upstream/kallithea Commit - r3786:222e6769

Added separate default permission for external_auth account...

marcink -

r3786:222e6769 beta

parent child

rhodecode/controllers/admin/permissions.py

0 +11 -1

             # -*- coding: utf-8 -*-
             """
                 rhodecode.controllers.admin.permissions
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                 permissions controller for Rhodecode
                 :created_on: Apr 27, 2010
                 :author: marcink
                 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import logging
             import traceback
             import formencode
             from formencode import htmlfill
             from pylons import request, session, tmpl_context as c, url
             from pylons.controllers.util import abort, redirect
             from pylons.i18n.translation import _
             from rhodecode.lib import helpers as h
             from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator,\
                 AuthUser
             from rhodecode.lib.base import BaseController, render
             from rhodecode.model.forms import DefaultPermissionsForm
             from rhodecode.model.permission import PermissionModel
             from rhodecode.model.db import User, UserIpMap, Permission
             from rhodecode.model.meta import Session
             log = logging.getLogger(__name__)
             class PermissionsController(BaseController):
                 """REST Controller styled on the Atom Publishing Protocol"""
                 # To properly map this controller, ensure your config/routing.py
                 # file has a resource setup:
                 #     map.resource('permission', 'permissions')
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 def __before__(self):
                     super(PermissionsController, self).__before__()
                     c.repo_perms_choices = [('repository.none', _('None'),),
                                                ('repository.read', _('Read'),),
                                                ('repository.write', _('Write'),),
                                                ('repository.admin', _('Admin'),)]
                     c.group_perms_choices = [('group.none', _('None'),),
                                              ('group.read', _('Read'),),
                                              ('group.write', _('Write'),),
                                              ('group.admin', _('Admin'),)]
                     c.user_group_perms_choices = [('usergroup.none', _('None'),),
                                                   ('usergroup.read', _('Read'),),
                                                   ('usergroup.write', _('Write'),),
                                                   ('usergroup.admin', _('Admin'),)]
                     c.register_choices = [
                         ('hg.register.none',
                             _('Disabled')),
                         ('hg.register.manual_activate',
                             _('Allowed with manual account activation')),
                         ('hg.register.auto_activate',
                             _('Allowed with automatic account activation')), ]
+                    c.extern_activate_choices = [
+                        ('hg.extern_activate.manual', _('Manual activation of external account')),
+                        ('hg.extern_activate.auto', _('Automatic activation of external account')),
+                    ]
                     c.repo_create_choices = [('hg.create.none', _('Disabled')),
                                              ('hg.create.repository', _('Enabled'))]
                     c.user_group_create_choices = [('hg.usergroup.create.false', _('Disabled')),
                                                    ('hg.usergroup.create.true', _('Enabled'))]
                     c.repo_group_create_choices = [('hg.repogroup.create.false', _('Disabled')),
                                                    ('hg.repogroup.create.true', _('Enabled'))]
                     c.fork_choices = [('hg.fork.none', _('Disabled')),
                                       ('hg.fork.repository', _('Enabled'))]
                 def index(self, format='html'):
                     """GET /permissions: All items in the collection"""
                     # url('permissions')
                 def create(self):
                     """POST /permissions: Create a new item"""
                     # url('permissions')
                 def new(self, format='html'):
                     """GET /permissions/new: Form to create a new item"""
                     # url('new_permission')
                 def update(self, id):
                     """PUT /permissions/id: Update an existing item"""
                     # Forms posted to this method should contain a hidden field:
                     #    <input type="hidden" name="_method" value="PUT" />
                     # Or using helpers:
                     #    h.form(url('permission', id=ID),
                     #           method='put')
                     # url('permission', id=ID)
                     if id == 'default':
                         c.user = default_user = User.get_default_user()
                         c.perm_user = AuthUser(user_id=default_user.user_id)
                         c.user_ip_map = UserIpMap.query()\
                                         .filter(UserIpMap.user == default_user).all()
                         _form = DefaultPermissionsForm(
                                 [x[0] for x in c.repo_perms_choices],
                                 [x[0] for x in c.group_perms_choices],
                                 [x[0] for x in c.user_group_perms_choices],
                                 [x[0] for x in c.repo_create_choices],
                                 [x[0] for x in c.repo_group_create_choices],
                                 [x[0] for x in c.user_group_create_choices],
                                 [x[0] for x in c.fork_choices],
-                                [x[0] for x in c.register_choices])()
+                                [x[0] for x in c.register_choices],
+                                [x[0] for x in c.extern_activate_choices],
+                        )()
                         try:
                             form_result = _form.to_python(dict(request.POST))
                             form_result.update({'perm_user_name': id})
                             PermissionModel().update(form_result)
                             Session().commit()
                             h.flash(_('Default permissions updated successfully'),
                                     category='success')
                         except formencode.Invalid, errors:
                             defaults = errors.value
                             return htmlfill.render(
                                 render('admin/permissions/permissions.html'),
                                 defaults=defaults,
                                 errors=errors.error_dict or {},
                                 prefix_error=False,
                                 encoding="UTF-8")
                         except Exception:
                             log.error(traceback.format_exc())
                             h.flash(_('Error occurred during update of permissions'),
                                     category='error')
                     return redirect(url('edit_permission', id=id))
                 def delete(self, id):
                     """DELETE /permissions/id: Delete an existing item"""
                     # Forms posted to this method should contain a hidden field:
                     #    <input type="hidden" name="_method" value="DELETE" />
                     # Or using helpers:
                     #    h.form(url('permission', id=ID),
                     #           method='delete')
                     # url('permission', id=ID)
                 def show(self, id, format='html'):
                     """GET /permissions/id: Show a specific item"""
                     # url('permission', id=ID)
                     Permission.get_or_404(-1)
                 def edit(self, id, format='html'):
                     """GET /permissions/id/edit: Form to edit an existing item"""
                     #url('edit_permission', id=ID)
                     #this form can only edit default user permissions
                     if id == 'default':
                         c.user = User.get_default_user()
                         defaults = {'anonymous': c.user.active}
                         c.perm_user = c.user.AuthUser
                         c.user_ip_map = UserIpMap.query()\
                                         .filter(UserIpMap.user == c.user).all()
                         for p in c.user.user_perms:
                             if p.permission.permission_name.startswith('repository.'):
                                 defaults['default_repo_perm'] = p.permission.permission_name
                             if p.permission.permission_name.startswith('group.'):
                                 defaults['default_group_perm'] = p.permission.permission_name
                             if p.permission.permission_name.startswith('usergroup.'):
                                 defaults['default_user_group_perm'] = p.permission.permission_name
                             if p.permission.permission_name.startswith('hg.create.'):
                                 defaults['default_repo_create'] = p.permission.permission_name
                             if p.permission.permission_name.startswith('hg.repogroup.'):
                                 defaults['default_repo_group_create'] = p.permission.permission_name
                             if p.permission.permission_name.startswith('hg.usergroup.'):
                                 defaults['default_user_group_create'] = p.permission.permission_name
                             if p.permission.permission_name.startswith('hg.register.'):
                                 defaults['default_register'] = p.permission.permission_name
+                            if p.permission.permission_name.startswith('hg.extern_activate.'):
+                                defaults['default_extern_activate'] = p.permission.permission_name
                             if p.permission.permission_name.startswith('hg.fork.'):
                                 defaults['default_fork'] = p.permission.permission_name
                         return htmlfill.render(
                             render('admin/permissions/permissions.html'),
                             defaults=defaults,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                     else:
                         return redirect(url('admin_home'))

rhodecode/lib/auth.py

0 +4 -4

             # -*- coding: utf-8 -*-
             """
                 rhodecode.lib.auth
                 ~~~~~~~~~~~~~~~~~~
                 authentication and permission libraries
                 :created_on: Apr 4, 2010
                 :author: marcink
                 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import random
             import logging
             import traceback
             import hashlib
             from tempfile import _RandomNameSequence
             from decorator import decorator
             from pylons import config, url, request
             from pylons.controllers.util import abort, redirect
             from pylons.i18n.translation import _
             from sqlalchemy.orm.exc import ObjectDeletedError
             from rhodecode import __platform__, is_windows, is_unix
             from rhodecode.model.meta import Session
             from rhodecode.lib.utils2 import str2bool, safe_unicode, aslist
             from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError,\
                 LdapImportError
             from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug,\
                 get_user_group_slug
             from rhodecode.lib.auth_ldap import AuthLdap
             from rhodecode.model import meta
             from rhodecode.model.user import UserModel
             from rhodecode.model.db import Permission, RhodeCodeSetting, User, UserIpMap
             from rhodecode.lib.caching_query import FromCache
             log = logging.getLogger(__name__)
             class PasswordGenerator(object):
                 """
                 This is a simple class for generating password from different sets of
                 characters
                 usage::
                     passwd_gen = PasswordGenerator()
                     #print 8-letter password containing only big and small letters
                         of alphabet
                     passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
                 """
                 ALPHABETS_NUM = r'''1234567890'''
                 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
                 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
                 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''
                 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \
                     + ALPHABETS_NUM + ALPHABETS_SPECIAL
                 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM
                 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
                 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
                 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
                 def __init__(self, passwd=''):
                     self.passwd = passwd
                 def gen_password(self, length, type_=None):
                     if type_ is None:
                         type_ = self.ALPHABETS_FULL
                     self.passwd = ''.join([random.choice(type_) for _ in xrange(length)])
                     return self.passwd
             class RhodeCodeCrypto(object):
                 @classmethod
                 def hash_string(cls, str_):
                     """
                     Cryptographic function used for password hashing based on pybcrypt
                     or pycrypto in windows
                     :param password: password to hash
                     """
                     if is_windows:
                         from hashlib import sha256
                         return sha256(str_).hexdigest()
                     elif is_unix:
                         import bcrypt
                         return bcrypt.hashpw(str_, bcrypt.gensalt(10))
                     else:
                         raise Exception('Unknown or unsupported platform %s' \
                                         % __platform__)
                 @classmethod
                 def hash_check(cls, password, hashed):
                     """
                     Checks matching password with it's hashed value, runs different
                     implementation based on platform it runs on
                     :param password: password
                     :param hashed: password in hashed form
                     """
                     if is_windows:
                         from hashlib import sha256
                         return sha256(password).hexdigest() == hashed
                     elif is_unix:
                         import bcrypt
                         return bcrypt.hashpw(password, hashed) == hashed
                     else:
                         raise Exception('Unknown or unsupported platform %s' \
                                         % __platform__)
             def get_crypt_password(password):
                 return RhodeCodeCrypto.hash_string(password)
             def check_password(password, hashed):
                 return RhodeCodeCrypto.hash_check(password, hashed)
             def generate_api_key(str_, salt=None):
                 """
                 Generates API KEY from given string
                 :param str_:
                 :param salt:
                 """
                 if salt is None:
                     salt = _RandomNameSequence().next()
                 return hashlib.sha1(str_ + salt).hexdigest()
             def authfunc(environ, username, password):
                 """
                 Dummy authentication wrapper function used in Mercurial and Git for
                 access control.
                 :param environ: needed only for using in Basic auth
                 """
                 return authenticate(username, password)
             def authenticate(username, password):
                 """
                 Authentication function used for access control,
                 firstly checks for db authentication then if ldap is enabled for ldap
                 authentication, also creates ldap user if not in database
                 :param username: username
                 :param password: password
                 """
                 user_model = UserModel()
                 user = User.get_by_username(username)
                 log.debug('Authenticating user using RhodeCode account')
                 if user is not None and not user.ldap_dn:
                     if user.active:
                         if user.username == 'default' and user.active:
                             log.info('user %s authenticated correctly as anonymous user' %
                                      username)
                             return True
                         elif user.username == username and check_password(password,
                                                                           user.password):
                             log.info('user %s authenticated correctly' % username)
                             return True
                     else:
                         log.warning('user %s tried auth but is disabled' % username)
                 else:
                     log.debug('Regular authentication failed')
                     user_obj = User.get_by_username(username, case_insensitive=True)
                     if user_obj is not None and not user_obj.ldap_dn:
                         log.debug('this user already exists as non ldap')
                         return False
                     ldap_settings = RhodeCodeSetting.get_ldap_settings()
                     #======================================================================
                     # FALLBACK TO LDAP AUTH IF ENABLE
                     #======================================================================
                     if str2bool(ldap_settings.get('ldap_active')):
                         log.debug("Authenticating user using ldap")
                         kwargs = {
                               'server': ldap_settings.get('ldap_host', ''),
                               'base_dn': ldap_settings.get('ldap_base_dn', ''),
                               'port': ldap_settings.get('ldap_port'),
                               'bind_dn': ldap_settings.get('ldap_dn_user'),
                               'bind_pass': ldap_settings.get('ldap_dn_pass'),
                               'tls_kind': ldap_settings.get('ldap_tls_kind'),
                               'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
                               'ldap_filter': ldap_settings.get('ldap_filter'),
                               'search_scope': ldap_settings.get('ldap_search_scope'),
                               'attr_login': ldap_settings.get('ldap_attr_login'),
                               'ldap_version': 3,
                               }
                         log.debug('Checking for ldap authentication')
                         try:
                             aldap = AuthLdap(**kwargs)
                             (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
                                                                             password)
                             log.debug('Got ldap DN response %s' % user_dn)
                             get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\
                                                                        .get(k), [''])[0]
                             user_attrs = {
                              'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),
                              'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
                              'email': get_ldap_attr('ldap_attr_email'),
-                             'active': 'hg.register.auto_activate' in User\
+                             'active': 'hg.extern_activate.auto' in User.get_default_user()\
-                                .get_default_user().AuthUser.permissions['global']
+                                                            .AuthUser.permissions['global']
                             }
                             # don't store LDAP password since we don't need it. Override
                             # with some random generated password
                             _password = PasswordGenerator().gen_password(length=8)
                             # create this user on the fly if it doesn't exist in rhodecode
                             # database
                             if user_model.create_ldap(username, _password, user_dn,
                                                       user_attrs):
                                 log.info('created new ldap user %s' % username)
                             Session().commit()
                             return True
                         except (LdapUsernameError, LdapPasswordError, LdapImportError):
                             pass
                         except (Exception,):
                             log.error(traceback.format_exc())
                             pass
                 return False
             def login_container_auth(username):
                 user = User.get_by_username(username)
                 if user is None:
                     user_attrs = {
                         'name': username,
                         'lastname': None,
                         'email': None,
-                        'active': 'hg.register.auto_activate' in User\
+                        'active': 'hg.extern_activate.auto' in User.get_default_user()\
-                           .get_default_user().AuthUser.permissions['global']
+                                                        .AuthUser.permissions['global']
                     }
                     user = UserModel().create_for_container_auth(username, user_attrs)
                     if not user:
                         return None
                     log.info('User %s was created by container authentication' % username)
                 if not user.active:
                     return None
                 user.update_lastlogin()
                 Session().commit()
                 log.debug('User %s is now logged in by container authentication',
                           user.username)
                 return user
             def get_container_username(environ, config, clean_username=False):
                 """
                 Get's the container_auth username (or email). It tries to get username
                 from REMOTE_USER if container_auth_enabled is enabled, if that fails
                 it tries to get username from HTTP_X_FORWARDED_USER if proxypass_auth_enabled
                 is enabled. clean_username extracts the username from this data if it's
                 having @ in it.
                 :param environ:
                 :param config:
                 :param clean_username:
                 """
                 username = None
                 if str2bool(config.get('container_auth_enabled', False)):
                     from paste.httpheaders import REMOTE_USER
                     username = REMOTE_USER(environ)
                     log.debug('extracted REMOTE_USER:%s' % (username))
                 if not username and str2bool(config.get('proxypass_auth_enabled', False)):
                     username = environ.get('HTTP_X_FORWARDED_USER')
                     log.debug('extracted HTTP_X_FORWARDED_USER:%s' % (username))
                 if username and clean_username:
                     # Removing realm and domain from username
                     username = username.partition('@')[0]
                     username = username.rpartition('\\')[2]
                 log.debug('Received username %s from container' % username)
                 return username
             class CookieStoreWrapper(object):
                 def __init__(self, cookie_store):
                     self.cookie_store = cookie_store
                 def __repr__(self):
                     return 'CookieStore<%s>' % (self.cookie_store)
                 def get(self, key, other=None):
                     if isinstance(self.cookie_store, dict):
                         return self.cookie_store.get(key, other)
                     elif isinstance(self.cookie_store, AuthUser):
                         return self.cookie_store.__dict__.get(key, other)
             class  AuthUser(object):
                 """
                 A simple object that handles all attributes of user in RhodeCode
                 It does lookup based on API key,given user, or user present in session
                 Then it fills all required information for such user. It also checks if
                 anonymous access is enabled and if so, it returns default user as logged
                 in
                 """
                 def __init__(self, user_id=None, api_key=None, username=None, ip_addr=None):
                     self.user_id = user_id
                     self.api_key = None
                     self.username = username
                     self.ip_addr = ip_addr
                     self.name = ''
                     self.lastname = ''
                     self.email = ''
                     self.is_authenticated = False
                     self.admin = False
                     self.inherit_default_permissions = False
                     self.permissions = {}
                     self._api_key = api_key
                     self.propagate_data()
                     self._instance = None
                 def propagate_data(self):
                     user_model = UserModel()
                     self.anonymous_user = User.get_by_username('default', cache=True)
                     is_user_loaded = False
                     # try go get user by api key
                     if self._api_key and self._api_key != self.anonymous_user.api_key:
                         log.debug('Auth User lookup by API KEY %s' % self._api_key)
                         is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
                     # lookup by userid
                     elif (self.user_id is not None and
                           self.user_id != self.anonymous_user.user_id):
                         log.debug('Auth User lookup by USER ID %s' % self.user_id)
                         is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
                     # lookup by username
                     elif self.username and \
                         str2bool(config.get('container_auth_enabled', False)):
                         log.debug('Auth User lookup by USER NAME %s' % self.username)
                         dbuser = login_container_auth(self.username)
                         if dbuser is not None:
                             log.debug('filling all attributes to object')
                             for k, v in dbuser.get_dict().items():
                                 setattr(self, k, v)
                             self.set_authenticated()
                             is_user_loaded = True
                     else:
                         log.debug('No data in %s that could been used to log in' % self)
                     if not is_user_loaded:
                         # if we cannot authenticate user try anonymous
                         if self.anonymous_user.active:
                             user_model.fill_data(self, user_id=self.anonymous_user.user_id)
                             # then we set this user is logged in
                             self.is_authenticated = True
                         else:
                             self.user_id = None
                             self.username = None
                             self.is_authenticated = False
                     if not self.username:
                         self.username = 'None'
                     log.debug('Auth User is now %s' % self)
                     user_model.fill_perms(self)
                 @property
                 def is_admin(self):
                     return self.admin
                 @property
                 def repos_admin(self):
                     """
                     Returns list of repositories you're an admin of
                     """
                     return [x[0] for x in self.permissions['repositories'].iteritems()
                             if x[1] == 'repository.admin']
                 @property
                 def repository_groups_admin(self):
                     """
                     Returns list of repository groups you're an admin of
                     """
                     return [x[0] for x in self.permissions['repositories_groups'].iteritems()
                             if x[1] == 'group.admin']
                 @property
                 def user_groups_admin(self):
                     """
                     Returns list of user groups you're an admin of
                     """
                     return [x[0] for x in self.permissions['user_groups'].iteritems()
                             if x[1] == 'usergroup.admin']
                 @property
                 def ip_allowed(self):
                     """
                     Checks if ip_addr used in constructor is allowed from defined list of
                     allowed ip_addresses for user
                     :returns: boolean, True if ip is in allowed ip range
                     """
                     #check IP
                     allowed_ips = AuthUser.get_allowed_ips(self.user_id, cache=True)
                     if check_ip_access(source_ip=self.ip_addr, allowed_ips=allowed_ips):
                         log.debug('IP:%s is in range of %s' % (self.ip_addr, allowed_ips))
                         return True
                     else:
                         log.info('Access for IP:%s forbidden, '
                                  'not in %s' % (self.ip_addr, allowed_ips))
                         return False
                 def __repr__(self):
                     return "<AuthUser('id:%s:%s|%s')>" % (self.user_id, self.username,
                                                           self.is_authenticated)
                 def set_authenticated(self, authenticated=True):
                     if self.user_id != self.anonymous_user.user_id:
                         self.is_authenticated = authenticated
                 def get_cookie_store(self):
                     return {'username': self.username,
                             'user_id': self.user_id,
                             'is_authenticated': self.is_authenticated}
                 @classmethod
                 def from_cookie_store(cls, cookie_store):
                     """
                     Creates AuthUser from a cookie store
                     :param cls:
                     :param cookie_store:
                     """
                     user_id = cookie_store.get('user_id')
                     username = cookie_store.get('username')
                     api_key = cookie_store.get('api_key')
                     return AuthUser(user_id, api_key, username)
                 @classmethod
                 def get_allowed_ips(cls, user_id, cache=False):
                     _set = set()
                     user_ips = UserIpMap.query().filter(UserIpMap.user_id == user_id)
                     if cache:
                         user_ips = user_ips.options(FromCache("sql_cache_short",
                                                               "get_user_ips_%s" % user_id))
                     for ip in user_ips:
                         try:
                             _set.add(ip.ip_addr)
                         except ObjectDeletedError:
                             # since we use heavy caching sometimes it happens that we get
                             # deleted objects here, we just skip them
                             pass
                     return _set or set(['0.0.0.0/0', '::/0'])
             def set_available_permissions(config):
                 """
                 This function will propagate pylons globals with all available defined
                 permission given in db. We don't want to check each time from db for new
                 permissions since adding a new permission also requires application restart
                 ie. to decorate new views with the newly created permission
                 :param config: current pylons config instance
                 """
                 log.info('getting information about all available permissions')
                 try:
                     sa = meta.Session
                     all_perms = sa.query(Permission).all()
                 except Exception:
                     pass
                 finally:
                     meta.Session.remove()
                 config['available_permissions'] = [x.permission_name for x in all_perms]
             #==============================================================================
             # CHECK DECORATORS
             #==============================================================================
             class LoginRequired(object):
                 """
                 Must be logged in to execute this function else
                 redirect to login page
                 :param api_access: if enabled this checks only for valid auth token
                     and grants access based on valid token
                 """
                 def __init__(self, api_access=False):
                     self.api_access = api_access
                 def __call__(self, func):
                     return decorator(self.__wrapper, func)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     cls = fargs[0]
                     user = cls.rhodecode_user
                     loc = "%s:%s" % (cls.__class__.__name__, func.__name__)
                     # defined whitelist of controllers which API access will be enabled
                     whitelist = aslist(config.get('api_access_controllers_whitelist'),
                                        sep=',')
                     api_access_whitelist = loc in whitelist
                     log.debug('loc:%s is in API whitelist:%s:%s' % (loc, whitelist,
                                                                     api_access_whitelist))
                     #check IP
                     ip_access_ok = True
                     if not user.ip_allowed:
                         from rhodecode.lib import helpers as h
                         h.flash(h.literal(_('IP %s not allowed' % (user.ip_addr))),
                                 category='warning')
                         ip_access_ok = False
                     api_access_ok = False
                     if self.api_access or api_access_whitelist:
                         log.debug('Checking API KEY access for %s' % cls)
                         if user.api_key == request.GET.get('api_key'):
                             api_access_ok = True
                         else:
                             log.debug("API KEY token not valid")
                     log.debug('Checking if %s is authenticated @ %s' % (user.username, loc))
                     if (user.is_authenticated or api_access_ok) and ip_access_ok:
                         reason = 'RegularAuth' if user.is_authenticated else 'APIAuth'
                         log.info('user %s is authenticated and granted access to %s '
                                  'using %s' % (user.username, loc, reason)
                         )
                         return func(*fargs, **fkwargs)
                     else:
                         log.warn('user %s NOT authenticated on func: %s' % (
                             user, loc)
                         )
                         p = url.current()
                         log.debug('redirecting to login page with %s' % p)
                         return redirect(url('login_home', came_from=p))
             class NotAnonymous(object):
                 """
                 Must be logged in to execute this function else
                 redirect to login page"""
                 def __call__(self, func):
                     return decorator(self.__wrapper, func)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     cls = fargs[0]
                     self.user = cls.rhodecode_user
                     log.debug('Checking if user is not anonymous @%s' % cls)
                     anonymous = self.user.username == 'default'
                     if anonymous:
                         p = url.current()
                         import rhodecode.lib.helpers as h
                         h.flash(_('You need to be a registered user to '
                                   'perform this action'),
                                 category='warning')
                         return redirect(url('login_home', came_from=p))
                     else:
                         return func(*fargs, **fkwargs)
             class PermsDecorator(object):
                 """Base class for controller decorators"""
                 def __init__(self, *required_perms):
                     available_perms = config['available_permissions']
                     for perm in required_perms:
                         if perm not in available_perms:
                             raise Exception("'%s' permission is not defined" % perm)
                     self.required_perms = set(required_perms)
                     self.user_perms = None
                 def __call__(self, func):
                     return decorator(self.__wrapper, func)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     cls = fargs[0]
                     self.user = cls.rhodecode_user
                     self.user_perms = self.user.permissions
                     log.debug('checking %s permissions %s for %s %s',
                        self.__class__.__name__, self.required_perms, cls, self.user)
                     if self.check_permissions():
                         log.debug('Permission granted for %s %s' % (cls, self.user))
                         return func(*fargs, **fkwargs)
                     else:
                         log.debug('Permission denied for %s %s' % (cls, self.user))
                         anonymous = self.user.username == 'default'
                         if anonymous:
                             p = url.current()
                             import rhodecode.lib.helpers as h
                             h.flash(_('You need to be a signed in to '
                                       'view this page'),
                                     category='warning')
                             return redirect(url('login_home', came_from=p))
                         else:
                             # redirect with forbidden ret code
                             return abort(403)
                 def check_permissions(self):
                     """Dummy function for overriding"""
                     raise Exception('You have to write this function in child class')
             class HasPermissionAllDecorator(PermsDecorator):
                 """
                 Checks for access permission for all given predicates. All of them
                 have to be meet in order to fulfill the request
                 """
                 def check_permissions(self):
                     if self.required_perms.issubset(self.user_perms.get('global')):
                         return True
                     return False
             class HasPermissionAnyDecorator(PermsDecorator):
                 """
                 Checks for access permission for any of given predicates. In order to
                 fulfill the request any of predicates must be meet
                 """
                 def check_permissions(self):
                     if self.required_perms.intersection(self.user_perms.get('global')):
                         return True
                     return False
             class HasRepoPermissionAllDecorator(PermsDecorator):
                 """
                 Checks for access permission for all given predicates for specific
                 repository. All of them have to be meet in order to fulfill the request
                 """
                 def check_permissions(self):
                     repo_name = get_repo_slug(request)
                     try:
                         user_perms = set([self.user_perms['repositories'][repo_name]])
                     except KeyError:
                         return False
                     if self.required_perms.issubset(user_perms):
                         return True
                     return False
             class HasRepoPermissionAnyDecorator(PermsDecorator):
                 """
                 Checks for access permission for any of given predicates for specific
                 repository. In order to fulfill the request any of predicates must be meet
                 """
                 def check_permissions(self):
                     repo_name = get_repo_slug(request)
                     try:
                         user_perms = set([self.user_perms['repositories'][repo_name]])
                     except KeyError:
                         return False
                     if self.required_perms.intersection(user_perms):
                         return True
                     return False
             class HasReposGroupPermissionAllDecorator(PermsDecorator):
                 """
                 Checks for access permission for all given predicates for specific
                 repository group. All of them have to be meet in order to fulfill the request
                 """
                 def check_permissions(self):
                     group_name = get_repos_group_slug(request)
                     try:
                         user_perms = set([self.user_perms['repositories_groups'][group_name]])
                     except KeyError:
                         return False
                     if self.required_perms.issubset(user_perms):
                         return True
                     return False
             class HasReposGroupPermissionAnyDecorator(PermsDecorator):
                 """
                 Checks for access permission for any of given predicates for specific
                 repository group. In order to fulfill the request any of predicates must be meet
                 """
                 def check_permissions(self):
                     group_name = get_repos_group_slug(request)
                     try:
                         user_perms = set([self.user_perms['repositories_groups'][group_name]])
                     except KeyError:
                         return False
                     if self.required_perms.intersection(user_perms):
                         return True
                     return False
             class HasUserGroupPermissionAllDecorator(PermsDecorator):
                 """
                 Checks for access permission for all given predicates for specific
                 user group. All of them have to be meet in order to fulfill the request
                 """
                 def check_permissions(self):
                     group_name = get_user_group_slug(request)
                     try:
                         user_perms = set([self.user_perms['user_groups'][group_name]])
                     except KeyError:
                         return False
                     if self.required_perms.issubset(user_perms):
                         return True
                     return False
             class HasUserGroupPermissionAnyDecorator(PermsDecorator):
                 """
                 Checks for access permission for any of given predicates for specific
                 user group. In order to fulfill the request any of predicates must be meet
                 """
                 def check_permissions(self):
                     group_name = get_user_group_slug(request)
                     try:
                         user_perms = set([self.user_perms['user_groups'][group_name]])
                     except KeyError:
                         return False
                     if self.required_perms.intersection(user_perms):
                         return True
                     return False
             #==============================================================================
             # CHECK FUNCTIONS
             #==============================================================================
             class PermsFunction(object):
                 """Base function for other check functions"""
                 def __init__(self, *perms):
                     available_perms = config['available_permissions']
                     for perm in perms:
                         if perm not in available_perms:
                             raise Exception("'%s' permission is not defined" % perm)
                     self.required_perms = set(perms)
                     self.user_perms = None
                     self.repo_name = None
                     self.group_name = None
                 def __call__(self, check_location=''):
                     #TODO: put user as attribute here
                     user = request.user
                     cls_name = self.__class__.__name__
                     check_scope = {
                         'HasPermissionAll': '',
                         'HasPermissionAny': '',
                         'HasRepoPermissionAll': 'repo:%s' % self.repo_name,
                         'HasRepoPermissionAny': 'repo:%s' % self.repo_name,
                         'HasReposGroupPermissionAll': 'group:%s' % self.group_name,
                         'HasReposGroupPermissionAny': 'group:%s' % self.group_name,
                     }.get(cls_name, '?')
                     log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
                               self.required_perms, user, check_scope,
                               check_location or 'unspecified location')
                     if not user:
                         log.debug('Empty request user')
                         return False
                     self.user_perms = user.permissions
                     if self.check_permissions():
                         log.debug('Permission to %s granted for user: %s @ %s', self.repo_name, user,
                                   check_location or 'unspecified location')
                         return True
                     else:
                         log.debug('Permission to %s denied for user: %s @ %s', self.repo_name, user,
                                     check_location or 'unspecified location')
                         return False
                 def check_permissions(self):
                     """Dummy function for overriding"""
                     raise Exception('You have to write this function in child class')
             class HasPermissionAll(PermsFunction):
                 def check_permissions(self):
                     if self.required_perms.issubset(self.user_perms.get('global')):
                         return True
                     return False
             class HasPermissionAny(PermsFunction):
                 def check_permissions(self):
                     if self.required_perms.intersection(self.user_perms.get('global')):
                         return True
                     return False
             class HasRepoPermissionAll(PermsFunction):
                 def __call__(self, repo_name=None, check_location=''):
                     self.repo_name = repo_name
                     return super(HasRepoPermissionAll, self).__call__(check_location)
                 def check_permissions(self):
                     if not self.repo_name:
                         self.repo_name = get_repo_slug(request)
                     try:
                         self._user_perms = set(
                             [self.user_perms['repositories'][self.repo_name]]
                         )
                     except KeyError:
                         return False
                     if self.required_perms.issubset(self._user_perms):
                         return True
                     return False
             class HasRepoPermissionAny(PermsFunction):
                 def __call__(self, repo_name=None, check_location=''):
                     self.repo_name = repo_name
                     return super(HasRepoPermissionAny, self).__call__(check_location)
                 def check_permissions(self):
                     if not self.repo_name:
                         self.repo_name = get_repo_slug(request)
                     try:
                         self._user_perms = set(
                             [self.user_perms['repositories'][self.repo_name]]
                         )
                     except KeyError:
                         return False
                     if self.required_perms.intersection(self._user_perms):
                         return True
                     return False
             class HasReposGroupPermissionAny(PermsFunction):
                 def __call__(self, group_name=None, check_location=''):
                     self.group_name = group_name
                     return super(HasReposGroupPermissionAny, self).__call__(check_location)
                 def check_permissions(self):
                     try:
                         self._user_perms = set(
                             [self.user_perms['repositories_groups'][self.group_name]]
                         )
                     except KeyError:
                         return False
                     if self.required_perms.intersection(self._user_perms):
                         return True
                     return False
             class HasReposGroupPermissionAll(PermsFunction):
                 def __call__(self, group_name=None, check_location=''):
                     self.group_name = group_name
                     return super(HasReposGroupPermissionAll, self).__call__(check_location)
                 def check_permissions(self):
                     try:
                         self._user_perms = set(
                             [self.user_perms['repositories_groups'][self.group_name]]
                         )
                     except KeyError:
                         return False
                     if self.required_perms.issubset(self._user_perms):
                         return True
                     return False
             class HasUserGroupPermissionAny(PermsFunction):
                 def __call__(self, user_group_name=None, check_location=''):
                     self.user_group_name = user_group_name
                     return super(HasUserGroupPermissionAny, self).__call__(check_location)
                 def check_permissions(self):
                     try:
                         self._user_perms = set(
                             [self.user_perms['user_groups'][self.user_group_name]]
                         )
                     except KeyError:
                         return False
                     if self.required_perms.intersection(self._user_perms):
                         return True
                     return False
             class HasUserGroupPermissionAll(PermsFunction):
                 def __call__(self, user_group_name=None, check_location=''):
                     self.user_group_name = user_group_name
                     return super(HasUserGroupPermissionAll, self).__call__(check_location)
                 def check_permissions(self):
                     try:
                         self._user_perms = set(
                             [self.user_perms['user_groups'][self.user_group_name]]
                         )
                     except KeyError:
                         return False
                     if self.required_perms.issubset(self._user_perms):
                         return True
                     return False
             #==============================================================================
             # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
             #==============================================================================
             class HasPermissionAnyMiddleware(object):
                 def __init__(self, *perms):
                     self.required_perms = set(perms)
                 def __call__(self, user, repo_name):
                     # repo_name MUST be unicode, since we handle keys in permission
                     # dict by unicode
                     repo_name = safe_unicode(repo_name)
                     usr = AuthUser(user.user_id)
                     try:
                         self.user_perms = set([usr.permissions['repositories'][repo_name]])
                     except Exception:
                         log.error('Exception while accessing permissions %s' %
                                   traceback.format_exc())
                         self.user_perms = set()
                     self.username = user.username
                     self.repo_name = repo_name
                     return self.check_permissions()
                 def check_permissions(self):
                     log.debug('checking VCS protocol '
                               'permissions %s for user:%s repository:%s', self.user_perms,
                                                             self.username, self.repo_name)
                     if self.required_perms.intersection(self.user_perms):
                         log.debug('permission granted for user:%s on repo:%s' % (
                                       self.username, self.repo_name
                                  )
                         )
                         return True
                     log.debug('permission denied for user:%s on repo:%s' % (
                                   self.username, self.repo_name
                              )
                     )
                     return False
             #==============================================================================
             # SPECIAL VERSION TO HANDLE API AUTH
             #==============================================================================
             class _BaseApiPerm(object):
                 def __init__(self, *perms):
                     self.required_perms = set(perms)
                 def __call__(self, check_location='unspecified', user=None, repo_name=None):
                     cls_name = self.__class__.__name__
                     check_scope = 'user:%s, repo:%s' % (user, repo_name)
                     log.debug('checking cls:%s %s %s @ %s', cls_name,
                               self.required_perms, check_scope, check_location)
                     if not user:
                         log.debug('Empty User passed into arguments')
                         return False
                     ## process user
                     if not isinstance(user, AuthUser):
                         user = AuthUser(user.user_id)
                     if self.check_permissions(user.permissions, repo_name):
                         log.debug('Permission to %s granted for user: %s @ %s', repo_name,
                                   user, check_location)
                         return True
                     else:
                         log.debug('Permission to %s denied for user: %s @ %s', repo_name,
                                   user, check_location)
                         return False
                 def check_permissions(self, perm_defs, repo_name):
                     """
                     implement in child class should return True if permissions are ok,
                     False otherwise
                     :param perm_defs: dict with permission definitions
                     :param repo_name: repo name
                     """
                     raise NotImplementedError()
             class HasPermissionAllApi(_BaseApiPerm):
                 def __call__(self, user, check_location=''):
                     return super(HasPermissionAllApi, self)\
                         .__call__(check_location=check_location, user=user)
                 def check_permissions(self, perm_defs, repo):
                     if self.required_perms.issubset(perm_defs.get('global')):
                         return True
                     return False
             class HasPermissionAnyApi(_BaseApiPerm):
                 def __call__(self, user, check_location=''):
                     return super(HasPermissionAnyApi, self)\
                         .__call__(check_location=check_location, user=user)
                 def check_permissions(self, perm_defs, repo):
                     if self.required_perms.intersection(perm_defs.get('global')):
                         return True
                     return False
             class HasRepoPermissionAllApi(_BaseApiPerm):
                 def __call__(self, user, repo_name, check_location=''):
                     return super(HasRepoPermissionAllApi, self)\
                         .__call__(check_location=check_location, user=user,
                                   repo_name=repo_name)
                 def check_permissions(self, perm_defs, repo_name):
                     try:
                         self._user_perms = set(
                             [perm_defs['repositories'][repo_name]]
                         )
                     except KeyError:
                         log.warning(traceback.format_exc())
                         return False
                     if self.required_perms.issubset(self._user_perms):
                         return True
                     return False
             class HasRepoPermissionAnyApi(_BaseApiPerm):
                 def __call__(self, user, repo_name, check_location=''):
                     return super(HasRepoPermissionAnyApi, self)\
                         .__call__(check_location=check_location, user=user,
                                   repo_name=repo_name)
                 def check_permissions(self, perm_defs, repo_name):
                     try:
                         _user_perms = set(
                             [perm_defs['repositories'][repo_name]]
                         )
                     except KeyError:
                         log.warning(traceback.format_exc())
                         return False
                     if self.required_perms.intersection(_user_perms):
                         return True
                     return False
             def check_ip_access(source_ip, allowed_ips=None):
                 """
                 Checks if source_ip is a subnet of any of allowed_ips.
                 :param source_ip:
                 :param allowed_ips: list of allowed ips together with mask
                 """
                 from rhodecode.lib import ipaddr
                 log.debug('checking if ip:%s is subnet of %s' % (source_ip, allowed_ips))
                 if isinstance(allowed_ips, (tuple, list, set)):
                     for ip in allowed_ips:
                         try:
                             if ipaddr.IPAddress(source_ip) in ipaddr.IPNetwork(ip):
                                 return True
                             # for any case we cannot determine the IP, don't crash just
                             # skip it and log as error, we want to say forbidden still when
                             # sending bad IP
                         except Exception:
                             log.error(traceback.format_exc())
                             continue
                 return False

rhodecode/model/db.py

0 +7 -5

             # -*- coding: utf-8 -*-
             """
                 rhodecode.model.db
                 ~~~~~~~~~~~~~~~~~~
                 Database Models for RhodeCode
                 :created_on: Apr 08, 2010
                 :author: marcink
                 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import os
             import logging
             import datetime
             import traceback
             import hashlib
             import time
             from collections import defaultdict
             from sqlalchemy import *
             from sqlalchemy.ext.hybrid import hybrid_property
             from sqlalchemy.orm import relationship, joinedload, class_mapper, validates
             from sqlalchemy.exc import DatabaseError
             from beaker.cache import cache_region, region_invalidate
             from webob.exc import HTTPNotFound
             from pylons.i18n.translation import lazy_ugettext as _
             from rhodecode.lib.vcs import get_backend
             from rhodecode.lib.vcs.utils.helpers import get_scm
             from rhodecode.lib.vcs.exceptions import VCSError
             from rhodecode.lib.vcs.utils.lazy import LazyProperty
             from rhodecode.lib.vcs.backends.base import EmptyChangeset
             from rhodecode.lib.utils2 import str2bool, safe_str, get_changeset_safe, \
                 safe_unicode, remove_suffix, remove_prefix, time_to_datetime, _set_extras
             from rhodecode.lib.compat import json
             from rhodecode.lib.caching_query import FromCache
             from rhodecode.model.meta import Base, Session
             URL_SEP = '/'
             log = logging.getLogger(__name__)
             #==============================================================================
             # BASE CLASSES
             #==============================================================================
             _hash_key = lambda k: hashlib.md5(safe_str(k)).hexdigest()
             class BaseModel(object):
                 """
                 Base Model for all classess
                 """
                 @classmethod
                 def _get_keys(cls):
                     """return column names for this model """
                     return class_mapper(cls).c.keys()
                 def get_dict(self):
                     """
                     return dict with keys and values corresponding
                     to this model data """
                     d = {}
                     for k in self._get_keys():
                         d[k] = getattr(self, k)
                     # also use __json__() if present to get additional fields
                     _json_attr = getattr(self, '__json__', None)
                     if _json_attr:
                         # update with attributes from __json__
                         if callable(_json_attr):
                             _json_attr = _json_attr()
                         for k, val in _json_attr.iteritems():
                             d[k] = val
                     return d
                 def get_appstruct(self):
                     """return list with keys and values tupples corresponding
                     to this model data """
                     l = []
                     for k in self._get_keys():
                         l.append((k, getattr(self, k),))
                     return l
                 def populate_obj(self, populate_dict):
                     """populate model with data from given populate_dict"""
                     for k in self._get_keys():
                         if k in populate_dict:
                             setattr(self, k, populate_dict[k])
                 @classmethod
                 def query(cls):
                     return Session().query(cls)
                 @classmethod
                 def get(cls, id_):
                     if id_:
                         return cls.query().get(id_)
                 @classmethod
                 def get_or_404(cls, id_):
                     try:
                         id_ = int(id_)
                     except (TypeError, ValueError):
                         raise HTTPNotFound
                     res = cls.query().get(id_)
                     if not res:
                         raise HTTPNotFound
                     return res
                 @classmethod
                 def getAll(cls):
                     # deprecated and left for backward compatibility
                     return cls.get_all()
                 @classmethod
                 def get_all(cls):
                     return cls.query().all()
                 @classmethod
                 def delete(cls, id_):
                     obj = cls.query().get(id_)
                     Session().delete(obj)
                 def __repr__(self):
                     if hasattr(self, '__unicode__'):
                         # python repr needs to return str
                         return safe_str(self.__unicode__())
                     return '<DB:%s>' % (self.__class__.__name__)
             class RhodeCodeSetting(Base, BaseModel):
                 __tablename__ = 'rhodecode_settings'
                 __table_args__ = (
                     UniqueConstraint('app_settings_name'),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'}
                 )
                 app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 app_settings_name = Column("app_settings_name", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 _app_settings_value = Column("app_settings_value", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 def __init__(self, k='', v=''):
                     self.app_settings_name = k
                     self.app_settings_value = v
                 @validates('_app_settings_value')
                 def validate_settings_value(self, key, val):
                     assert type(val) == unicode
                     return val
                 @hybrid_property
                 def app_settings_value(self):
                     v = self._app_settings_value
                     if self.app_settings_name in ["ldap_active",
                                                   "default_repo_enable_statistics",
                                                   "default_repo_enable_locking",
                                                   "default_repo_private",
                                                   "default_repo_enable_downloads"]:
                         v = str2bool(v)
                     return v
                 @app_settings_value.setter
                 def app_settings_value(self, val):
                     """
                     Setter that will always make sure we use unicode in app_settings_value
                     :param val:
                     """
                     self._app_settings_value = safe_unicode(val)
                 def __unicode__(self):
                     return u"<%s('%s:%s')>" % (
                         self.__class__.__name__,
                         self.app_settings_name, self.app_settings_value
                     )
                 @classmethod
                 def get_by_name(cls, key):
                     return cls.query()\
                         .filter(cls.app_settings_name == key).scalar()
                 @classmethod
                 def get_by_name_or_create(cls, key):
                     res = cls.get_by_name(key)
                     if not res:
                         res = cls(key)
                     return res
                 @classmethod
                 def get_app_settings(cls, cache=False):
                     ret = cls.query()
                     if cache:
                         ret = ret.options(FromCache("sql_cache_short", "get_hg_settings"))
                     if not ret:
                         raise Exception('Could not get application settings !')
                     settings = {}
                     for each in ret:
                         settings['rhodecode_' + each.app_settings_name] = \
                             each.app_settings_value
                     return settings
                 @classmethod
                 def get_ldap_settings(cls, cache=False):
                     ret = cls.query()\
                             .filter(cls.app_settings_name.startswith('ldap_')).all()
                     fd = {}
                     for row in ret:
                         fd.update({row.app_settings_name: row.app_settings_value})
                     return fd
                 @classmethod
                 def get_default_repo_settings(cls, cache=False, strip_prefix=False):
                     ret = cls.query()\
                             .filter(cls.app_settings_name.startswith('default_')).all()
                     fd = {}
                     for row in ret:
                         key = row.app_settings_name
                         if strip_prefix:
                             key = remove_prefix(key, prefix='default_')
                         fd.update({key: row.app_settings_value})
                     return fd
             class RhodeCodeUi(Base, BaseModel):
                 __tablename__ = 'rhodecode_ui'
                 __table_args__ = (
                     UniqueConstraint('ui_key'),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'}
                 )
                 HOOK_UPDATE = 'changegroup.update'
                 HOOK_REPO_SIZE = 'changegroup.repo_size'
                 HOOK_PUSH = 'changegroup.push_logger'
                 HOOK_PRE_PUSH = 'prechangegroup.pre_push'
                 HOOK_PULL = 'outgoing.pull_logger'
                 HOOK_PRE_PULL = 'preoutgoing.pre_pull'
                 ui_id = Column("ui_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 ui_section = Column("ui_section", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 ui_key = Column("ui_key", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 ui_value = Column("ui_value", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 ui_active = Column("ui_active", Boolean(), nullable=True, unique=None, default=True)
                 @classmethod
                 def get_by_key(cls, key):
                     return cls.query().filter(cls.ui_key == key).scalar()
                 @classmethod
                 def get_builtin_hooks(cls):
                     q = cls.query()
                     q = q.filter(cls.ui_key.in_([cls.HOOK_UPDATE, cls.HOOK_REPO_SIZE,
                                                  cls.HOOK_PUSH, cls.HOOK_PRE_PUSH,
                                                  cls.HOOK_PULL, cls.HOOK_PRE_PULL]))
                     return q.all()
                 @classmethod
                 def get_custom_hooks(cls):
                     q = cls.query()
                     q = q.filter(~cls.ui_key.in_([cls.HOOK_UPDATE, cls.HOOK_REPO_SIZE,
                                                   cls.HOOK_PUSH, cls.HOOK_PRE_PUSH,
                                                   cls.HOOK_PULL, cls.HOOK_PRE_PULL]))
                     q = q.filter(cls.ui_section == 'hooks')
                     return q.all()
                 @classmethod
                 def get_repos_location(cls):
                     return cls.get_by_key('/').ui_value
                 @classmethod
                 def create_or_update_hook(cls, key, val):
                     new_ui = cls.get_by_key(key) or cls()
                     new_ui.ui_section = 'hooks'
                     new_ui.ui_active = True
                     new_ui.ui_key = key
                     new_ui.ui_value = val
                     Session().add(new_ui)
                 def __repr__(self):
                     return '<DB:%s[%s:%s]>' % (self.__class__.__name__, self.ui_key,
                                                self.ui_value)
             class User(Base, BaseModel):
                 __tablename__ = 'users'
                 __table_args__ = (
                     UniqueConstraint('username'), UniqueConstraint('email'),
                     Index('u_username_idx', 'username'),
                     Index('u_email_idx', 'email'),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'}
                 )
                 DEFAULT_USER = 'default'
                 user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 username = Column("username", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 password = Column("password", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
                 admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)
                 name = Column("firstname", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 lastname = Column("lastname", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 _email = Column("email", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
                 ldap_dn = Column("ldap_dn", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 api_key = Column("api_key", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 inherit_default_permissions = Column("inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
                 user_log = relationship('UserLog')
                 user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
                 repositories = relationship('Repository')
                 user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')
                 followings = relationship('UserFollowing', primaryjoin='UserFollowing.user_id==User.user_id', cascade='all')
                 repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')
                 repo_group_to_perm = relationship('UserRepoGroupToPerm', primaryjoin='UserRepoGroupToPerm.user_id==User.user_id', cascade='all')
                 group_member = relationship('UserGroupMember', cascade='all')
                 notifications = relationship('UserNotification', cascade='all')
                 # notifications assigned to this user
                 user_created_notifications = relationship('Notification', cascade='all')
                 # comments created by this user
                 user_comments = relationship('ChangesetComment', cascade='all')
                 #extra emails for this user
                 user_emails = relationship('UserEmailMap', cascade='all')
                 @hybrid_property
                 def email(self):
                     return self._email
                 @email.setter
                 def email(self, val):
                     self._email = val.lower() if val else None
                 @property
                 def firstname(self):
                     # alias for future
                     return self.name
                 @property
                 def emails(self):
                     other = UserEmailMap.query().filter(UserEmailMap.user==self).all()
                     return [self.email] + [x.email for x in other]
                 @property
                 def ip_addresses(self):
                     ret = UserIpMap.query().filter(UserIpMap.user == self).all()
                     return [x.ip_addr for x in ret]
                 @property
                 def username_and_name(self):
                     return '%s (%s %s)' % (self.username, self.firstname, self.lastname)
                 @property
                 def full_name(self):
                     return '%s %s' % (self.firstname, self.lastname)
                 @property
                 def full_name_or_username(self):
                     return ('%s %s' % (self.firstname, self.lastname)
                             if (self.firstname and self.lastname) else self.username)
                 @property
                 def full_contact(self):
                     return '%s %s <%s>' % (self.firstname, self.lastname, self.email)
                 @property
                 def short_contact(self):
                     return '%s %s' % (self.firstname, self.lastname)
                 @property
                 def is_admin(self):
                     return self.admin
                 @property
                 def AuthUser(self):
                     """
                     Returns instance of AuthUser for this user
                     """
                     from rhodecode.lib.auth import AuthUser
                     return AuthUser(user_id=self.user_id, api_key=self.api_key,
                                     username=self.username)
                 def __unicode__(self):
                     return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
                                                  self.user_id, self.username)
                 @classmethod
                 def get_by_username(cls, username, case_insensitive=False, cache=False):
                     if case_insensitive:
                         q = cls.query().filter(cls.username.ilike(username))
                     else:
                         q = cls.query().filter(cls.username == username)
                     if cache:
                         q = q.options(FromCache(
                                         "sql_cache_short",
                                         "get_user_%s" % _hash_key(username)
                                       )
                         )
                     return q.scalar()
                 @classmethod
                 def get_by_api_key(cls, api_key, cache=False):
                     q = cls.query().filter(cls.api_key == api_key)
                     if cache:
                         q = q.options(FromCache("sql_cache_short",
                                                 "get_api_key_%s" % api_key))
                     return q.scalar()
                 @classmethod
                 def get_by_email(cls, email, case_insensitive=False, cache=False):
                     if case_insensitive:
                         q = cls.query().filter(cls.email.ilike(email))
                     else:
                         q = cls.query().filter(cls.email == email)
                     if cache:
                         q = q.options(FromCache("sql_cache_short",
                                                 "get_email_key_%s" % email))
                     ret = q.scalar()
                     if ret is None:
                         q = UserEmailMap.query()
                         # try fetching in alternate email map
                         if case_insensitive:
                             q = q.filter(UserEmailMap.email.ilike(email))
                         else:
                             q = q.filter(UserEmailMap.email == email)
                         q = q.options(joinedload(UserEmailMap.user))
                         if cache:
                             q = q.options(FromCache("sql_cache_short",
                                                     "get_email_map_key_%s" % email))
                         ret = getattr(q.scalar(), 'user', None)
                     return ret
                 @classmethod
                 def get_from_cs_author(cls, author):
                     """
                     Tries to get User objects out of commit author string
                     :param author:
                     """
                     from rhodecode.lib.helpers import email, author_name
                     # Valid email in the attribute passed, see if they're in the system
                     _email = email(author)
                     if _email:
                         user = cls.get_by_email(_email, case_insensitive=True)
                         if user:
                             return user
                     # Maybe we can match by username?
                     _author = author_name(author)
                     user = cls.get_by_username(_author, case_insensitive=True)
                     if user:
                         return user
                 def update_lastlogin(self):
                     """Update user lastlogin"""
                     self.last_login = datetime.datetime.now()
                     Session().add(self)
                     log.debug('updated user %s lastlogin' % self.username)
                 @classmethod
                 def get_first_admin(cls):
                     user = User.query().filter(User.admin == True).first()
                     if user is None:
                         raise Exception('Missing administrative account!')
                     return user
                 @classmethod
                 def get_default_user(cls, cache=False):
                     user = User.get_by_username(User.DEFAULT_USER, cache=cache)
                     if user is None:
                         raise Exception('Missing default account!')
                     return user
                 def get_api_data(self):
                     """
                     Common function for generating user related data for API
                     """
                     user = self
                     data = dict(
                         user_id=user.user_id,
                         username=user.username,
                         firstname=user.name,
                         lastname=user.lastname,
                         email=user.email,
                         emails=user.emails,
                         api_key=user.api_key,
                         active=user.active,
                         admin=user.admin,
                         ldap_dn=user.ldap_dn,
                         last_login=user.last_login,
                         ip_addresses=user.ip_addresses
                     )
                     return data
                 def __json__(self):
                     data = dict(
                         full_name=self.full_name,
                         full_name_or_username=self.full_name_or_username,
                         short_contact=self.short_contact,
                         full_contact=self.full_contact
                     )
                     data.update(self.get_api_data())
                     return data
             class UserEmailMap(Base, BaseModel):
                 __tablename__ = 'user_email_map'
                 __table_args__ = (
                     Index('uem_email_idx', 'email'),
                     UniqueConstraint('email'),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'}
                 )
                 __mapper_args__ = {}
                 email_id = Column("email_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
                 _email = Column("email", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=False, default=None)
                 user = relationship('User', lazy='joined')
                 @validates('_email')
                 def validate_email(self, key, email):
                     # check if this email is not main one
                     main_email = Session().query(User).filter(User.email == email).scalar()
                     if main_email is not None:
                         raise AttributeError('email %s is present is user table' % email)
                     return email
                 @hybrid_property
                 def email(self):
                     return self._email
                 @email.setter
                 def email(self, val):
                     self._email = val.lower() if val else None
             class UserIpMap(Base, BaseModel):
                 __tablename__ = 'user_ip_map'
                 __table_args__ = (
                     UniqueConstraint('user_id', 'ip_addr'),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'}
                 )
                 __mapper_args__ = {}
                 ip_id = Column("ip_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
                 ip_addr = Column("ip_addr", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=False, default=None)
                 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
                 user = relationship('User', lazy='joined')
                 @classmethod
                 def _get_ip_range(cls, ip_addr):
                     from rhodecode.lib import ipaddr
                     net = ipaddr.IPNetwork(address=ip_addr)
                     return [str(net.network), str(net.broadcast)]
                 def __json__(self):
                     return dict(
                       ip_addr=self.ip_addr,
                       ip_range=self._get_ip_range(self.ip_addr)
                     )
             class UserLog(Base, BaseModel):
                 __tablename__ = 'user_logs'
                 __table_args__ = (
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'},
                 )
                 user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
                 username = Column("username", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True)
                 repository_name = Column("repository_name", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 user_ip = Column("user_ip", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 action = Column("action", UnicodeText(1200000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)
                 @property
                 def action_as_day(self):
                     return datetime.date(*self.action_date.timetuple()[:3])
                 user = relationship('User')
                 repository = relationship('Repository', cascade='')
             class UserGroup(Base, BaseModel):
                 __tablename__ = 'users_groups'
                 __table_args__ = (
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'},
                 )
                 users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 users_group_name = Column("users_group_name", String(255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
                 users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)
                 inherit_default_permissions = Column("users_group_inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
                 members = relationship('UserGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
                 users_group_to_perm = relationship('UserGroupToPerm', cascade='all')
                 users_group_repo_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
                 users_group_repo_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
                 user_user_group_to_perm = relationship('UserUserGroupToPerm ', cascade='all')
                 user = relationship('User')
                 def __unicode__(self):
                     return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
                                                   self.users_group_id,
                                                   self.users_group_name)
                 @classmethod
                 def get_by_group_name(cls, group_name, cache=False,
                                       case_insensitive=False):
                     if case_insensitive:
                         q = cls.query().filter(cls.users_group_name.ilike(group_name))
                     else:
                         q = cls.query().filter(cls.users_group_name == group_name)
                     if cache:
                         q = q.options(FromCache(
                                         "sql_cache_short",
                                         "get_user_%s" % _hash_key(group_name)
                                       )
                         )
                     return q.scalar()
                 @classmethod
                 def get(cls, users_group_id, cache=False):
                     users_group = cls.query()
                     if cache:
                         users_group = users_group.options(FromCache("sql_cache_short",
                                                 "get_users_group_%s" % users_group_id))
                     return users_group.get(users_group_id)
                 def get_api_data(self):
                     users_group = self
                     data = dict(
                         users_group_id=users_group.users_group_id,
                         group_name=users_group.users_group_name,
                         active=users_group.users_group_active,
                     )
                     return data
             class UserGroupMember(Base, BaseModel):
                 __tablename__ = 'users_groups_members'
                 __table_args__ = (
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'},
                 )
                 users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                 user = relationship('User', lazy='joined')
                 users_group = relationship('UserGroup')
                 def __init__(self, gr_id='', u_id=''):
                     self.users_group_id = gr_id
                     self.user_id = u_id
             class RepositoryField(Base, BaseModel):
                 __tablename__ = 'repositories_fields'
                 __table_args__ = (
                     UniqueConstraint('repository_id', 'field_key'),  # no-multi field
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'},
                 )
                 PREFIX = 'ex_'  # prefix used in form to not conflict with already existing fields
                 repo_field_id = Column("repo_field_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
                 field_key = Column("field_key", String(250, convert_unicode=False, assert_unicode=None))
                 field_label = Column("field_label", String(1024, convert_unicode=False, assert_unicode=None), nullable=False)
                 field_value = Column("field_value", String(10000, convert_unicode=False, assert_unicode=None), nullable=False)
                 field_desc = Column("field_desc", String(1024, convert_unicode=False, assert_unicode=None), nullable=False)
                 field_type = Column("field_type", String(256), nullable=False, unique=None)
                 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
                 repository = relationship('Repository')
                 @property
                 def field_key_prefixed(self):
                     return 'ex_%s' % self.field_key
                 @classmethod
                 def un_prefix_key(cls, key):
                     if key.startswith(cls.PREFIX):
                         return key[len(cls.PREFIX):]
                     return key
                 @classmethod
                 def get_by_key_name(cls, key, repo):
                     row = cls.query()\
                             .filter(cls.repository == repo)\
                             .filter(cls.field_key == key).scalar()
                     return row
             class Repository(Base, BaseModel):
                 __tablename__ = 'repositories'
                 __table_args__ = (
                     UniqueConstraint('repo_name'),
                     Index('r_repo_name_idx', 'repo_name'),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'},
                 )
                 repo_id = Column("repo_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 repo_name = Column("repo_name", String(255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
                 clone_uri = Column("clone_uri", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=False, default=None)
                 repo_type = Column("repo_type", String(255, convert_unicode=False, assert_unicode=None), nullable=False, unique=False, default=None)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
                 private = Column("private", Boolean(), nullable=True, unique=None, default=None)
                 enable_statistics = Column("statistics", Boolean(), nullable=True, unique=None, default=True)
                 enable_downloads = Column("downloads", Boolean(), nullable=True, unique=None, default=True)
                 description = Column("description", String(10000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 created_on = Column('created_on', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
                 updated_on = Column('updated_on', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
                 landing_rev = Column("landing_revision", String(255, convert_unicode=False, assert_unicode=None), nullable=False, unique=False, default=None)
                 enable_locking = Column("enable_locking", Boolean(), nullable=False, unique=None, default=False)
                 _locked = Column("locked", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=False, default=None)
                 _changeset_cache = Column("changeset_cache", LargeBinary(), nullable=True) #JSON data
                 fork_id = Column("fork_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=False, default=None)
                 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=False, default=None)
                 user = relationship('User')
                 fork = relationship('Repository', remote_side=repo_id)
                 group = relationship('RepoGroup')
                 repo_to_perm = relationship('UserRepoToPerm', cascade='all', order_by='UserRepoToPerm.repo_to_perm_id')
                 users_group_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
                 stats = relationship('Statistics', cascade='all', uselist=False)
                 followers = relationship('UserFollowing',
                                          primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id',
                                          cascade='all')
                 extra_fields = relationship('RepositoryField',
                                             cascade="all, delete, delete-orphan")
                 logs = relationship('UserLog')
                 comments = relationship('ChangesetComment', cascade="all, delete, delete-orphan")
                 pull_requests_org = relationship('PullRequest',
                                 primaryjoin='PullRequest.org_repo_id==Repository.repo_id',
                                 cascade="all, delete, delete-orphan")
                 pull_requests_other = relationship('PullRequest',
                                 primaryjoin='PullRequest.other_repo_id==Repository.repo_id',
                                 cascade="all, delete, delete-orphan")
                 def __unicode__(self):
                     return u"<%s('%s:%s')>" % (self.__class__.__name__, self.repo_id,
                                                self.repo_name)
                 @hybrid_property
                 def locked(self):
                     # always should return [user_id, timelocked]
                     if self._locked:
                         _lock_info = self._locked.split(':')
                         return int(_lock_info[0]), _lock_info[1]
                     return [None, None]
                 @locked.setter
                 def locked(self, val):
                     if val and isinstance(val, (list, tuple)):
                         self._locked = ':'.join(map(str, val))
                     else:
                         self._locked = None
                 @hybrid_property
                 def changeset_cache(self):
                     from rhodecode.lib.vcs.backends.base import EmptyChangeset
                     dummy = EmptyChangeset().__json__()
                     if not self._changeset_cache:
                         return dummy
                     try:
                         return json.loads(self._changeset_cache)
                     except TypeError:
                         return dummy
                 @changeset_cache.setter
                 def changeset_cache(self, val):
                     try:
                         self._changeset_cache = json.dumps(val)
                     except Exception:
                         log.error(traceback.format_exc())
                 @classmethod
                 def url_sep(cls):
                     return URL_SEP
                 @classmethod
                 def normalize_repo_name(cls, repo_name):
                     """
                     Normalizes os specific repo_name to the format internally stored inside
                     dabatabase using URL_SEP
                     :param cls:
                     :param repo_name:
                     """
                     return cls.url_sep().join(repo_name.split(os.sep))
                 @classmethod
                 def get_by_repo_name(cls, repo_name):
                     q = Session().query(cls).filter(cls.repo_name == repo_name)
                     q = q.options(joinedload(Repository.fork))\
                             .options(joinedload(Repository.user))\
                             .options(joinedload(Repository.group))
                     return q.scalar()
                 @classmethod
                 def get_by_full_path(cls, repo_full_path):
                     repo_name = repo_full_path.split(cls.base_path(), 1)[-1]
                     repo_name = cls.normalize_repo_name(repo_name)
                     return cls.get_by_repo_name(repo_name.strip(URL_SEP))
                 @classmethod
                 def get_repo_forks(cls, repo_id):
                     return cls.query().filter(Repository.fork_id == repo_id)
                 @classmethod
                 def base_path(cls):
                     """
                     Returns base path when all repos are stored
                     :param cls:
                     """
                     q = Session().query(RhodeCodeUi)\
                         .filter(RhodeCodeUi.ui_key == cls.url_sep())
                     q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
                     return q.one().ui_value
                 @property
                 def forks(self):
                     """
                     Return forks of this repo
                     """
                     return Repository.get_repo_forks(self.repo_id)
                 @property
                 def parent(self):
                     """
                     Returns fork parent
                     """
                     return self.fork
                 @property
                 def just_name(self):
                     return self.repo_name.split(Repository.url_sep())[-1]
                 @property
                 def groups_with_parents(self):
                     groups = []
                     if self.group is None:
                         return groups
                     cur_gr = self.group
                     groups.insert(0, cur_gr)
                     while 1:
                         gr = getattr(cur_gr, 'parent_group', None)
                         cur_gr = cur_gr.parent_group
                         if gr is None:
                             break
                         groups.insert(0, gr)
                     return groups
                 @property
                 def groups_and_repo(self):
                     return self.groups_with_parents, self.just_name, self.repo_name
                 @LazyProperty
                 def repo_path(self):
                     """
                     Returns base full path for that repository means where it actually
                     exists on a filesystem
                     """
                     q = Session().query(RhodeCodeUi).filter(RhodeCodeUi.ui_key ==
                                                           Repository.url_sep())
                     q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
                     return q.one().ui_value
                 @property
                 def repo_full_path(self):
                     p = [self.repo_path]
                     # we need to split the name by / since this is how we store the
                     # names in the database, but that eventually needs to be converted
                     # into a valid system path
                     p += self.repo_name.split(Repository.url_sep())
                     return os.path.join(*map(safe_unicode, p))
                 @property
                 def cache_keys(self):
                     """
                     Returns associated cache keys for that repo
                     """
                     return CacheInvalidation.query()\
                         .filter(CacheInvalidation.cache_args == self.repo_name)\
                         .order_by(CacheInvalidation.cache_key)\
                         .all()
                 def get_new_name(self, repo_name):
                     """
                     returns new full repository name based on assigned group and new new
                     :param group_name:
                     """
                     path_prefix = self.group.full_path_splitted if self.group else []
                     return Repository.url_sep().join(path_prefix + [repo_name])
                 @property
                 def _ui(self):
                     """
                     Creates an db based ui object for this repository
                     """
                     from rhodecode.lib.utils import make_ui
                     return make_ui('db', clear_session=False)
                 @classmethod
                 def is_valid(cls, repo_name):
                     """
                     returns True if given repo name is a valid filesystem repository
                     :param cls:
                     :param repo_name:
                     """
                     from rhodecode.lib.utils import is_valid_repo
                     return is_valid_repo(repo_name, cls.base_path())
                 def get_api_data(self):
                     """
                     Common function for generating repo api data
                     """
                     repo = self
                     data = dict(
                         repo_id=repo.repo_id,
                         repo_name=repo.repo_name,
                         repo_type=repo.repo_type,
                         clone_uri=repo.clone_uri,
                         private=repo.private,
                         created_on=repo.created_on,
                         description=repo.description,
                         landing_rev=repo.landing_rev,
                         owner=repo.user.username,
                         fork_of=repo.fork.repo_name if repo.fork else None,
                         enable_statistics=repo.enable_statistics,
                         enable_locking=repo.enable_locking,
                         enable_downloads=repo.enable_downloads,
                         last_changeset=repo.changeset_cache,
                         locked_by=User.get(self.locked[0]).get_api_data() \
                             if self.locked[0] else None,
                         locked_date=time_to_datetime(self.locked[1]) \
                             if self.locked[1] else None
                     )
                     rc_config = RhodeCodeSetting.get_app_settings()
                     repository_fields = str2bool(rc_config.get('rhodecode_repository_fields'))
                     if repository_fields:
                         for f in self.extra_fields:
                             data[f.field_key_prefixed] = f.field_value
                     return data
                 @classmethod
                 def lock(cls, repo, user_id):
                     repo.locked = [user_id, time.time()]
                     Session().add(repo)
                     Session().commit()
                 @classmethod
                 def unlock(cls, repo):
                     repo.locked = None
                     Session().add(repo)
                     Session().commit()
                 @classmethod
                 def getlock(cls, repo):
                     return repo.locked
                 @property
                 def last_db_change(self):
                     return self.updated_on
                 def clone_url(self, **override):
                     from pylons import url
                     from urlparse import urlparse
                     import urllib
                     parsed_url = urlparse(url('home', qualified=True))
                     default_clone_uri = '%(scheme)s://%(user)s%(pass)s%(netloc)s%(prefix)s%(path)s'
                     decoded_path = safe_unicode(urllib.unquote(parsed_url.path))
                     args = {
                        'user': '',
                        'pass': '',
                        'scheme': parsed_url.scheme,
                        'netloc': parsed_url.netloc,
                        'prefix': decoded_path,
                        'path': self.repo_name
                     }
                     args.update(override)
                     return default_clone_uri % args
                 #==========================================================================
                 # SCM PROPERTIES
                 #==========================================================================
                 def get_changeset(self, rev=None):
                     return get_changeset_safe(self.scm_instance, rev)
                 def get_landing_changeset(self):
                     """
                     Returns landing changeset, or if that doesn't exist returns the tip
                     """
                     cs = self.get_changeset(self.landing_rev) or self.get_changeset()
                     return cs
                 def update_changeset_cache(self, cs_cache=None):
                     """
                     Update cache of last changeset for repository, keys should be::
                         short_id
                         raw_id
                         revision
                         message
                         date
                         author
                     :param cs_cache:
                     """
                     from rhodecode.lib.vcs.backends.base import BaseChangeset
                     if cs_cache is None:
                         cs_cache = EmptyChangeset()
                         # use no-cache version here
                         scm_repo = self.scm_instance_no_cache()
                         if scm_repo:
                             cs_cache = scm_repo.get_changeset()
                     if isinstance(cs_cache, BaseChangeset):
                         cs_cache = cs_cache.__json__()
                     if (cs_cache != self.changeset_cache or not self.changeset_cache):
                         _default = datetime.datetime.fromtimestamp(0)
                         last_change = cs_cache.get('date') or _default
                         log.debug('updated repo %s with new cs cache %s'
                                   % (self.repo_name, cs_cache))
                         self.updated_on = last_change
                         self.changeset_cache = cs_cache
                         Session().add(self)
                         Session().commit()
                     else:
                         log.debug('Skipping repo:%s already with latest changes'
                                   % self.repo_name)
                 @property
                 def tip(self):
                     return self.get_changeset('tip')
                 @property
                 def author(self):
                     return self.tip.author
                 @property
                 def last_change(self):
                     return self.scm_instance.last_change
                 def get_comments(self, revisions=None):
                     """
                     Returns comments for this repository grouped by revisions
                     :param revisions: filter query by revisions only
                     """
                     cmts = ChangesetComment.query()\
                         .filter(ChangesetComment.repo == self)
                     if revisions:
                         cmts = cmts.filter(ChangesetComment.revision.in_(revisions))
                     grouped = defaultdict(list)
                     for cmt in cmts.all():
                         grouped[cmt.revision].append(cmt)
                     return grouped
                 def statuses(self, revisions=None):
                     """
                     Returns statuses for this repository
                     :param revisions: list of revisions to get statuses for
                     :type revisions: list
                     """
                     statuses = ChangesetStatus.query()\
                         .filter(ChangesetStatus.repo == self)\
                         .filter(ChangesetStatus.version == 0)
                     if revisions:
                         statuses = statuses.filter(ChangesetStatus.revision.in_(revisions))
                     grouped = {}
                     #maybe we have open new pullrequest without a status ?
                     stat = ChangesetStatus.STATUS_UNDER_REVIEW
                     status_lbl = ChangesetStatus.get_status_lbl(stat)
                     for pr in PullRequest.query().filter(PullRequest.org_repo == self).all():
                         for rev in pr.revisions:
                             pr_id = pr.pull_request_id
                             pr_repo = pr.other_repo.repo_name
                             grouped[rev] = [stat, status_lbl, pr_id, pr_repo]
                     for stat in statuses.all():
                         pr_id = pr_repo = None
                         if stat.pull_request:
                             pr_id = stat.pull_request.pull_request_id
                             pr_repo = stat.pull_request.other_repo.repo_name
                         grouped[stat.revision] = [str(stat.status), stat.status_lbl,
                                                   pr_id, pr_repo]
                     return grouped
                 def _repo_size(self):
                     from rhodecode.lib import helpers as h
                     log.debug('calculating repository size...')
                     return h.format_byte_size(self.scm_instance.size)
                 #==========================================================================
                 # SCM CACHE INSTANCE
                 #==========================================================================
                 def set_invalidate(self):
                     """
                     Mark caches of this repo as invalid.
                     """
                     CacheInvalidation.set_invalidate(self.repo_name)
                 def scm_instance_no_cache(self):
                     return self.__get_instance()
                 @property
                 def scm_instance(self):
                     import rhodecode
                     full_cache = str2bool(rhodecode.CONFIG.get('vcs_full_cache'))
                     if full_cache:
                         return self.scm_instance_cached()
                     return self.__get_instance()
                 def scm_instance_cached(self, valid_cache_keys=None):
                     @cache_region('long_term')
                     def _c(repo_name):
                         return self.__get_instance()
                     rn = self.repo_name
                     valid = CacheInvalidation.test_and_set_valid(rn, None, valid_cache_keys=valid_cache_keys)
                     if not valid:
                         log.debug('Cache for %s invalidated, getting new object' % (rn))
                         region_invalidate(_c, None, rn)
                     else:
                         log.debug('Getting obj for %s from cache' % (rn))
                     return _c(rn)
                 def __get_instance(self):
                     repo_full_path = self.repo_full_path
                     try:
                         alias = get_scm(repo_full_path)[0]
                         log.debug('Creating instance of %s repository from %s'
                                   % (alias, repo_full_path))
                         backend = get_backend(alias)
                     except VCSError:
                         log.error(traceback.format_exc())
                         log.error('Perhaps this repository is in db and not in '
                                   'filesystem run rescan repositories with '
                                   '"destroy old data " option from admin panel')
                         return
                     if alias == 'hg':
                         repo = backend(safe_str(repo_full_path), create=False,
                                        baseui=self._ui)
                         # skip hidden web repository
                         if repo._get_hidden():
                             return
                     else:
                         repo = backend(repo_full_path, create=False)
                     return repo
             class RepoGroup(Base, BaseModel):
                 __tablename__ = 'groups'
                 __table_args__ = (
                     UniqueConstraint('group_name', 'group_parent_id'),
                     CheckConstraint('group_id != group_parent_id'),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'},
                 )
                 __mapper_args__ = {'order_by': 'group_name'}
                 group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 group_name = Column("group_name", String(255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
                 group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)
                 group_description = Column("group_description", String(10000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 enable_locking = Column("enable_locking", Boolean(), nullable=False, unique=None, default=False)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
                 repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')
                 users_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
                 parent_group = relationship('RepoGroup', remote_side=group_id)
                 user = relationship('User')
                 def __init__(self, group_name='', parent_group=None):
                     self.group_name = group_name
                     self.parent_group = parent_group
                 def __unicode__(self):
                     return u"<%s('id:%s:%s')>" % (self.__class__.__name__, self.group_id,
                                                   self.group_name)
                 @classmethod
                 def groups_choices(cls, groups=None, show_empty_group=True):
                     from webhelpers.html import literal as _literal
                     if not groups:
                         groups = cls.query().all()
                     repo_groups = []
                     if show_empty_group:
                         repo_groups = [('-1', '-- %s --' % _('top level'))]
                     sep = ' &raquo; '
                     _name = lambda k: _literal(sep.join(k))
                     repo_groups.extend([(x.group_id, _name(x.full_path_splitted))
                                           for x in groups])
                     repo_groups = sorted(repo_groups, key=lambda t: t[1].split(sep)[0])
                     return repo_groups
                 @classmethod
                 def url_sep(cls):
                     return URL_SEP
                 @classmethod
                 def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):
                     if case_insensitive:
                         gr = cls.query()\
                             .filter(cls.group_name.ilike(group_name))
                     else:
                         gr = cls.query()\
                             .filter(cls.group_name == group_name)
                     if cache:
                         gr = gr.options(FromCache(
                                         "sql_cache_short",
                                         "get_group_%s" % _hash_key(group_name)
                                         )
                         )
                     return gr.scalar()
                 @property
                 def parents(self):
                     parents_recursion_limit = 5
                     groups = []
                     if self.parent_group is None:
                         return groups
                     cur_gr = self.parent_group
                     groups.insert(0, cur_gr)
                     cnt = 0
                     while 1:
                         cnt += 1
                         gr = getattr(cur_gr, 'parent_group', None)
                         cur_gr = cur_gr.parent_group
                         if gr is None:
                             break
                         if cnt == parents_recursion_limit:
                             # this will prevent accidental infinit loops
                             log.error('group nested more than %s' %
                                       parents_recursion_limit)
                             break
                         groups.insert(0, gr)
                     return groups
                 @property
                 def children(self):
                     return RepoGroup.query().filter(RepoGroup.parent_group == self)
                 @property
                 def name(self):
                     return self.group_name.split(RepoGroup.url_sep())[-1]
                 @property
                 def full_path(self):
                     return self.group_name
                 @property
                 def full_path_splitted(self):
                     return self.group_name.split(RepoGroup.url_sep())
                 @property
                 def repositories(self):
                     return Repository.query()\
                             .filter(Repository.group == self)\
                             .order_by(Repository.repo_name)
                 @property
                 def repositories_recursive_count(self):
                     cnt = self.repositories.count()
                     def children_count(group):
                         cnt = 0
                         for child in group.children:
                             cnt += child.repositories.count()
                             cnt += children_count(child)
                         return cnt
                     return cnt + children_count(self)
                 def _recursive_objects(self, include_repos=True):
                     all_ = []
                     def _get_members(root_gr):
                         if include_repos:
                             for r in root_gr.repositories:
                                 all_.append(r)
                         childs = root_gr.children.all()
                         if childs:
                             for gr in childs:
                                 all_.append(gr)
                                 _get_members(gr)
                     _get_members(self)
                     return [self] + all_
                 def recursive_groups_and_repos(self):
                     """
                     Recursive return all groups, with repositories in those groups
                     """
                     return self._recursive_objects()
                 def recursive_groups(self):
                     """
                     Returns all children groups for this group including children of children
                     """
                     return self._recursive_objects(include_repos=False)
                 def get_new_name(self, group_name):
                     """
                     returns new full group name based on parent and new name
                     :param group_name:
                     """
                     path_prefix = (self.parent_group.full_path_splitted if
                                    self.parent_group else [])
                     return RepoGroup.url_sep().join(path_prefix + [group_name])
             class Permission(Base, BaseModel):
                 __tablename__ = 'permissions'
                 __table_args__ = (
                     Index('p_perm_name_idx', 'permission_name'),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'},
                 )
                 PERMS = [
                     ('hg.admin', _('RhodeCode Administrator')),
                     ('repository.none', _('Repository no access')),
                     ('repository.read', _('Repository read access')),
                     ('repository.write', _('Repository write access')),
                     ('repository.admin', _('Repository admin access')),
                     ('group.none', _('Repository group no access')),
                     ('group.read', _('Repository group read access')),
                     ('group.write', _('Repository group write access')),
                     ('group.admin', _('Repository group admin access')),
                     ('usergroup.none', _('User group no access')),
                     ('usergroup.read', _('User group read access')),
                     ('usergroup.write', _('User group write access')),
                     ('usergroup.admin', _('User group admin access')),
                     ('hg.repogroup.create.false', _('Repository Group creation disabled')),
                     ('hg.repogroup.create.true', _('Repository Group creation enabled')),
                     ('hg.usergroup.create.false', _('User Group creation disabled')),
                     ('hg.usergroup.create.true', _('User Group creation enabled')),
                     ('hg.create.none', _('Repository creation disabled')),
                     ('hg.create.repository', _('Repository creation enabled')),
                     ('hg.fork.none', _('Repository forking disabled')),
                     ('hg.fork.repository', _('Repository forking enabled')),
-                    ('hg.register.none', _('Register disabled')),
+                    ('hg.register.none', _('Registration disabled')),
-                    ('hg.register.manual_activate', _('Register new user with RhodeCode '
+                    ('hg.register.manual_activate', _('User Registration with manual account activation')),
-                                                      'with manual activation')),
+                    ('hg.register.auto_activate', _('User Registration with automatic account activation')),
-                    ('hg.register.auto_activate', _('Register new user with RhodeCode '
+                    ('hg.extern_activate.manual', _('Manual activation of external account')),
-                                                    'with auto activation')),
+                    ('hg.extern_activate.auto', _('Automatic activation of external account')),
                 ]
                 #definition of system default permissions for DEFAULT user
                 DEFAULT_USER_PERMISSIONS = [
                     'repository.read',
                     'group.read',
                     'usergroup.read',
                     'hg.create.repository',
                     'hg.fork.repository',
                     'hg.register.manual_activate',
+                    'hg.extern_activate.auto',
                 ]
                 # defines which permissions are more important higher the more important
                 # Weight defines which permissions are more important.
                 # The higher number the more important.
                 PERM_WEIGHTS = {
                     'repository.none': 0,
                     'repository.read': 1,
                     'repository.write': 3,
                     'repository.admin': 4,
                     'group.none': 0,
                     'group.read': 1,
                     'group.write': 3,
                     'group.admin': 4,
                     'usergroup.none': 0,
                     'usergroup.read': 1,
                     'usergroup.write': 3,
                     'usergroup.admin': 4,
                     'hg.repogroup.create.false': 0,
                     'hg.repogroup.create.true': 1,
                     'hg.usergroup.create.false': 0,
                     'hg.usergroup.create.true': 1,
                     'hg.fork.none': 0,
                     'hg.fork.repository': 1,
                     'hg.create.none': 0,
                     'hg.create.repository': 1
                 }
                 permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 permission_name = Column("permission_name", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 permission_longname = Column("permission_longname", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 def __unicode__(self):
                     return u"<%s('%s:%s')>" % (
                         self.__class__.__name__, self.permission_id, self.permission_name
                     )
                 @classmethod
                 def get_by_key(cls, key):
                     return cls.query().filter(cls.permission_name == key).scalar()
                 @classmethod
                 def get_default_perms(cls, default_user_id):
                     q = Session().query(UserRepoToPerm, Repository, cls)\
                      .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\
                      .join((cls, UserRepoToPerm.permission_id == cls.permission_id))\
                      .filter(UserRepoToPerm.user_id == default_user_id)
                     return q.all()
                 @classmethod
                 def get_default_group_perms(cls, default_user_id):
                     q = Session().query(UserRepoGroupToPerm, RepoGroup, cls)\
                      .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
                      .join((cls, UserRepoGroupToPerm.permission_id == cls.permission_id))\
                      .filter(UserRepoGroupToPerm.user_id == default_user_id)
                     return q.all()
                 @classmethod
                 def get_default_user_group_perms(cls, default_user_id):
                     q = Session().query(UserUserGroupToPerm, UserGroup, cls)\
                      .join((UserGroup, UserUserGroupToPerm.user_group_id == UserGroup.users_group_id))\
                      .join((cls, UserUserGroupToPerm.permission_id == cls.permission_id))\
                      .filter(UserUserGroupToPerm.user_id == default_user_id)
                     return q.all()
             class UserRepoToPerm(Base, BaseModel):
                 __tablename__ = 'repo_to_perm'
                 __table_args__ = (
                     UniqueConstraint('user_id', 'repository_id', 'permission_id'),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'}
                 )
                 repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
                 user = relationship('User')
                 repository = relationship('Repository')
                 permission = relationship('Permission')
                 @classmethod
                 def create(cls, user, repository, permission):
                     n = cls()
                     n.user = user
                     n.repository = repository
                     n.permission = permission
                     Session().add(n)
                     return n
                 def __unicode__(self):
                     return u'<%s => %s >' % (self.user, self.repository)
             class UserUserGroupToPerm(Base, BaseModel):
                 __tablename__ = 'user_user_group_to_perm'
                 __table_args__ = (
                     UniqueConstraint('user_id', 'user_group_id', 'permission_id'),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'}
                 )
                 user_user_group_to_perm_id = Column("user_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
                 user = relationship('User')
                 user_group = relationship('UserGroup')
                 permission = relationship('Permission')
                 @classmethod
                 def create(cls, user, user_group, permission):
                     n = cls()
                     n.user = user
                     n.user_group = user_group
                     n.permission = permission
                     Session().add(n)
                     return n
                 def __unicode__(self):
                     return u'<%s => %s >' % (self.user, self.user_group)
             class UserToPerm(Base, BaseModel):
                 __tablename__ = 'user_to_perm'
                 __table_args__ = (
                     UniqueConstraint('user_id', 'permission_id'),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'}
                 )
                 user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                 user = relationship('User')
                 permission = relationship('Permission', lazy='joined')
                 def __unicode__(self):
                     return u'<%s => %s >' % (self.user, self.permission)
             class UserGroupRepoToPerm(Base, BaseModel):
                 __tablename__ = 'users_group_repo_to_perm'
                 __table_args__ = (
                     UniqueConstraint('repository_id', 'users_group_id', 'permission_id'),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'}
                 )
                 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
                 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
                 users_group = relationship('UserGroup')
                 permission = relationship('Permission')
                 repository = relationship('Repository')
                 @classmethod
                 def create(cls, users_group, repository, permission):
                     n = cls()
                     n.users_group = users_group
                     n.repository = repository
                     n.permission = permission
                     Session().add(n)
                     return n
                 def __unicode__(self):
                     return u'<userGroup:%s => %s >' % (self.users_group, self.repository)
             #TODO; not sure if this will be ever used
             class UserGroupUserGroupToPerm(Base, BaseModel):
                 __tablename__ = 'user_group_user_group_to_perm'
                 __table_args__ = (
                     UniqueConstraint('user_group_id', 'user_group_id', 'permission_id'),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'}
                 )
                 user_user_group_to_perm_id = Column("user_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 target_user_group_id = Column("target_users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
                 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
                 target_user_group = relationship('UserGroup', remote_side=target_user_group_id, primaryjoin='UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id')
                 user_group = relationship('UserGroup', remote_side=user_group_id, primaryjoin='UserGroupUserGroupToPerm.user_group_id==UserGroup.users_group_id')
                 permission = relationship('Permission')
                 @classmethod
                 def create(cls, target_user_group, user_group, permission):
                     n = cls()
                     n.target_user_group = target_user_group
                     n.user_group = user_group
                     n.permission = permission
                     Session().add(n)
                     return n
                 def __unicode__(self):
                     return u'<UserGroup:%s => %s >' % (self.target_user_group, self.user_group)
             class UserGroupToPerm(Base, BaseModel):
                 __tablename__ = 'users_group_to_perm'
                 __table_args__ = (
                     UniqueConstraint('users_group_id', 'permission_id',),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'}
                 )
                 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
                 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                 users_group = relationship('UserGroup')
                 permission = relationship('Permission')
             class UserRepoGroupToPerm(Base, BaseModel):
                 __tablename__ = 'user_repo_group_to_perm'
                 __table_args__ = (
                     UniqueConstraint('user_id', 'group_id', 'permission_id'),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'}
                 )
                 group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
                 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                 user = relationship('User')
                 group = relationship('RepoGroup')
                 permission = relationship('Permission')
             class UserGroupRepoGroupToPerm(Base, BaseModel):
                 __tablename__ = 'users_group_repo_group_to_perm'
                 __table_args__ = (
                     UniqueConstraint('users_group_id', 'group_id'),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'}
                 )
                 users_group_repo_group_to_perm_id = Column("users_group_repo_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
                 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
                 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                 users_group = relationship('UserGroup')
                 permission = relationship('Permission')
                 group = relationship('RepoGroup')
             class Statistics(Base, BaseModel):
                 __tablename__ = 'statistics'
                 __table_args__ = (
                      UniqueConstraint('repository_id'),
                      {'extend_existing': True, 'mysql_engine': 'InnoDB',
                       'mysql_charset': 'utf8'}
                 )
                 stat_id = Column("stat_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=True, default=None)
                 stat_on_revision = Column("stat_on_revision", Integer(), nullable=False)
                 commit_activity = Column("commit_activity", LargeBinary(1000000), nullable=False)#JSON data
                 commit_activity_combined = Column("commit_activity_combined", LargeBinary(), nullable=False)#JSON data
                 languages = Column("languages", LargeBinary(1000000), nullable=False)#JSON data
                 repository = relationship('Repository', single_parent=True)
             class UserFollowing(Base, BaseModel):
                 __tablename__ = 'user_followings'
                 __table_args__ = (
                     UniqueConstraint('user_id', 'follows_repository_id'),
                     UniqueConstraint('user_id', 'follows_user_id'),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'}
                 )
                 user_following_id = Column("user_following_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                 follows_repo_id = Column("follows_repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=None, default=None)
                 follows_user_id = Column("follows_user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
                 follows_from = Column('follows_from', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
                 user = relationship('User', primaryjoin='User.user_id==UserFollowing.user_id')
                 follows_user = relationship('User', primaryjoin='User.user_id==UserFollowing.follows_user_id')
                 follows_repository = relationship('Repository', order_by='Repository.repo_name')
                 @classmethod
                 def get_repo_followers(cls, repo_id):
                     return cls.query().filter(cls.follows_repo_id == repo_id)
             class CacheInvalidation(Base, BaseModel):
                 __tablename__ = 'cache_invalidation'
                 __table_args__ = (
                     UniqueConstraint('cache_key'),
                     Index('key_idx', 'cache_key'),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'},
                 )
                 # cache_id, not used
                 cache_id = Column("cache_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 # cache_key as created by _get_cache_key
                 cache_key = Column("cache_key", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 # cache_args is a repo_name
                 cache_args = Column("cache_args", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 # instance sets cache_active True when it is caching,
                 # other instances set cache_active to False to indicate that this cache is invalid
                 cache_active = Column("cache_active", Boolean(), nullable=True, unique=None, default=False)
                 def __init__(self, cache_key, repo_name=''):
                     self.cache_key = cache_key
                     self.cache_args = repo_name
                     self.cache_active = False
                 def __unicode__(self):
                     return u"<%s('%s:%s[%s]')>" % (self.__class__.__name__,
                                         self.cache_id, self.cache_key, self.cache_active)
                 def _cache_key_partition(self):
                     prefix, repo_name, suffix = self.cache_key.partition(self.cache_args)
                     return prefix, repo_name, suffix
                 def get_prefix(self):
                     """
                     get prefix that might have been used in _get_cache_key to
                     generate self.cache_key. Only used for informational purposes
                     in repo_edit.html.
                     """
                     # prefix, repo_name, suffix
                     return self._cache_key_partition()[0]
                 def get_suffix(self):
                     """
                     get suffix that might have been used in _get_cache_key to
                     generate self.cache_key. Only used for informational purposes
                     in repo_edit.html.
                     """
                     # prefix, repo_name, suffix
                     return self._cache_key_partition()[2]
                 @classmethod
                 def clear_cache(cls):
                     """
                     Delete all cache keys from database.
                     Should only be run when all instances are down and all entries thus stale.
                     """
                     cls.query().delete()
                     Session().commit()
                 @classmethod
                 def _get_cache_key(cls, key):
                     """
                     Wrapper for generating a unique cache key for this instance and "key".
                     key must / will start with a repo_name which will be stored in .cache_args .
                     """
                     import rhodecode
                     prefix = rhodecode.CONFIG.get('instance_id', '')
                     return "%s%s" % (prefix, key)
                 @classmethod
                 def set_invalidate(cls, repo_name):
                     """
                     Mark all caches of a repo as invalid in the database.
                     """
                     inv_objs = Session().query(cls).filter(cls.cache_args == repo_name).all()
                     try:
                         for inv_obj in inv_objs:
                             log.debug('marking %s key for invalidation based on repo_name=%s'
                                       % (inv_obj, safe_str(repo_name)))
                             inv_obj.cache_active = False
                             Session().add(inv_obj)
                         Session().commit()
                     except Exception:
                         log.error(traceback.format_exc())
                         Session().rollback()
                 @classmethod
                 def test_and_set_valid(cls, repo_name, kind, valid_cache_keys=None):
                     """
                     Mark this cache key as active and currently cached.
                     Return True if the existing cache registration still was valid.
                     Return False to indicate that it had been invalidated and caches should be refreshed.
                     """
                     key = (repo_name + '_' + kind) if kind else repo_name
                     cache_key = cls._get_cache_key(key)
                     if valid_cache_keys and cache_key in valid_cache_keys:
                         return True
                     try:
                         inv_obj = cls.query().filter(cls.cache_key == cache_key).scalar()
                         if not inv_obj:
                             inv_obj = CacheInvalidation(cache_key, repo_name)
                         was_valid = inv_obj.cache_active
                         inv_obj.cache_active = True
                         Session().add(inv_obj)
                         Session().commit()
                         return was_valid
                     except Exception:
                         log.error(traceback.format_exc())
                         Session().rollback()
                         return False
                 @classmethod
                 def get_valid_cache_keys(cls):
                     """
                     Return opaque object with information of which caches still are valid
                     and can be used without checking for invalidation.
                     """
                     return set(inv_obj.cache_key for inv_obj in cls.query().filter(cls.cache_active).all())
             class ChangesetComment(Base, BaseModel):
                 __tablename__ = 'changeset_comments'
                 __table_args__ = (
                     Index('cc_revision_idx', 'revision'),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'},
                 )
                 comment_id = Column('comment_id', Integer(), nullable=False, primary_key=True)
                 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
                 revision = Column('revision', String(40), nullable=True)
                 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
                 line_no = Column('line_no', Unicode(10), nullable=True)
                 hl_lines = Column('hl_lines', Unicode(512), nullable=True)
                 f_path = Column('f_path', Unicode(1000), nullable=True)
                 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)
                 text = Column('text', UnicodeText(25000), nullable=False)
                 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
                 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
                 author = relationship('User', lazy='joined')
                 repo = relationship('Repository')
                 status_change = relationship('ChangesetStatus', cascade="all, delete, delete-orphan")
                 pull_request = relationship('PullRequest', lazy='joined')
                 @classmethod
                 def get_users(cls, revision=None, pull_request_id=None):
                     """
                     Returns user associated with this ChangesetComment. ie those
                     who actually commented
                     :param cls:
                     :param revision:
                     """
                     q = Session().query(User)\
                             .join(ChangesetComment.author)
                     if revision:
                         q = q.filter(cls.revision == revision)
                     elif pull_request_id:
                         q = q.filter(cls.pull_request_id == pull_request_id)
                     return q.all()
             class ChangesetStatus(Base, BaseModel):
                 __tablename__ = 'changeset_statuses'
                 __table_args__ = (
                     Index('cs_revision_idx', 'revision'),
                     Index('cs_version_idx', 'version'),
                     UniqueConstraint('repo_id', 'revision', 'version'),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'}
                 )
                 STATUS_NOT_REVIEWED = DEFAULT = 'not_reviewed'
                 STATUS_APPROVED = 'approved'
                 STATUS_REJECTED = 'rejected'
                 STATUS_UNDER_REVIEW = 'under_review'
                 STATUSES = [
                     (STATUS_NOT_REVIEWED, _("Not Reviewed")),  # (no icon) and default
                     (STATUS_APPROVED, _("Approved")),
                     (STATUS_REJECTED, _("Rejected")),
                     (STATUS_UNDER_REVIEW, _("Under Review")),
                 ]
                 changeset_status_id = Column('changeset_status_id', Integer(), nullable=False, primary_key=True)
                 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None)
                 revision = Column('revision', String(40), nullable=False)
                 status = Column('status', String(128), nullable=False, default=DEFAULT)
                 changeset_comment_id = Column('changeset_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'))
                 modified_at = Column('modified_at', DateTime(), nullable=False, default=datetime.datetime.now)
                 version = Column('version', Integer(), nullable=False, default=0)
                 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
                 author = relationship('User', lazy='joined')
                 repo = relationship('Repository')
                 comment = relationship('ChangesetComment', lazy='joined')
                 pull_request = relationship('PullRequest', lazy='joined')
                 def __unicode__(self):
                     return u"<%s('%s:%s')>" % (
                         self.__class__.__name__,
                         self.status, self.author
                     )
                 @classmethod
                 def get_status_lbl(cls, value):
                     return dict(cls.STATUSES).get(value)
                 @property
                 def status_lbl(self):
                     return ChangesetStatus.get_status_lbl(self.status)
             class PullRequest(Base, BaseModel):
                 __tablename__ = 'pull_requests'
                 __table_args__ = (
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'},
                 )
                 STATUS_NEW = u'new'
                 STATUS_OPEN = u'open'
                 STATUS_CLOSED = u'closed'
                 pull_request_id = Column('pull_request_id', Integer(), nullable=False, primary_key=True)
                 title = Column('title', Unicode(256), nullable=True)
                 description = Column('description', UnicodeText(10240), nullable=True)
                 status = Column('status', Unicode(256), nullable=False, default=STATUS_NEW)
                 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
                 updated_on = Column('updated_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None)
                 _revisions = Column('revisions', UnicodeText(20500))  # 500 revisions max
                 org_repo_id = Column('org_repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
                 org_ref = Column('org_ref', Unicode(256), nullable=False)
                 other_repo_id = Column('other_repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
                 other_ref = Column('other_ref', Unicode(256), nullable=False)
                 @hybrid_property
                 def revisions(self):
                     return self._revisions.split(':')
                 @revisions.setter
                 def revisions(self, val):
                     self._revisions = ':'.join(val)
                 @property
                 def org_ref_parts(self):
                     return self.org_ref.split(':')
                 @property
                 def other_ref_parts(self):
                     return self.other_ref.split(':')
                 author = relationship('User', lazy='joined')
                 reviewers = relationship('PullRequestReviewers',
                                          cascade="all, delete, delete-orphan")
                 org_repo = relationship('Repository', primaryjoin='PullRequest.org_repo_id==Repository.repo_id')
                 other_repo = relationship('Repository', primaryjoin='PullRequest.other_repo_id==Repository.repo_id')
                 statuses = relationship('ChangesetStatus')
                 comments = relationship('ChangesetComment',
                                          cascade="all, delete, delete-orphan")
                 def is_closed(self):
                     return self.status == self.STATUS_CLOSED
                 @property
                 def last_review_status(self):
                     return self.statuses[-1].status if self.statuses else ''
                 def __json__(self):
                     return dict(
                       revisions=self.revisions
                     )
             class PullRequestReviewers(Base, BaseModel):
                 __tablename__ = 'pull_request_reviewers'
                 __table_args__ = (
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'},
                 )
                 def __init__(self, user=None, pull_request=None):
                     self.user = user
                     self.pull_request = pull_request
                 pull_requests_reviewers_id = Column('pull_requests_reviewers_id', Integer(), nullable=False, primary_key=True)
                 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=False)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True)
                 user = relationship('User')
                 pull_request = relationship('PullRequest')
             class Notification(Base, BaseModel):
                 __tablename__ = 'notifications'
                 __table_args__ = (
                     Index('notification_type_idx', 'type'),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'},
                 )
                 TYPE_CHANGESET_COMMENT = u'cs_comment'
                 TYPE_MESSAGE = u'message'
                 TYPE_MENTION = u'mention'
                 TYPE_REGISTRATION = u'registration'
                 TYPE_PULL_REQUEST = u'pull_request'
                 TYPE_PULL_REQUEST_COMMENT = u'pull_request_comment'
                 notification_id = Column('notification_id', Integer(), nullable=False, primary_key=True)
                 subject = Column('subject', Unicode(512), nullable=True)
                 body = Column('body', UnicodeText(50000), nullable=True)
                 created_by = Column("created_by", Integer(), ForeignKey('users.user_id'), nullable=True)
                 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
                 type_ = Column('type', Unicode(256))
                 created_by_user = relationship('User')
                 notifications_to_users = relationship('UserNotification', lazy='joined',
                                                       cascade="all, delete, delete-orphan")
                 @property
                 def recipients(self):
                     return [x.user for x in UserNotification.query()\
                             .filter(UserNotification.notification == self)\
                             .order_by(UserNotification.user_id.asc()).all()]
                 @classmethod
                 def create(cls, created_by, subject, body, recipients, type_=None):
                     if type_ is None:
                         type_ = Notification.TYPE_MESSAGE
                     notification = cls()
                     notification.created_by_user = created_by
                     notification.subject = subject
                     notification.body = body
                     notification.type_ = type_
                     notification.created_on = datetime.datetime.now()
                     for u in recipients:
                         assoc = UserNotification()
                         assoc.notification = notification
                         u.notifications.append(assoc)
                     Session().add(notification)
                     return notification
                 @property
                 def description(self):
                     from rhodecode.model.notification import NotificationModel
                     return NotificationModel().make_description(self)
             class UserNotification(Base, BaseModel):
                 __tablename__ = 'user_to_notification'
                 __table_args__ = (
                     UniqueConstraint('user_id', 'notification_id'),
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'}
                 )
                 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), primary_key=True)
                 notification_id = Column("notification_id", Integer(), ForeignKey('notifications.notification_id'), primary_key=True)
                 read = Column('read', Boolean, default=False)
                 sent_on = Column('sent_on', DateTime(timezone=False), nullable=True, unique=None)
                 user = relationship('User', lazy="joined")
                 notification = relationship('Notification', lazy="joined",
                                             order_by=lambda: Notification.created_on.desc(),)
                 def mark_as_read(self):
                     self.read = True
                     Session().add(self)
             class DbMigrateVersion(Base, BaseModel):
                 __tablename__ = 'db_migrate_version'
                 __table_args__ = (
                     {'extend_existing': True, 'mysql_engine': 'InnoDB',
                      'mysql_charset': 'utf8'},
                 )
                 repository_id = Column('repository_id', String(250), primary_key=True)
                 repository_path = Column('repository_path', Text)
                 version = Column('version', Integer)

rhodecode/model/forms.py

0 +2 -1

             """ this is forms validation classes
             http://formencode.org/module-formencode.validators.html
             for list off all availible validators
             we can create our own validators
             The table below outlines the options which can be used in a schema in addition to the validators themselves
             pre_validators          []     These validators will be applied before the schema
             chained_validators      []     These validators will be applied after the schema
             allow_extra_fields      False     If True, then it is not an error when keys that aren't associated with a validator are present
             filter_extra_fields     False     If True, then keys that aren't associated with a validator are removed
             if_key_missing          NoDefault If this is given, then any keys that aren't available but are expected will be replaced with this value (and then validated). This does not override a present .if_missing attribute on validators. NoDefault is a special FormEncode class to mean that no default values has been specified and therefore missing keys shouldn't take a default value.
             ignore_key_missing      False     If True, then missing keys will be missing in the result, if the validator doesn't have .if_missing on it already
             <name> = formencode.validators.<name of validator>
             <name> must equal form name
             list=[1,2,3,4,5]
             for SELECT use formencode.All(OneOf(list), Int())
             """
             import logging
             import formencode
             from formencode import All
             from pylons.i18n.translation import _
             from rhodecode.model import validators as v
             from rhodecode import BACKENDS
             log = logging.getLogger(__name__)
             class LoginForm(formencode.Schema):
                 allow_extra_fields = True
                 filter_extra_fields = True
                 username = v.UnicodeString(
                     strip=True,
                     min=1,
                     not_empty=True,
                     messages={
                        'empty': _(u'Please enter a login'),
                        'tooShort': _(u'Enter a value %(min)i characters long or more')}
                 )
                 password = v.UnicodeString(
                     strip=False,
                     min=3,
                     not_empty=True,
                     messages={
                         'empty': _(u'Please enter a password'),
                         'tooShort': _(u'Enter %(min)i characters or more')}
                 )
                 remember = v.StringBoolean(if_missing=False)
                 chained_validators = [v.ValidAuth()]
             def UserForm(edit=False, old_data={}):
                 class _UserForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     username = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                                    v.ValidUsername(edit, old_data))
                     if edit:
                         new_password = All(
                             v.ValidPassword(),
                             v.UnicodeString(strip=False, min=6, not_empty=False)
                         )
                         password_confirmation = All(
                             v.ValidPassword(),
                             v.UnicodeString(strip=False, min=6, not_empty=False),
                         )
                         admin = v.StringBoolean(if_missing=False)
                     else:
                         password = All(
                             v.ValidPassword(),
                             v.UnicodeString(strip=False, min=6, not_empty=True)
                         )
                         password_confirmation = All(
                             v.ValidPassword(),
                             v.UnicodeString(strip=False, min=6, not_empty=False)
                         )
                     active = v.StringBoolean(if_missing=False)
                     firstname = v.UnicodeString(strip=True, min=1, not_empty=False)
                     lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
                     email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))
                     chained_validators = [v.ValidPasswordsMatch()]
                 return _UserForm
             def UserGroupForm(edit=False, old_data={}, available_members=[]):
                 class _UserGroupForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     users_group_name = All(
                         v.UnicodeString(strip=True, min=1, not_empty=True),
                         v.ValidUserGroup(edit, old_data)
                     )
                     users_group_active = v.StringBoolean(if_missing=False)
                     if edit:
                         users_group_members = v.OneOf(
                             available_members, hideList=False, testValueList=True,
                             if_missing=None, not_empty=False
                         )
                 return _UserGroupForm
             def ReposGroupForm(edit=False, old_data={}, available_groups=[],
                                can_create_in_root=False):
                 class _ReposGroupForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     group_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                                            v.SlugifyName())
                     group_description = v.UnicodeString(strip=True, min=1,
                                                             not_empty=False)
                     if edit:
                         #FIXME: do a special check that we cannot move a group to one of
                         #it's children
                         pass
                     group_parent_id = All(v.CanCreateGroup(can_create_in_root),
                                           v.OneOf(available_groups, hideList=False,
                                                   testValueList=True,
                                                   if_missing=None, not_empty=True))
                     enable_locking = v.StringBoolean(if_missing=False)
                     chained_validators = [v.ValidReposGroup(edit, old_data)]
                 return _ReposGroupForm
             def RegisterForm(edit=False, old_data={}):
                 class _RegisterForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     username = All(
                         v.ValidUsername(edit, old_data),
                         v.UnicodeString(strip=True, min=1, not_empty=True)
                     )
                     password = All(
                         v.ValidPassword(),
                         v.UnicodeString(strip=False, min=6, not_empty=True)
                     )
                     password_confirmation = All(
                         v.ValidPassword(),
                         v.UnicodeString(strip=False, min=6, not_empty=True)
                     )
                     active = v.StringBoolean(if_missing=False)
                     firstname = v.UnicodeString(strip=True, min=1, not_empty=False)
                     lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
                     email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))
                     chained_validators = [v.ValidPasswordsMatch()]
                 return _RegisterForm
             def PasswordResetForm():
                 class _PasswordResetForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     email = All(v.ValidSystemEmail(), v.Email(not_empty=True))
                 return _PasswordResetForm
             def RepoForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),
                          repo_groups=[], landing_revs=[]):
                 class _RepoForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                                     v.SlugifyName())
                     repo_group = All(v.CanWriteGroup(old_data),
                                      v.OneOf(repo_groups, hideList=True))
                     repo_type = v.OneOf(supported_backends)
                     repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)
                     repo_private = v.StringBoolean(if_missing=False)
                     repo_landing_rev = v.OneOf(landing_revs, hideList=True)
                     clone_uri = All(v.UnicodeString(strip=True, min=1, not_empty=False))
                     repo_enable_statistics = v.StringBoolean(if_missing=False)
                     repo_enable_downloads = v.StringBoolean(if_missing=False)
                     repo_enable_locking = v.StringBoolean(if_missing=False)
                     if edit:
                         #this is repo owner
                         user = All(v.UnicodeString(not_empty=True), v.ValidRepoUser())
                     chained_validators = [v.ValidCloneUri(),
                                           v.ValidRepoName(edit, old_data)]
                 return _RepoForm
             def RepoPermsForm():
                 class _RepoPermsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     chained_validators = [v.ValidPerms(type_='repo')]
                 return _RepoPermsForm
             def RepoGroupPermsForm():
                 class _RepoGroupPermsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     recursive = v.StringBoolean(if_missing=False)
                     chained_validators = [v.ValidPerms(type_='repo_group')]
                 return _RepoGroupPermsForm
             def UserGroupPermsForm():
                 class _UserPermsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     chained_validators = [v.ValidPerms(type_='user_group')]
                 return _UserPermsForm
             def RepoFieldForm():
                 class _RepoFieldForm(formencode.Schema):
                     filter_extra_fields = True
                     allow_extra_fields = True
                     new_field_key = All(v.FieldKey(),
                                         v.UnicodeString(strip=True, min=3, not_empty=True))
                     new_field_value = v.UnicodeString(not_empty=False, if_missing='')
                     new_field_type = v.OneOf(['str', 'unicode', 'list', 'tuple'],
                                              if_missing='str')
                     new_field_label = v.UnicodeString(not_empty=False)
                     new_field_desc = v.UnicodeString(not_empty=False)
                 return _RepoFieldForm
             def RepoForkForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),
                              repo_groups=[], landing_revs=[]):
                 class _RepoForkForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                                     v.SlugifyName())
                     repo_group = All(v.CanWriteGroup(),
                                      v.OneOf(repo_groups, hideList=True))
                     repo_type = All(v.ValidForkType(old_data), v.OneOf(supported_backends))
                     description = v.UnicodeString(strip=True, min=1, not_empty=True)
                     private = v.StringBoolean(if_missing=False)
                     copy_permissions = v.StringBoolean(if_missing=False)
                     update_after_clone = v.StringBoolean(if_missing=False)
                     fork_parent_id = v.UnicodeString()
                     chained_validators = [v.ValidForkName(edit, old_data)]
                     landing_rev = v.OneOf(landing_revs, hideList=True)
                 return _RepoForkForm
             def ApplicationSettingsForm():
                 class _ApplicationSettingsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     rhodecode_title = v.UnicodeString(strip=True, min=1, not_empty=True)
                     rhodecode_realm = v.UnicodeString(strip=True, min=1, not_empty=True)
                     rhodecode_ga_code = v.UnicodeString(strip=True, min=1, not_empty=False)
                 return _ApplicationSettingsForm
             def ApplicationVisualisationForm():
                 class _ApplicationVisualisationForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     rhodecode_show_public_icon = v.StringBoolean(if_missing=False)
                     rhodecode_show_private_icon = v.StringBoolean(if_missing=False)
                     rhodecode_stylify_metatags = v.StringBoolean(if_missing=False)
                     rhodecode_repository_fields = v.StringBoolean(if_missing=False)
                     rhodecode_lightweight_journal = v.StringBoolean(if_missing=False)
                 return _ApplicationVisualisationForm
             def ApplicationUiSettingsForm():
                 class _ApplicationUiSettingsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = False
                     web_push_ssl = v.StringBoolean(if_missing=False)
                     paths_root_path = All(
                         v.ValidPath(),
                         v.UnicodeString(strip=True, min=1, not_empty=True)
                     )
                     hooks_changegroup_update = v.StringBoolean(if_missing=False)
                     hooks_changegroup_repo_size = v.StringBoolean(if_missing=False)
                     hooks_changegroup_push_logger = v.StringBoolean(if_missing=False)
                     hooks_outgoing_pull_logger = v.StringBoolean(if_missing=False)
                     extensions_largefiles = v.StringBoolean(if_missing=False)
                     extensions_hgsubversion = v.StringBoolean(if_missing=False)
                     extensions_hggit = v.StringBoolean(if_missing=False)
                 return _ApplicationUiSettingsForm
             def DefaultPermissionsForm(repo_perms_choices, group_perms_choices,
                                        user_group_perms_choices, create_choices,
                                        repo_group_create_choices, user_group_create_choices,
-                                       fork_choices, register_choices):
+                                       fork_choices, register_choices, extern_activate_choices):
                 class _DefaultPermissionsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     overwrite_default_repo = v.StringBoolean(if_missing=False)
                     overwrite_default_group = v.StringBoolean(if_missing=False)
                     overwrite_default_user_group = v.StringBoolean(if_missing=False)
                     anonymous = v.StringBoolean(if_missing=False)
                     default_repo_perm = v.OneOf(repo_perms_choices)
                     default_group_perm = v.OneOf(group_perms_choices)
                     default_user_group_perm = v.OneOf(user_group_perms_choices)
                     default_repo_create = v.OneOf(create_choices)
                     default_user_group_create = v.OneOf(user_group_create_choices)
                     #default_repo_group_create = v.OneOf(repo_group_create_choices) #not impl. yet
                     default_fork = v.OneOf(fork_choices)
                     default_register = v.OneOf(register_choices)
+                    default_extern_activate = v.OneOf(extern_activate_choices)
                 return _DefaultPermissionsForm
             def CustomDefaultPermissionsForm():
                 class _CustomDefaultPermissionsForm(formencode.Schema):
                     filter_extra_fields = True
                     allow_extra_fields = True
                     inherit_default_permissions = v.StringBoolean(if_missing=False)
                     create_repo_perm = v.StringBoolean(if_missing=False)
                     create_user_group_perm = v.StringBoolean(if_missing=False)
                     #create_repo_group_perm Impl. later
                     fork_repo_perm = v.StringBoolean(if_missing=False)
                 return _CustomDefaultPermissionsForm
             def DefaultsForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()):
                 class _DefaultsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     default_repo_type = v.OneOf(supported_backends)
                     default_repo_private = v.StringBoolean(if_missing=False)
                     default_repo_enable_statistics = v.StringBoolean(if_missing=False)
                     default_repo_enable_downloads = v.StringBoolean(if_missing=False)
                     default_repo_enable_locking = v.StringBoolean(if_missing=False)
                 return _DefaultsForm
             def LdapSettingsForm(tls_reqcert_choices, search_scope_choices,
                                  tls_kind_choices):
                 class _LdapSettingsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     #pre_validators = [LdapLibValidator]
                     ldap_active = v.StringBoolean(if_missing=False)
                     ldap_host = v.UnicodeString(strip=True,)
                     ldap_port = v.Number(strip=True,)
                     ldap_tls_kind = v.OneOf(tls_kind_choices)
                     ldap_tls_reqcert = v.OneOf(tls_reqcert_choices)
                     ldap_dn_user = v.UnicodeString(strip=True,)
                     ldap_dn_pass = v.UnicodeString(strip=True,)
                     ldap_base_dn = v.UnicodeString(strip=True,)
                     ldap_filter = v.UnicodeString(strip=True,)
                     ldap_search_scope = v.OneOf(search_scope_choices)
                     ldap_attr_login = v.AttrLoginValidator()(not_empty=True)
                     ldap_attr_firstname = v.UnicodeString(strip=True,)
                     ldap_attr_lastname = v.UnicodeString(strip=True,)
                     ldap_attr_email = v.UnicodeString(strip=True,)
                 return _LdapSettingsForm
             def UserExtraEmailForm():
                 class _UserExtraEmailForm(formencode.Schema):
                     email = All(v.UniqSystemEmail(), v.Email(not_empty=True))
                 return _UserExtraEmailForm
             def UserExtraIpForm():
                 class _UserExtraIpForm(formencode.Schema):
                     ip = v.ValidIp()(not_empty=True)
                 return _UserExtraIpForm
             def PullRequestForm(repo_id):
                 class _PullRequestForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     user = v.UnicodeString(strip=True, required=True)
                     org_repo = v.UnicodeString(strip=True, required=True)
                     org_ref = v.UnicodeString(strip=True, required=True)
                     other_repo = v.UnicodeString(strip=True, required=True)
                     other_ref = v.UnicodeString(strip=True, required=True)
                     revisions = All(#v.NotReviewedRevisions(repo_id)(),
                                     v.UniqueList(not_empty=True))
                     review_members = v.UniqueList(not_empty=True)
                     pullrequest_title = v.UnicodeString(strip=True, required=True, min=3)
                     pullrequest_desc = v.UnicodeString(strip=True, required=False)
                     ancestor_rev = v.UnicodeString(strip=True, required=True)
                     merge_rev = v.UnicodeString(strip=True, required=True)
                 return _PullRequestForm

rhodecode/model/permission.py

0 +2 -1

             # -*- coding: utf-8 -*-
             """
                 rhodecode.model.permission
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~
                 permissions model for RhodeCode
                 :created_on: Aug 20, 2010
                 :author: marcink
                 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import logging
             import traceback
             from sqlalchemy.exc import DatabaseError
             from rhodecode.model import BaseModel
             from rhodecode.model.db import User, Permission, UserToPerm, UserRepoToPerm,\
                 UserRepoGroupToPerm, UserUserGroupToPerm
             from rhodecode.lib.utils2 import str2bool
             log = logging.getLogger(__name__)
             class PermissionModel(BaseModel):
                 """
                 Permissions model for RhodeCode
                 """
                 cls = Permission
                 def create_permissions(self):
                     """
                     Create permissions for whole system
                     """
                     for p in Permission.PERMS:
                         if not Permission.get_by_key(p[0]):
                             new_perm = Permission()
                             new_perm.permission_name = p[0]
                             new_perm.permission_longname = p[0]  #translation err with p[1]
                             self.sa.add(new_perm)
                 def create_default_permissions(self, user):
                     """
                     Creates only missing default permissions for user
                     :param user:
                     """
                     user = self._get_user(user)
                     def _make_perm(perm):
                         new_perm = UserToPerm()
                         new_perm.user = user
                         new_perm.permission = Permission.get_by_key(perm)
                         return new_perm
                     def _get_group(perm_name):
                         return '.'.join(perm_name.split('.')[:1])
                     perms = UserToPerm.query().filter(UserToPerm.user == user).all()
                     defined_perms_groups = map(_get_group,
                                             (x.permission.permission_name for x in perms))
                     log.debug('GOT ALREADY DEFINED:%s' % perms)
                     DEFAULT_PERMS = Permission.DEFAULT_USER_PERMISSIONS
                     # for every default permission that needs to be created, we check if
                     # it's group is already defined, if it's not we create default perm
                     for perm_name in DEFAULT_PERMS:
                         gr = _get_group(perm_name)
                         if gr not in defined_perms_groups:
                             log.debug('GR:%s not found, creating permission %s'
                                       % (gr, perm_name))
                             new_perm = _make_perm(perm_name)
                             self.sa.add(new_perm)
                 def update(self, form_result):
                     perm_user = User.get_by_username(username=form_result['perm_user_name'])
                     try:
                         # stage 1 set anonymous access
                         if perm_user.username == 'default':
                             perm_user.active = str2bool(form_result['anonymous'])
                             self.sa.add(perm_user)
                         # stage 2 reset defaults and set them from form data
                         def _make_new(usr, perm_name):
                             log.debug('Creating new permission:%s' % (perm_name))
                             new = UserToPerm()
                             new.user = usr
                             new.permission = Permission.get_by_key(perm_name)
                             return new
                         # clear current entries, to make this function idempotent
                         # it will fix even if we define more permissions or permissions
                         # are somehow missing
                         u2p = self.sa.query(UserToPerm)\
                             .filter(UserToPerm.user == perm_user)\
                             .all()
                         for p in u2p:
                             self.sa.delete(p)
                         #create fresh set of permissions
                         for def_perm_key in ['default_repo_perm', 'default_group_perm',
                                              'default_user_group_perm',
                                              'default_repo_create',
                                              #'default_repo_group_create', #not implemented yet
                                              'default_user_group_create',
-                                             'default_fork', 'default_register']:
+                                             'default_fork', 'default_register',
+                                             'default_extern_activate']:
                             p = _make_new(perm_user, form_result[def_perm_key])
                             self.sa.add(p)
                         #stage 3 update all default permissions for repos if checked
                         if form_result['overwrite_default_repo'] == True:
                             _def_name = form_result['default_repo_perm'].split('repository.')[-1]
                             _def = Permission.get_by_key('repository.' + _def_name)
                             # repos
                             for r2p in self.sa.query(UserRepoToPerm)\
                                            .filter(UserRepoToPerm.user == perm_user)\
                                            .all():
                                 #don't reset PRIVATE repositories
                                 if not r2p.repository.private:
                                     r2p.permission = _def
                                     self.sa.add(r2p)
                         if form_result['overwrite_default_group'] == True:
                             _def_name = form_result['default_group_perm'].split('group.')[-1]
                             # groups
                             _def = Permission.get_by_key('group.' + _def_name)
                             for g2p in self.sa.query(UserRepoGroupToPerm)\
                                            .filter(UserRepoGroupToPerm.user == perm_user)\
                                            .all():
                                 g2p.permission = _def
                                 self.sa.add(g2p)
                         if form_result['overwrite_default_user_group'] == True:
                             _def_name = form_result['default_user_group_perm'].split('usergroup.')[-1]
                             # groups
                             _def = Permission.get_by_key('usergroup.' + _def_name)
                             for g2p in self.sa.query(UserUserGroupToPerm)\
                                            .filter(UserUserGroupToPerm.user == perm_user)\
                                            .all():
                                 g2p.permission = _def
                                 self.sa.add(g2p)
                         self.sa.commit()
                     except (DatabaseError,):
                         log.error(traceback.format_exc())
                         self.sa.rollback()
                         raise

rhodecode/templates/admin/permissions/permissions.html

0 +8 0

             ## -*- coding: utf-8 -*-
             <%inherit file="/base/base.html"/>
             <%def name="title()">
                 ${_('Permissions administration')} &middot; ${c.rhodecode_name}
             </%def>
             <%def name="breadcrumbs_links()">
                 ${h.link_to(_('Admin'),h.url('admin_home'))}
                 &raquo;
                 ${_('Permissions')}
             </%def>
             <%def name="page_nav()">
                 ${self.menu('admin')}
             </%def>
             <%def name="main()">
             <div class="box box-left">
                 <!-- box / title -->
                 <div class="title">
                     ${self.breadcrumbs()}
                 </div>
                 <h3>${_('Default permissions')}</h3>
                 ${h.form(url('permission', id='default'),method='put')}
                 <div class="form">
                     <!-- fields -->
                     <div class="fields">
                         <div class="field">
                             <div class="label label-checkbox">
                                 <label for="anonymous">${_('Anonymous access')}:</label>
                             </div>
                             <div class="checkboxes">
                                 <div class="checkbox">
                                     ${h.checkbox('anonymous',True)}
                                 </div>
                             </div>
                         </div>
                         <div class="field">
                             <div class="label">
                                 <label for="default_repo_perm">${_('Repository')}:</label>
                             </div>
                             <div class="select">
                                 ${h.select('default_repo_perm','',c.repo_perms_choices)}
                                 ${h.checkbox('overwrite_default_repo','true')}
                                 <label for="overwrite_default_repo">
                                 <span class="tooltip"
                                 title="${h.tooltip(_('All default permissions on each repository will be reset to chosen permission, note that all custom default permission on repositories will be lost'))}">
                                 ${_('Overwrite existing settings')}</span> </label>
                             </div>
                         </div>
                         <div class="field">
                             <div class="label">
                                 <label for="default_group_perm">${_('Repository group')}:</label>
                             </div>
                             <div class="select">
                                 ${h.select('default_group_perm','',c.group_perms_choices)}
                                 ${h.checkbox('overwrite_default_group','true')}
                                 <label for="overwrite_default_group">
                                 <span class="tooltip"
                                 title="${h.tooltip(_('All default permissions on each repository group will be reset to chosen permission, note that all custom default permission on repository groups will be lost'))}">
                                 ${_('Overwrite existing settings')}</span> </label>
                             </div>
                         </div>
                         <div class="field">
                             <div class="label">
                                 <label for="default_group_perm">${_('User group')}:</label>
                             </div>
                             <div class="select">
                                 ${h.select('default_user_group_perm','',c.user_group_perms_choices)}
                                 ${h.checkbox('overwrite_default_user_group','true')}
                                 <label for="overwrite_default_user_group">
                                 <span class="tooltip"
                                 title="${h.tooltip(_('All default permissions on each user group will be reset to chosen permission, note that all custom default permission on repository groups will be lost'))}">
                                 ${_('Overwrite existing settings')}</span> </label>
                             </div>
                         </div>
                          <div class="field">
                             <div class="label">
                                 <label for="default_repo_create">${_('Repository creation')}:</label>
                             </div>
                             <div class="select">
                                 ${h.select('default_repo_create','',c.repo_create_choices)}
                             </div>
                          </div>
                          <div class="field">
                             <div class="label">
                                 <label for="default_user_group_create">${_('User group creation')}:</label>
                             </div>
                             <div class="select">
                                 ${h.select('default_user_group_create','',c.user_group_create_choices)}
                             </div>
                          </div>
                          <div class="field">
                             <div class="label">
                                 <label for="default_fork">${_('Repository forking')}:</label>
                             </div>
                             <div class="select">
                                 ${h.select('default_fork','',c.fork_choices)}
                             </div>
                          </div>
                          <div class="field">
                             <div class="label">
                                 <label for="default_register">${_('Registration')}:</label>
                             </div>
                             <div class="select">
                                 ${h.select('default_register','',c.register_choices)}
                             </div>
                          </div>
+                         <div class="field">
+                            <div class="label">
+                                <label for="default_extern_activate">${_('External auth account activation')}:</label>
+                            </div>
+                            <div class="select">
+                                ${h.select('default_extern_activate','',c.extern_activate_choices)}
+                            </div>
+                         </div>
                         <div class="buttons">
                           ${h.submit('save',_('Save'),class_="ui-btn large")}
                           ${h.reset('reset',_('Reset'),class_="ui-btn large")}
                         </div>
                     </div>
                 </div>
                 ${h.end_form()}
             </div>
             <div style="min-height:780px" class="box box-right">
                 <!-- box / title -->
                 <div class="title">
                     <h5>${_('Default User Permissions')}</h5>
                 </div>
                 ## permissions overview
                 <%namespace name="p" file="/base/perms_summary.html"/>
                 ${p.perms_summary(c.perm_user.permissions)}
             </div>
             <div class="box box-left" style="clear:left">
                 <!-- box / title -->
                 <div class="title">
                     <h5>${_('Allowed IP addresses')}</h5>
                 </div>
                 <div class="ips_wrap">
                   <table class="noborder">
                   %if c.user_ip_map:
                     %for ip in c.user_ip_map:
                       <tr>
                           <td><div class="ip">${ip.ip_addr}</div></td>
                           <td><div class="ip">${h.ip_range(ip.ip_addr)}</div></td>
                           <td>
                             ${h.form(url('user_ips_delete', id=c.user.user_id),method='delete')}
                                 ${h.hidden('del_ip',ip.ip_id)}
                                 ${h.hidden('default_user', 'True')}
                                 ${h.submit('remove_',_('delete'),id="remove_ip_%s" % ip.ip_id,
                                 class_="delete_icon action_button", onclick="return confirm('"+_('Confirm to delete this ip: %s') % ip.ip_addr+"');")}
                             ${h.end_form()}
                           </td>
                       </tr>
                     %endfor
                    %else:
                     <tr><td><div class="ip">${_('All IP addresses are allowed')}</div></td></tr>
                    %endif
                   </table>
                 </div>
                 ${h.form(url('user_ips', id=c.user.user_id),method='put')}
                 <div class="form">
                     <!-- fields -->
                     <div class="fields">
                          <div class="field">
                             <div class="label">
                                 <label for="new_ip">${_('New ip address')}:</label>
                             </div>
                             <div class="input">
                                 ${h.hidden('default_user', 'True')}
                                 ${h.text('new_ip', class_='medium')}
                             </div>
                          </div>
                         <div class="buttons">
                           ${h.submit('save',_('Add'),class_="ui-btn large")}
                           ${h.reset('reset',_('Reset'),class_="ui-btn large")}
                         </div>
                     </div>
                 </div>
                 ${h.end_form()}
             </div>
             </%def>

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages