile(r'''(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]'''
                                      '''|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+)''')
                 def url_func(match_obj):
                     url_full = match_obj.groups()[0]
                     return '<a href="%(url)s">%(url)s</a>' % ({'url': url_full})
                 return literal(url_pat.sub(url_func, text_))
             def urlify_changesets(text_, repository):
                 """
                 Extract revision ids from changeset and make link from them
                 :param text_:
                 :param repository:
                 """
                 import re
                 URL_PAT = re.compile(r'([0-9a-fA-F]{12,})')
                 def url_func(match_obj):
                     rev = match_obj.groups()[0]
                     pref = ''
                     if match_obj.group().startswith(' '):
                         pref = ' '
                     tmpl = (
                     '%(pref)s<a class="%(cls)s" href="%(url)s">'
                     '%(rev)s'
                     '</a>'
                     )
                     return tmpl % {
                      'pref': pref,
                      'cls': 'revision-link',
                      'url': url('changeset_home', repo_name=repository, revision=rev),
                      'rev': rev,
                     }
                 newtext = URL_PAT.sub(url_func, text_)
                 return newtext
             def urlify_commit(text_, repository=None, link_=None):
                 """
                 Parses given text message and makes proper links.
                 issues are linked to given issue-server, and rest is a changeset link
                 if link_ is given, in other case it's a plain text
                 :param text_:
                 :param repository:
                 :param link_: changeset link
                 """
                 import re
                 import traceback
                 def escaper(string):
                     return string.replace('<', '&lt;').replace('>', '&gt;')
                 def linkify_others(t, l):
                     urls = re.compile(r'(\<a.*?\<\/a\>)',)
                     links = []
                     for e in urls.split(t):
                         if not urls.match(e):
                             links.append('<a class="message-link" href="%s">%s</a>' % (l, e))
                         else:
                             links.append(e)
                     return ''.join(links)
                 # urlify changesets - extrac revisions and make link out of them
                 text_ = urlify_changesets(escaper(text_), repository)
                 try:
                     conf = config['app_conf']
                     URL_PAT = re.compile(r'%s' % conf.get('issue_pat'))
                     if URL_PAT:
                         ISSUE_SERVER_LNK = conf.get('issue_server_link')
                         ISSUE_PREFIX = conf.get('issue_prefix')
                         def url_func(match_obj):
                             pref = ''
                             if match_obj.group().startswith(' '):
                                 pref = ' '
                             issue_id = ''.join(match_obj.groups())
                             tmpl = (
                             '%(pref)s<a class="%(cls)s" href="%(url)s">'
                             '%(issue-prefix)s%(id-repr)s'
                             '</a>'
                             )
                             url = ISSUE_SERVER_LNK.replace('{id}', issue_id)
                             if repository:
                                 url = url.replace('{repo}', repository)
                             return tmpl % {
                                  'pref': pref,
                                  'cls': 'issue-tracker-link',
                                  'url': url,
                                  'id-repr': issue_id,
                                  'issue-prefix': ISSUE_PREFIX,
                                  'serv': ISSUE_SERVER_LNK,
                             }
                         newtext = URL_PAT.sub(url_func, text_)
                         if link_:
                             # wrap not links into final link => link_
                             newtext = linkify_others(newtext, link_)
                         return literal(newtext)
                 except:
                     log.error(traceback.format_exc())
                     pass
                 return text_
             def rst(source):
                 return literal('<div class="rst-block">%s</div>' %
                                MarkupRenderer.rst(source))
             def rst_w_mentions(source):
                 """
                 Wrapped rst renderer with @mention highlighting
                 :param source:
                 """
                 return literal('<div class="rst-block">%s</div>' %
                                MarkupRenderer.rst_with_mentions(source))

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages