'should start with %s' % (permid, prefix))

    return perm

def get_gist_or_error(gistid):

    """

    Get gist by id or gist_access_id or return JsonRPCError if not found

    """

    gist = GistModel().get_gist(gistid)

    if gist is None:

        raise JSONRPCError('gist `%s` does not exist' % (gistid,))

    return gist

class ApiController(JSONRPCController):

    """

    API Controller

    The authenticated user can be found as request.authuser.

    Example function::

        def func(arg1, arg2,...):

            pass

    Each function should also **raise** JSONRPCError for any

    errors that happens.

    """

    @HasPermissionAnyDecorator('hg.admin')

    def test(self, args):

        return args

    @HasPermissionAnyDecorator('hg.admin')

    def pull(self, repoid, clone_uri=None):

        """

        Triggers a pull from remote location on given repo. Can be used to

        automatically keep remote repos up to date. This command can be executed

        only using api_key belonging to user with admin rights

        OUTPUT::

            id : <id_given_in_input>

            result : {

                "msg" : "Pulled from `<repository name>`",

                "repository" : "<repository name>"

            }

            error : null

        """

        repo = get_repo_or_error(repoid)

        try:

            ScmModel().pull_changes(repo.repo_name,

                                    request.authuser.username,

                                    request.ip_addr,

                                    clone_uri=clone_uri)

            return dict(

                msg='Pulled from `%s`' % repo.repo_name,

                repository=repo.repo_name

            )

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError(

                'Unable to pull changes from `%s`' % repo.repo_name

            )

    @HasPermissionAnyDecorator('hg.admin')

    def rescan_repos(self, remove_obsolete=False):

        """

        Triggers rescan repositories action. If remove_obsolete is set

        than also delete repos that are in database but not in the filesystem.

        aka "clean zombies". This command can be executed only using api_key

        belonging to user with admin rights.

        OUTPUT::

            id : <id_given_in_input>

            result : {

                'added': [<added repository name>,...]

                'removed': [<removed repository name>,...]

            }

            error : null

        """

        try:

            rm_obsolete = remove_obsolete

            added, removed = repo2db_mapper(ScmModel().repo_scan(),

                                            remove_obsolete=rm_obsolete)

            return {'added': added, 'removed': removed}

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError(

                'Error occurred during rescan repositories action'

            )

    def invalidate_cache(self, repoid):

        """

        Invalidate cache for repository.

        This command can be executed only using api_key belonging to user with admin

        rights or regular user that have write or admin or write access to repository.

        OUTPUT::

            id : <id_given_in_input>

            result : {

                'msg': Cache for repository `<repository name>` was invalidated,

                'repository': <repository name>

            }

            error : null

        """

        repo = get_repo_or_error(repoid)

        if not HasPermissionAny('hg.admin')():

            if not HasRepoPermissionLevel('write')(repo.repo_name):

                raise JSONRPCError('repository `%s` does not exist' % (repoid,))

        try:

            ScmModel().mark_for_invalidation(repo.repo_name)

            return dict(

                msg='Cache for repository `%s` was invalidated' % (repoid,),

                repository=repo.repo_name

            )

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError(

                'Error occurred during cache invalidation action'

            )

    @HasPermissionAnyDecorator('hg.admin')

    def get_ip(self, userid=None):

        """

        Shows IP address as seen from Kallithea server, together with all

        defined IP addresses for given user. If userid is not passed data is

        returned for user who's calling this function.

        This command can be executed only using api_key belonging to user with

        admin rights.

        OUTPUT::

            id : <id_given_in_input>

            result : {

                         "server_ip_addr" : "<ip_from_client>",

                         "user_ips" : [

                                        {

                                           "ip_addr" : "<ip_with_mask>",

                                           "ip_range" : ["<start_ip>", "<end_ip>"]

                                        },

                                        ...

                                      ]

            }

            error : null

        """

        if userid is None:

            userid = request.authuser.user_id

        user = get_user_or_error(userid)

        ips = db.UserIpMap.query().filter(db.UserIpMap.user == user).all()

        return dict(

            server_ip_addr=request.ip_addr,

                    'userid is not the same as your user'

                )

        if userid is None:

            userid = request.authuser.user_id

        user = get_user_or_error(userid)

        data = user.get_api_data()

        data['permissions'] = AuthUser(user_id=user.user_id).permissions

        return data

    @HasPermissionAnyDecorator('hg.admin')

    def get_users(self):

        """

        Lists all existing users. This command can be executed only using api_key

        belonging to user with admin rights.

        OUTPUT::

            id : <id_given_in_input>

            result : [<user_object>, ...]

            error : null

        """

        return [

            user.get_api_data()

            for user in db.User.query()

                .order_by(db.User.username)

                .filter_by(is_default_user=False)

        ]

    @HasPermissionAnyDecorator('hg.admin')

    def create_user(self, username, email, password='',

                    firstname='', lastname='',

                    active=True, admin=False,

                    extern_type=db.User.DEFAULT_AUTH_TYPE,

                    extern_name=''):

        """

        Creates new user. Returns new user object. This command can

        be executed only using api_key belonging to user with admin rights.

        OUTPUT::

            id : <id_given_in_input>

            result : {

                      "msg" : "created new user `<username>`",

                      "user" : <user_obj>

                     }

            error : null

        """

        if db.User.get_by_username(username):

            raise JSONRPCError("user `%s` already exist" % (username,))

        if db.User.get_by_email(email):

            raise JSONRPCError("email `%s` already exist" % (email,))

        try:

            user = UserModel().create_or_update(

                username=username,

                password=password,

                email=email,

                firstname=firstname,

                lastname=lastname,

                active=active,

                admin=admin,

                extern_type=extern_type,

                extern_name=extern_name

            )

            meta.Session().commit()

            return dict(

                msg='created new user `%s`' % username,

                user=user.get_api_data()

            )

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError('failed to create user `%s`' % (username,))

    @HasPermissionAnyDecorator('hg.admin')

    def update_user(self, userid, username=None,

                    email=None, password=None,

                    firstname=None, lastname=None,

                    active=None, admin=None,

                    extern_type=None, extern_name=None):

        """

        updates given user if such user exists. This command can

        be executed only using api_key belonging to user with admin rights.

        OUTPUT::

            id : <id_given_in_input>

            result : {

                      "msg" : "updated user ID:<userid> <username>",

                      "user" : <user_object>

                     }

            error : null

        """

        user = get_user_or_error(userid)

        # only non optional arguments will be stored in updates

        updates = {}

        try:

            store_update(updates, username, 'username')

            store_update(updates, password, 'password')

            store_update(updates, email, 'email')

            store_update(updates, firstname, 'name')

            store_update(updates, lastname, 'lastname')

            store_update(updates, active, 'active')

            store_update(updates, admin, 'admin')

            store_update(updates, extern_name, 'extern_name')

            store_update(updates, extern_type, 'extern_type')

            user = UserModel().update_user(user, **updates)

            meta.Session().commit()

            return dict(

                msg='updated user ID:%s %s' % (user.user_id, user.username),

                user=user.get_api_data()

            )

        except DefaultUserException:

            log.error(traceback.format_exc())

            raise JSONRPCError('editing default user is forbidden')

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError('failed to update user `%s`' % (userid,))

    @HasPermissionAnyDecorator('hg.admin')

    def delete_user(self, userid):

        """

        deletes given user if such user exists. This command can

        be executed only using api_key belonging to user with admin rights.

        OUTPUT::

            id : <id_given_in_input>

            result : {

                      "msg" : "deleted user ID:<userid> <username>",

                      "user" : null

                     }

            error : null

        """

        user = get_user_or_error(userid)

        try:

            UserModel().delete(userid)

            meta.Session().commit()

            return dict(

                msg='deleted user ID:%s %s' % (user.user_id, user.username),

                user=None

            )

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError('failed to delete user ID:%s %s'

                               % (user.user_id, user.username))

    # permission check inside

    def get_user_group(self, usergroupid):

        """

        Gets an existing user group. This command can be executed only using api_key

        belonging to user with admin rights or user who has at least

        read access to user group.

        OUTPUT::

            id : <id_given_in_input>

            result : None if group not exist

                     {

                       "users_group_id" : "<id>",

                       "group_name" :     "<groupname>",

                       "group_description" : "<description>",

                       "active" :         "<bool>",

                       "owner" :          "<username>",

                       "members" :        [<user_obj>,...]

                     }

            error : null

        """

        user_group = get_user_group_or_error(usergroupid)

        if not HasPermissionAny('hg.admin')():

            if not HasUserGroupPermissionLevel('read')(user_group.users_group_name):

                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

        data = user_group.get_api_data()

        return data

    # permission check inside

    def get_user_groups(self):

        """

        Lists all existing user groups. This command can be executed only using

        api_key belonging to user with admin rights or user who has at least

        read access to user group.

        OUTPUT::

            id : <id_given_in_input>

            result : [<user_group_obj>,...]

            error : null

        """

        return [

            user_group.get_api_data()

            for user_group in UserGroupList(db.UserGroup.query().all(), perm_level='read')

        ]

    @HasPermissionAnyDecorator('hg.admin', 'hg.usergroup.create.true')

    def create_user_group(self, group_name, description='',

                          owner=None, active=True):

        """

        Creates new user group. This command can be executed only using api_key

        belonging to user with admin rights or an user who has create user group

        permission

        OUTPUT::

            id : <id_given_in_input>

            result : {

                      "msg" : "created new user group `<groupname>`",

                      "user_group" : <user_group_object>

                     }

            error : null

        """

        if UserGroupModel().get_by_name(group_name):

            raise JSONRPCError("user group `%s` already exist" % (group_name,))

        try:

            if owner is None:

                owner = request.authuser.user_id

            owner = get_user_or_error(owner)

            ug = UserGroupModel().create(name=group_name, description=description,

                                         owner=owner, active=active)

            meta.Session().commit()

            return dict(

                msg='created new user group `%s`' % group_name,

                user_group=ug.get_api_data()

            )

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError('failed to create group `%s`' % (group_name,))

    # permission check inside

    def update_user_group(self, usergroupid, group_name=None,

                          description=None, owner=None,

                          active=None):

        """

        Updates given usergroup.  This command can be executed only using api_key

        belonging to user with admin rights or an admin of given user group

        OUTPUT::

          id : <id_given_in_input>

          result : {

            "msg" : 'updated user group ID:<user group id> <user group name>',

            "user_group" : <user_group_object>

          }

          error : null

        """

        user_group = get_user_group_or_error(usergroupid)

        if not HasPermissionAny('hg.admin')():

            if not HasUserGroupPermissionLevel('admin')(user_group.users_group_name):

                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

        if owner is not None:

            owner = get_user_or_error(owner)

        updates = {}

        store_update(updates, group_name, 'users_group_name')

        store_update(updates, description, 'user_group_description')

        store_update(updates, owner, 'owner')

        store_update(updates, active, 'users_group_active')

        try:

            UserGroupModel().update(user_group, updates)

            meta.Session().commit()

            return dict(

                msg='updated user group ID:%s %s' % (user_group.users_group_id,

                                                     user_group.users_group_name),

                user_group=user_group.get_api_data()

            )

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError('failed to update user group `%s`' % (usergroupid,))

    # permission check inside

    def delete_user_group(self, usergroupid):

        """

        Delete given user group by user group id or name.

        This command can be executed only using api_key

        belonging to user with admin rights or an admin of given user group

        OUTPUT::

          id : <id_given_in_input>

          result : {

            "msg" : "deleted user group ID:<user_group_id> <user_group_name>"

          }

          error : null

        """

        user_group = get_user_group_or_error(usergroupid)

        if not HasPermissionAny('hg.admin')():

            if not HasUserGroupPermissionLevel('admin')(user_group.users_group_name):

                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

        try:

            UserGroupModel().delete(user_group)

            meta.Session().commit()

            return dict(

                msg='deleted user group ID:%s %s' %

                    (user_group.users_group_id, user_group.users_group_name),

                user_group=None

            )

        except UserGroupsAssignedException as e:

            log.error(traceback.format_exc())

            raise JSONRPCError(str(e))

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError('failed to delete user group ID:%s %s' %

                               (user_group.users_group_id,

                                user_group.users_group_name)

                               )

    # permission check inside

    def add_user_to_user_group(self, usergroupid, userid):

        """

        Adds a user to a user group. If user exists in that group success will be

        `false`. This command can be executed only using api_key

        belonging to user with admin rights or an admin of a given user group

        OUTPUT::

            id : <id_given_in_input>

            result : {

                "success" : True|False # depends on if member is in group

                "msg" : "added member `<username>` to a user group `<groupname>` |

                         User is already in that group"

            }

            error : null

        """

        user = get_user_or_error(userid)

        user_group = get_user_group_or_error(usergroupid)

        if not HasPermissionAny('hg.admin')():

            if not HasUserGroupPermissionLevel('admin')(user_group.users_group_name):

                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

        try:

            ugm = UserGroupModel().add_user_to_group(user_group, user)

            success = True if ugm is not True else False

            msg = 'added member `%s` to user group `%s`' % (

                user.username, user_group.users_group_name

            )

            msg = msg if success else 'User is already in that group'

            meta.Session().commit()

            return dict(

                success=success,

                msg=msg

            )

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError(

                'failed to add member to user group `%s`' % (

                    user_group.users_group_name,

                )

            )

    # permission check inside

    def remove_user_from_user_group(self, usergroupid, userid):

        """

        Removes a user from a user group. If user is not in given group success will

        be `false`. This command can be executed only

        using api_key belonging to user with admin rights or an admin of given user group

        OUTPUT::

            id : <id_given_in_input>

            result : {

                      "success" : True|False,  # depends on if member is in group

                      "msg" : "removed member <username> from user group <groupname> |

                               User wasn't in group"

                     }

            error : null

        """

        user = get_user_or_error(userid)

        user_group = get_user_group_or_error(usergroupid)

        if not HasPermissionAny('hg.admin')():

        if not HasPermissionAny('hg.admin')():

            if not HasRepoPermissionLevel('read')(repo.repo_name):

                raise JSONRPCError('repository `%s` does not exist' % (repoid,))

        _map = {}

        try:

            _d, _f = ScmModel().get_nodes(repo, revision, root_path,

                                          flat=False)

            _map = {

                'all': _d + _f,

                'files': _f,

                'dirs': _d,

            }

            return _map[ret_type]

        except KeyError:

            raise JSONRPCError('ret_type must be one of %s'

                               % (','.join(sorted(_map))))

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError(

                'failed to get repo: `%s` nodes' % repo.repo_name

            )

    # permission check inside

    def create_repo(self, repo_name, owner=None,

                    repo_type=None, description='',

                    private=False, clone_uri=None,

                    landing_rev='rev:tip',

                    enable_statistics=None,

                    enable_downloads=None,

                    copy_permissions=False):

        """

        Creates a repository. The repository name contains the full path, but the

        parent repository group must exist. For example "foo/bar/baz" require the groups

        "foo" and "bar" (with "foo" as parent), and create "baz" repository with

        "bar" as group. This command can be executed only using api_key

        belonging to user with admin rights or regular user that have create

        repository permission. Regular users cannot specify owner parameter

        OUTPUT::

            id : <id_given_in_input>

            result : {

                      "msg" : "Created new repository `<reponame>`",

                      "success" : true

                     }

            error : null

        """

        group_name = None

        repo_name_parts = repo_name.split('/')

        if len(repo_name_parts) > 1:

            group_name = '/'.join(repo_name_parts[:-1])

            repo_group = db.RepoGroup.get_by_group_name(group_name)

            if repo_group is None:

                raise JSONRPCError("repo group `%s` not found" % group_name)

            if not(HasPermissionAny('hg.admin')() or HasRepoGroupPermissionLevel('write')(group_name)):

                raise JSONRPCError("no permission to create repo in %s" % group_name)

        else:

            if not HasPermissionAny('hg.admin', 'hg.create.repository')():

                raise JSONRPCError("no permission to create top level repo")

        if not HasPermissionAny('hg.admin')():

            if owner is not None:

                # forbid setting owner for non-admins

                raise JSONRPCError(

                    'Only Kallithea admin can specify `owner` param'

                )

        if owner is None:

            owner = request.authuser.user_id

        owner = get_user_or_error(owner)

        if RepoModel().get_by_repo_name(repo_name):

            raise JSONRPCError("repo `%s` already exist" % repo_name)

        defs = db.Setting.get_default_repo_settings(strip_prefix=True)

        if private is None:

            private = defs.get('repo_private') or False

        if repo_type is None:

            repo_type = defs.get('repo_type')

        if enable_statistics is None:

            enable_statistics = defs.get('repo_enable_statistics')

        if enable_downloads is None:

            enable_downloads = defs.get('repo_enable_downloads')

        try:

            data = dict(

                repo_name=repo_name_parts[-1],

                repo_name_full=repo_name,

                repo_type=repo_type,

                repo_description=description,

                repo_private=private,

                clone_uri=clone_uri,

                repo_group=group_name,

                repo_landing_rev=landing_rev,

    def revoke_user_permission(self, repoid, userid):

        """

        Revoke permission for user on given repository. This command can be executed

        only using api_key belonging to user with admin rights.

        OUTPUT::

            id : <id_given_in_input>

            result : {

                      "msg" : "Revoked perm for user: `<username>` in repo: `<reponame>`",

                      "success" : true

                     }

            error : null

        """

        repo = get_repo_or_error(repoid)

        user = get_user_or_error(userid)

        try:

            RepoModel().revoke_user_permission(repo=repo, user=user)

            meta.Session().commit()

            return dict(

                msg='Revoked perm for user: `%s` in repo: `%s`' % (

                    user.username, repo.repo_name

                ),

                success=True

            )

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError(

                'failed to edit permission for user: `%s` in repo: `%s`' % (

                    userid, repoid

                )

            )

    # permission check inside

    def grant_user_group_permission(self, repoid, usergroupid, perm):

        """

        Grant permission for user group on given repository, or update

        existing one if found. This command can be executed only using

        api_key belonging to user with admin rights.

        OUTPUT::

            id : <id_given_in_input>

            result : {

                "msg" : "Granted perm: `<perm>` for group: `<usersgroupname>` in repo: `<reponame>`",

                "success" : true

            }

            error : null

        """

        repo = get_repo_or_error(repoid)

        perm = get_perm_or_error(perm)

        user_group = get_user_group_or_error(usergroupid)

        if not HasPermissionAny('hg.admin')():

            if not HasRepoPermissionLevel('admin')(repo.repo_name):

                raise JSONRPCError('repository `%s` does not exist' % (repoid,))

            if not HasUserGroupPermissionLevel('read')(user_group.users_group_name):

                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

        try:

            RepoModel().grant_user_group_permission(

                repo=repo, group_name=user_group, perm=perm)

            meta.Session().commit()

            return dict(

                msg='Granted perm: `%s` for user group: `%s` in '

                    'repo: `%s`' % (

                        perm.permission_name, user_group.users_group_name,

                        repo.repo_name

                    ),

                success=True

            )

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError(

                'failed to edit permission for user group: `%s` in '

                'repo: `%s`' % (

                    usergroupid, repo.repo_name

                )

            )

    # permission check inside

    def revoke_user_group_permission(self, repoid, usergroupid):

        """

        Revoke permission for user group on given repository. This command can be

        executed only using api_key belonging to user with admin rights.

        OUTPUT::

            id : <id_given_in_input>

            result : {

                      "msg" : "Revoked perm for group: `<usersgroupname>` in repo: `<reponame>`",

                      "success" : true

                     }

            error : null

        """

            user_data = {

                'name': user.username,

                'type': "user",

                'permission': perm

            }

            members.append(user_data)

        for user_group in repo_group.users_group_to_perm:

            perm = user_group.permission.permission_name

            user_group = user_group.users_group

            user_group_data = {

                'name': user_group.users_group_name,

                'type': "user_group",

                'permission': perm

            }

            members.append(user_group_data)

        data = repo_group.get_api_data()

        data["members"] = members

        return data

    @HasPermissionAnyDecorator('hg.admin')

    def get_repo_groups(self):

        """

        Returns all repository groups

        """

        return [

            repo_group.get_api_data()

            for repo_group in db.RepoGroup.query()

        ]

    @HasPermissionAnyDecorator('hg.admin')

    def create_repo_group(self, group_name, description='',

                          owner=None,

                          parent=None,

                          copy_permissions=False):

        """

        Creates a repository group. This command can be executed only using

        api_key belonging to user with admin rights.