user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

    ip_addr = Column(String(255), nullable=False)

    active = Column(Boolean(), nullable=False, default=True)

    user = relationship('User')

    @classmethod

    def _get_ip_range(cls, ip_addr):

        net = ipaddr.IPNetwork(address=ip_addr)

        return [str(net.network), str(net.broadcast)]

    def __json__(self):

        return dict(

          ip_addr=self.ip_addr,

          ip_range=self._get_ip_range(self.ip_addr)

        )

    def __repr__(self):

        return "<%s %s: %s>" % (self.__class__.__name__, self.user_id, self.ip_addr)

class UserLog(meta.Base, BaseDbModel):

    __tablename__ = 'user_logs'

    __table_args__ = (

        _table_args_default_dict,

    )

    user_log_id = Column(Integer(), primary_key=True)

    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=True)

    username = Column(String(255), nullable=False)

    repository_id = Column(Integer(), ForeignKey('repositories.repo_id'), nullable=True)

    repository_name = Column(Unicode(255), nullable=False)

    user_ip = Column(String(255), nullable=True)

    action = Column(UnicodeText(), nullable=False)

    action_date = Column(DateTime(timezone=False), nullable=False)

    def __repr__(self):

        return "<%s %r: %r>" % (self.__class__.__name__,

                                  self.repository_name,

                                  self.action)

    @property

    def action_as_day(self):

        return datetime.date(*self.action_date.timetuple()[:3])

    user = relationship('User')

    repository = relationship('Repository', cascade='')

class UserGroup(meta.Base, BaseDbModel):

    __tablename__ = 'users_groups'

    __table_args__ = (

        _table_args_default_dict,

    )

    users_group_id = Column(Integer(), primary_key=True)

    users_group_name = Column(Unicode(255), nullable=False, unique=True)

    user_group_description = Column(Unicode(10000), nullable=True) # FIXME: not nullable?

    users_group_active = Column(Boolean(), nullable=False)

    owner_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)

    created_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    _group_data = Column("group_data", LargeBinary(), nullable=True)  # JSON data # FIXME: not nullable?

    members = relationship('UserGroupMember', cascade="all, delete-orphan")

    users_group_to_perm = relationship('UserGroupToPerm', cascade='all')

    users_group_repo_to_perm = relationship('UserGroupRepoToPerm', cascade='all')

    users_group_repo_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')

    user_user_group_to_perm = relationship('UserUserGroupToPerm', cascade='all')

    user_group_user_group_to_perm = relationship('UserGroupUserGroupToPerm', primaryjoin="UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id", cascade='all')

    owner = relationship('User')

    @hybrid_property

    def group_data(self):

        if not self._group_data:

            return {}

        try:

            return ext_json.loads(self._group_data)

        except TypeError:

            return {}

    @group_data.setter

    def group_data(self, val):

        try:

            self._group_data = ascii_bytes(ext_json.dumps(val))

        except Exception:

            log.error(traceback.format_exc())

    def __repr__(self):

        return "<%s %s: %r>" % (self.__class__.__name__,

                                  self.users_group_id,

                                  self.users_group_name)

    @classmethod

    def guess_instance(cls, value):

        return super(UserGroup, cls).guess_instance(value, UserGroup.get_by_group_name)

    @classmethod

    def get_by_group_name(cls, group_name, case_insensitive=False):

        if case_insensitive:

            q = cls.query().filter(sqlalchemy.func.lower(cls.users_group_name) == sqlalchemy.func.lower(group_name))

        else:

            q = cls.query().filter(cls.users_group_name == group_name)

        return q.scalar()

    @classmethod

    def get(cls, user_group_id):

        user_group = cls.query()

        return user_group.get(user_group_id)

    def get_api_data(self, with_members=True):

        user_group = self

        data = dict(

            users_group_id=user_group.users_group_id,

            group_name=user_group.users_group_name,

            group_description=user_group.user_group_description,

            active=user_group.users_group_active,

            owner=user_group.owner.username,

        )

        if with_members:

            data['members'] = [

                ugm.user.get_api_data()

                for ugm in user_group.members

            ]

        return data

class UserGroupMember(meta.Base, BaseDbModel):

    __tablename__ = 'users_groups_members'

    __table_args__ = (

        _table_args_default_dict,

    )

    users_group_member_id = Column(Integer(), primary_key=True)

    users_group_id = Column(Integer(), ForeignKey('users_groups.users_group_id'), nullable=False)

    user_id = Column(Integer(), ForeignKey('users.user_id'), nullable=False)

    user = relationship('User')

    users_group = relationship('UserGroup')

    def __init__(self, gr_id='', u_id=''):

        self.users_group_id = gr_id

        self.user_id = u_id

class RepositoryField(meta.Base, BaseDbModel):

    __tablename__ = 'repositories_fields'

    __table_args__ = (

        UniqueConstraint('repository_id', 'field_key'),  # no-multi field

        _table_args_default_dict,

    )

    PREFIX = 'ex_'  # prefix used in form to not conflict with already existing fields

    repo_field_id = Column(Integer(), primary_key=True)

    repository_id = Column(Integer(), ForeignKey('repositories.repo_id'), nullable=False)

    field_key = Column(String(250), nullable=False)

    field_label = Column(String(1024), nullable=False)

    field_value = Column(String(10000), nullable=False)

    field_desc = Column(String(1024), nullable=False)

    field_type = Column(String(255), nullable=False)

    created_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    repository = relationship('Repository')

    @property

    def field_key_prefixed(self):

        return 'ex_%s' % self.field_key

    @classmethod

    def un_prefix_key(cls, key):

        if key.startswith(cls.PREFIX):

            return key[len(cls.PREFIX):]

        return key

    @classmethod

    def get_by_key_name(cls, key, repo):

        row = cls.query() \

                .filter(cls.repository == repo) \

                .filter(cls.field_key == key).scalar()

        return row

class Repository(meta.Base, BaseDbModel):

    __tablename__ = 'repositories'

    __table_args__ = (

        Index('r_repo_name_idx', 'repo_name'),

        _table_args_default_dict,

    )

    DEFAULT_CLONE_URI = '{scheme}://{user}@{netloc}/{repo}'

    DEFAULT_CLONE_SSH = 'ssh://{system_user}@{hostname}/{repo}'

    STATE_CREATED = 'repo_state_created'

    STATE_PENDING = 'repo_state_pending'

    STATE_ERROR = 'repo_state_error'

    repo_id = Column(Integer(), primary_key=True)

    repo_name = Column(Unicode(255), nullable=False, unique=True)

    repo_state = Column(String(255), nullable=False)

    clone_uri = Column(String(255), nullable=True) # FIXME: not nullable?

    repo_type = Column(String(255), nullable=False) # 'hg' or 'git'

    owner_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)

    private = Column(Boolean(), nullable=False)

    enable_statistics = Column("statistics", Boolean(), nullable=False, default=True)

    enable_downloads = Column("downloads", Boolean(), nullable=False, default=True)

    description = Column(Unicode(10000), nullable=False)

    created_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    updated_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    _landing_revision = Column("landing_revision", String(255), nullable=False)

    _changeset_cache = Column("changeset_cache", LargeBinary(), nullable=True) # JSON data # FIXME: not nullable?

    fork_id = Column(Integer(), ForeignKey('repositories.repo_id'), nullable=True)

    group_id = Column(Integer(), ForeignKey('groups.group_id'), nullable=True)

    owner = relationship('User')

    fork = relationship('Repository', remote_side=repo_id)

    group = relationship('RepoGroup')

    repo_to_perm = relationship('UserRepoToPerm', cascade='all', order_by='UserRepoToPerm.repo_to_perm_id')

    users_group_to_perm = relationship('UserGroupRepoToPerm', cascade='all')

    stats = relationship('Statistics', cascade='all', uselist=False)

    followers = relationship('UserFollowing',

                             primaryjoin='UserFollowing.follows_repository_id==Repository.repo_id',

                             cascade='all')

    extra_fields = relationship('RepositoryField',

                                cascade="all, delete-orphan")

    logs = relationship('UserLog')

    comments = relationship('ChangesetComment', cascade="all, delete-orphan")

    pull_requests_org = relationship('PullRequest',

                    primaryjoin='PullRequest.org_repo_id==Repository.repo_id',

                    cascade="all, delete-orphan")

    pull_requests_other = relationship('PullRequest',

                    primaryjoin='PullRequest.other_repo_id==Repository.repo_id',

                    cascade="all, delete-orphan")

    def __repr__(self):

        return "<%s %s: %r>" % (self.__class__.__name__,

                                  self.repo_id, self.repo_name)

    @hybrid_property

    def landing_rev(self):

        # always should return [rev_type, rev]

        if self._landing_revision:

            _rev_info = self._landing_revision.split(':')

            if len(_rev_info) < 2:

                _rev_info.insert(0, 'rev')

            return [_rev_info[0], _rev_info[1]]

        return [None, None]

    @landing_rev.setter

    def landing_rev(self, val):

        if ':' not in val:

            raise ValueError('value must be delimited with `:` and consist '

                             'of <rev_type>:<rev>, got %s instead' % val)

        self._landing_revision = val

    @hybrid_property

    def changeset_cache(self):

        try:

            cs_cache = ext_json.loads(self._changeset_cache) # might raise on bad data

            cs_cache['raw_id'] # verify data, raise exception on error

            return cs_cache

        except (TypeError, KeyError, ValueError):

            return EmptyChangeset().__json__()

    @changeset_cache.setter

    def changeset_cache(self, val):

        try:

            self._changeset_cache = ascii_bytes(ext_json.dumps(val))

        except Exception:

            log.error(traceback.format_exc())

    @classmethod

    def query(cls, sorted=False):

        """Add Repository-specific helpers for common query constructs.

        sorted: if True, apply the default ordering (name, case insensitive).

        """

        q = super(Repository, cls).query()

        if sorted:

            q = q.order_by(sqlalchemy.func.lower(Repository.repo_name))

        return q

    @classmethod

    def normalize_repo_name(cls, repo_name):

        """

        Normalizes os specific repo_name to the format internally stored inside

        database using URL_SEP

        :param cls:

        :param repo_name:

        """

        return kallithea.URL_SEP.join(repo_name.split(os.sep))

    @classmethod

    def guess_instance(cls, value):

        return super(Repository, cls).guess_instance(value, Repository.get_by_repo_name)

    @classmethod

    def get_by_repo_name(cls, repo_name, case_insensitive=False):

        """Get the repo, defaulting to database case sensitivity.

        case_insensitive will be slower and should only be specified if necessary."""

        if case_insensitive:

            q = meta.Session().query(cls).filter(sqlalchemy.func.lower(cls.repo_name) == sqlalchemy.func.lower(repo_name))

        else:

            q = meta.Session().query(cls).filter(cls.repo_name == repo_name)

        q = q.options(joinedload(Repository.fork)) \

                .options(joinedload(Repository.owner)) \

                .options(joinedload(Repository.group))

        return q.scalar()

    @classmethod

    def get_by_full_path(cls, repo_full_path):

        base_full_path = os.path.realpath(kallithea.CONFIG['base_path'])

        repo_full_path = os.path.realpath(repo_full_path)

        assert repo_full_path.startswith(base_full_path + os.path.sep)

        repo_name = repo_full_path[len(base_full_path) + 1:]

        repo_name = cls.normalize_repo_name(repo_name)

        return cls.get_by_repo_name(repo_name.strip(kallithea.URL_SEP))

    @classmethod

    def get_repo_forks(cls, repo_id):

        return cls.query().filter(Repository.fork_id == repo_id)

    @property

    def forks(self):

        """

        Return forks of this repo

        """

        return Repository.get_repo_forks(self.repo_id)

    @property

    def parent(self):

        """

        Returns fork parent

        """

        return self.fork

    @property

    def just_name(self):

        return self.repo_name.split(kallithea.URL_SEP)[-1]

    @property

    def groups_with_parents(self):

        groups = []

        group = self.group

        while group is not None:

            groups.append(group)

            group = group.parent_group

            assert group not in groups, group # avoid recursion on bad db content

        groups.reverse()

        return groups

    @property

    def repo_full_path(self):

        """

        Returns base full path for the repository - where it actually

        exists on a filesystem.

        """

        p = [kallithea.CONFIG['base_path']]

        # we need to split the name by / since this is how we store the

        # names in the database, but that eventually needs to be converted

        # into a valid system path

        p += self.repo_name.split(kallithea.URL_SEP)

        return os.path.join(*p)

    def get_new_name(self, repo_name):

        """

        returns new full repository name based on assigned group and new new

        :param group_name:

        """

        path_prefix = self.group.full_path_splitted if self.group else []

        return kallithea.URL_SEP.join(path_prefix + [repo_name])

    @classmethod

    def is_valid(cls, repo_name):

        """

        returns True if given repo name is a valid filesystem repository

        :param cls:

        :param repo_name:

        """

        from kallithea.lib.utils import is_valid_repo

        return is_valid_repo(repo_name, kallithea.CONFIG['base_path'])

    def get_api_data(self, with_revision_names=False,

                           with_pullrequests=False):

        """

        Common function for generating repo api data.

        Optionally, also return tags, branches, bookmarks and PRs.

        """

        repo = self

        data = dict(

            repo_id=repo.repo_id,

            repo_name=repo.repo_name,

            repo_type=repo.repo_type,

            clone_uri=repo.clone_uri,

            private=repo.private,

            created_on=repo.created_on,

            description=repo.description,

            landing_rev=repo.landing_rev,

            owner=repo.owner.username,

            fork_of=repo.fork.repo_name if repo.fork else None,

            enable_statistics=repo.enable_statistics,

            enable_downloads=repo.enable_downloads,

            last_changeset=repo.changeset_cache,

        )

        if with_revision_names:

            scm_repo = repo.scm_instance_no_cache()

            data.update(dict(

                tags=scm_repo.tags,

                branches=scm_repo.branches,

                bookmarks=scm_repo.bookmarks,

            ))

        if with_pullrequests:

            data['pull_requests'] = repo.pull_requests_other

        settings = Setting.get_app_settings()

        repository_fields = asbool(settings.get('repository_fields'))

        if repository_fields:

            for f in self.extra_fields:

                data[f.field_key_prefixed] = f.field_value

        return data

    @property

    def last_db_change(self):

        return self.updated_on

    @property

    def clone_uri_hidden(self):

        clone_uri = self.clone_uri

        if clone_uri:

            url_obj = urlobject.URLObject(self.clone_uri)

            if url_obj.password:

                clone_uri = url_obj.with_password('*****')

        return clone_uri

    def clone_url(self, clone_uri_tmpl, with_id=False, username=None):

        if '{repo}' not in clone_uri_tmpl and '_{repoid}' not in clone_uri_tmpl:

            log.error("Configured clone_uri_tmpl %r has no '{repo}' or '_{repoid}' and cannot toggle to use repo id URLs", clone_uri_tmpl)

        elif with_id:

            clone_uri_tmpl = clone_uri_tmpl.replace('{repo}', '_{repoid}')

        else:

            clone_uri_tmpl = clone_uri_tmpl.replace('_{repoid}', '{repo}')

        prefix_url = webutils.canonical_url('home')

        return get_clone_url(clone_uri_tmpl=clone_uri_tmpl,

                             prefix_url=prefix_url,

                             repo_name=self.repo_name,

                             repo_id=self.repo_id,

                             username=username)

    def set_state(self, state):

        self.repo_state = state

    #==========================================================================

    # SCM PROPERTIES

    #==========================================================================

    def get_changeset(self, rev=None):

        return get_changeset_safe(self.scm_instance, rev)

    def get_landing_changeset(self):

        """

        Returns landing changeset, or if that doesn't exist returns the tip

        """

        _rev_type, _rev = self.landing_rev

        cs = self.get_changeset(_rev)

        if isinstance(cs, EmptyChangeset):

            return self.get_changeset()

        return cs

    def update_changeset_cache(self, cs_cache=None):

        """

        Update cache of last changeset for repository, keys should be::

            short_id

            raw_id

            revision

            message

            date

            author

        :param cs_cache:

        """

        if cs_cache is None:

            cs_cache = EmptyChangeset()

            # use no-cache version here

            scm_repo = self.scm_instance_no_cache()

            if scm_repo:

                cs_cache = scm_repo.get_changeset()

        if isinstance(cs_cache, BaseChangeset):

            cs_cache = cs_cache.__json__()

        if (not self.changeset_cache or cs_cache['raw_id'] != self.changeset_cache['raw_id']):

            _default = datetime.datetime.fromtimestamp(0)

            last_change = cs_cache.get('date') or _default

            log.debug('updated repo %s with new cs cache %s',

                      self.repo_name, cs_cache)

            self.updated_on = last_change

            self.changeset_cache = cs_cache

            meta.Session().commit()

        else:

            log.debug('changeset_cache for %s already up to date with %s',

                      self.repo_name, cs_cache['raw_id'])

    @property

    def tip(self):

        return self.get_changeset('tip')

    @property

    def author(self):

        return self.tip.author

    @property

    def last_change(self):

        return self.scm_instance.last_change

    def get_comments(self, revisions=None):

        """

        Returns comments for this repository grouped by revisions

        :param revisions: filter query by revisions only

        """

        cmts = ChangesetComment.query() \

            .filter(ChangesetComment.repo == self)

        if revisions is not None:

            if not revisions:

                return {} # don't use sql 'in' on empty set

            cmts = cmts.filter(ChangesetComment.revision.in_(revisions))

        grouped = collections.defaultdict(list)

        for cmt in cmts.all():

            grouped[cmt.revision].append(cmt)

        return grouped

    def statuses(self, revisions):

        """

        Returns statuses for this repository.

        PRs without any votes do _not_ show up as unreviewed.

        :param revisions: list of revisions to get statuses for

        """

        if not revisions:

            return {}

        statuses = ChangesetStatus.query() \

            .filter(ChangesetStatus.repo == self) \

            .filter(ChangesetStatus.version == 0) \

            .filter(ChangesetStatus.revision.in_(revisions))

        grouped = {}

        for stat in statuses.all():

            pr_id = pr_nice_id = pr_repo = None

            if stat.pull_request:

                pr_id = stat.pull_request.pull_request_id

                pr_nice_id = PullRequest.make_nice_id(pr_id)

                pr_repo = stat.pull_request.other_repo.repo_name

            grouped[stat.revision] = [str(stat.status), stat.status_lbl,

                                      pr_id, pr_repo, pr_nice_id,

                                      stat.author]

        return grouped

    def _repo_size(self):

        log.debug('calculating repository size...')

        return webutils.format_byte_size(self.scm_instance.size)

    #==========================================================================

    # SCM CACHE INSTANCE

    #==========================================================================

    def set_invalidate(self):

        """

        Flush SA session caches of instances of on disk repo.

        """

        try:

            del self._scm_instance

        except AttributeError:

            pass

    _scm_instance = None  # caching inside lifetime of SA session

    @property

    def scm_instance(self):

        if self._scm_instance is None:

            return self.scm_instance_no_cache()  # will populate self._scm_instance

        return self._scm_instance

    def scm_instance_no_cache(self):

        repo_full_path = self.repo_full_path

        log.debug('Creating instance of repository at %s', repo_full_path)

        return self._scm_instance

    def __json__(self):

        return dict(

            repo_id=self.repo_id,

            repo_name=self.repo_name,

            landing_rev=self.landing_rev,

        )

class RepoGroup(meta.Base, BaseDbModel):

    __tablename__ = 'groups'

    __table_args__ = (

        _table_args_default_dict,

    )

    SEP = ' » '

    group_id = Column(Integer(), primary_key=True)

    group_name = Column(Unicode(255), nullable=False, unique=True) # full path

    parent_group_id = Column('group_parent_id', Integer(), ForeignKey('groups.group_id'), nullable=True)

    group_description = Column(Unicode(10000), nullable=False)

    owner_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)

    created_on = Column(DateTime(timezone=False), nullable=False, default=datetime.datetime.now)

    repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')

    users_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')

    parent_group = relationship('RepoGroup', remote_side=group_id)

    owner = relationship('User')

    @classmethod

    def query(cls, sorted=False):

        """Add RepoGroup-specific helpers for common query constructs.

        sorted: if True, apply the default ordering (name, case insensitive).

        """

        q = super(RepoGroup, cls).query()

        if sorted:

            q = q.order_by(sqlalchemy.func.lower(RepoGroup.group_name))

        return q

    def __init__(self, group_name='', parent_group=None):

        self.group_name = group_name

        self.parent_group = parent_group

    def __repr__(self):

        return "<%s %s: %s>" % (self.__class__.__name__,

                                self.group_id, self.group_name)

    @classmethod

    def _generate_choice(cls, repo_group):

        """Return tuple with group_id and name as html literal"""

        if repo_group is None:

            return (-1, '-- %s --' % _('top level'))

        return repo_group.group_id, webutils.literal(cls.SEP.join(webutils.html_escape(x) for x in repo_group.full_path_splitted))

    @classmethod

    def groups_choices(cls, groups):

        """Return tuples with group_id and name as html literal."""

        return sorted((cls._generate_choice(g) for g in groups),

                      key=lambda c: c[1].split(cls.SEP))

    @classmethod

    def guess_instance(cls, value):

        return super(RepoGroup, cls).guess_instance(value, RepoGroup.get_by_group_name)

    @classmethod

    def get_by_group_name(cls, group_name, case_insensitive=False):

        group_name = group_name.rstrip('/')

        if case_insensitive:

            gr = cls.query() \

                .filter(sqlalchemy.func.lower(cls.group_name) == sqlalchemy.func.lower(group_name))

        else:

            gr = cls.query() \

                .filter(cls.group_name == group_name)

        return gr.scalar()

    @property

    def parents(self):

        groups = []

        group = self.parent_group

        while group is not None:

            groups.append(group)

            group = group.parent_group

            assert group not in groups, group # avoid recursion on bad db content

        groups.reverse()

        return groups

    @property

    def children(self):

        return RepoGroup.query().filter(RepoGroup.parent_group == self)

    @property

    def name(self):

        return self.group_name.split(kallithea.URL_SEP)[-1]

    @property

    def full_path(self):

        return self.group_name

    @property

    def full_path_splitted(self):

        return self.group_name.split(kallithea.URL_SEP)

    @property

    def repositories(self):

        return Repository.query(sorted=True).filter_by(group=self)

    @property

    def repositories_recursive_count(self):

        cnt = self.repositories.count()

        def children_count(group):

            cnt = 0

            for child in group.children:

                cnt += child.repositories.count()

                cnt += children_count(child)

            return cnt

        return cnt + children_count(self)

    def _recursive_objects(self, include_repos=True):

        all_ = []

        def _get_members(root_gr):

            if include_repos:

                for r in root_gr.repositories:

                    all_.append(r)

            childs = root_gr.children.all()

            if childs:

                for gr in childs:

                    all_.append(gr)

                    _get_members(gr)

        _get_members(self)

        return [self] + all_

    def recursive_groups_and_repos(self):

        """

        Recursive return all groups, with repositories in those groups

        """

        return self._recursive_objects()

    def recursive_groups(self):

        """

        Returns all children groups for this group including children of children

        """

        return self._recursive_objects(include_repos=False)

    def get_new_name(self, group_name):

        """

        returns new full group name based on parent and new name

        :param group_name:

        """

        path_prefix = (self.parent_group.full_path_splitted if

                       self.parent_group else [])

        return kallithea.URL_SEP.join(path_prefix + [group_name])

    def get_api_data(self):

        """

        Common function for generating api data

        """

        group = self

        data = dict(

            group_id=group.group_id,

            group_name=group.group_name,

            group_description=group.group_description,

            parent_group=group.parent_group.group_name if group.parent_group else None,

            repositories=[x.repo_name for x in group.repositories],

            owner=group.owner.username

        )

        return data

class Permission(meta.Base, BaseDbModel):

    __tablename__ = 'permissions'

    __table_args__ = (

        Index('p_perm_name_idx', 'permission_name'),

        _table_args_default_dict,

    )

    PERMS = (

        ('hg.admin', _('Kallithea Administrator')),

        ('repository.none', _('Default user has no access to new repositories')),

        ('repository.read', _('Default user has read access to new repositories')),

        ('repository.write', _('Default user has write access to new repositories')),

        ('repository.admin', _('Default user has admin access to new repositories')),

        ('group.none', _('Default user has no access to new repository groups')),

        ('group.read', _('Default user has read access to new repository groups')),

        ('group.write', _('Default user has write access to new repository groups')),

        ('group.admin', _('Default user has admin access to new repository groups')),

        ('usergroup.none', _('Default user has no access to new user groups')),

        ('usergroup.read', _('Default user has read access to new user groups')),

        ('usergroup.write', _('Default user has write access to new user groups')),

        ('usergroup.admin', _('Default user has admin access to new user groups')),

        ('hg.usergroup.create.false', _('Only admins can create user groups')),

        ('hg.usergroup.create.true', _('Non-admins can create user groups')),

        ('hg.create.none', _('Only admins can create top level repositories')),

        ('hg.create.repository', _('Non-admins can create top level repositories')),

        ('hg.fork.none', _('Only admins can fork repositories')),

        ('hg.fork.repository', _('Non-admins can fork repositories')),

        ('hg.register.none', _('Registration disabled')),

        ('hg.register.manual_activate', _('User registration with manual account activation')),

        ('hg.register.auto_activate', _('User registration with automatic account activation')),

        ('hg.extern_activate.manual', _('Manual activation of external account')),

        ('hg.extern_activate.auto', _('Automatic activation of external account')),

    )

    # definition of system default permissions for DEFAULT user

    DEFAULT_USER_PERMISSIONS = (

        'repository.read',

        'group.read',

        'usergroup.read',

        'hg.create.repository',

        'hg.fork.repository',

        'hg.register.manual_activate',

        'hg.extern_activate.auto',

    )

    # defines which permissions are more important higher the more important

    # Weight defines which permissions are more important.

    # The higher number the more important.

    PERM_WEIGHTS = {

        'repository.none': 0,

        'repository.read': 1,

        'repository.write': 3,

        'repository.admin': 4,

        'group.none': 0,

        'group.read': 1,

        'group.write': 3,

        'group.admin': 4,

        'usergroup.none': 0,

        'usergroup.read': 1,

        'usergroup.write': 3,

        'usergroup.admin': 4,

        'hg.usergroup.create.false': 0,

        'hg.usergroup.create.true': 1,

        'hg.fork.none': 0,

        'hg.fork.repository': 1,

        'hg.create.none': 0,

        'hg.create.repository': 1,

        'hg.register.none': 0,

        'hg.register.manual_activate': 1,

        'hg.register.auto_activate': 2,