# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.controllers.admin.repo_groups

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Repository groups controller for Kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Mar 23, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import traceback

import formencode

from formencode import htmlfill

from tg import app_globals, request

from tg import tmpl_context as c

from tg.i18n import ugettext as _

from tg.i18n import ungettext

from webob.exc import HTTPForbidden, HTTPFound, HTTPInternalServerError, HTTPNotFound

from kallithea.config.routing import url

from kallithea.lib import helpers as h

from kallithea.lib.auth import HasPermissionAny, HasRepoGroupPermissionLevel, HasRepoGroupPermissionLevelDecorator, LoginRequired

from kallithea.lib.base import BaseController, render

from kallithea.lib.utils2 import safe_int

from kallithea.model.db import RepoGroup, Repository

from kallithea.model.forms import RepoGroupForm, RepoGroupPermsForm

from kallithea.model.meta import Session

from kallithea.model.repo import RepoModel

from kallithea.model.repo_group import RepoGroupModel

from kallithea.model.scm import AvailableRepoGroupChoices, RepoGroupList

log = logging.getLogger(__name__)

class RepoGroupsController(BaseController):

    @LoginRequired(allow_default_user=True)

    def _before(self, *args, **kwargs):

        super(RepoGroupsController, self)._before(*args, **kwargs)

    def __load_defaults(self, extras=(), exclude=()):

        """extras is used for keeping current parent ignoring permissions

        exclude is used for not moving group to itself TODO: also exclude descendants

        Note: only admin can create top level groups

        """

        repo_groups = AvailableRepoGroupChoices([], 'admin', extras)

        exclude_group_ids = set(rg.group_id for rg in exclude)

        c.repo_groups = [rg for rg in repo_groups

                         if rg[0] not in exclude_group_ids]

    def __load_data(self, group_id):

        """

        Load defaults settings for edit, and update

        :param group_id:

        """

        repo_group = RepoGroup.get_or_404(group_id)

        data = repo_group.get_dict()

        data['group_name'] = repo_group.name

        # fill repository group users

        for p in repo_group.repo_group_to_perm:

            data.update({'u_perm_%s' % p.user.username:

                             p.permission.permission_name})

        # fill repository group groups

        for p in repo_group.users_group_to_perm:

            data.update({'g_perm_%s' % p.users_group.users_group_name:

                             p.permission.permission_name})

        return data

    def _revoke_perms_on_yourself(self, form_result):

        _up = [u for u in form_result['perms_updates'] if request.authuser.username == u[0]]

        _new = [u for u in form_result['perms_new'] if request.authuser.username == u[0]]

        if _new and _new[0][1] != 'group.admin' or _up and _up[0][1] != 'group.admin':

            return True

        return False

    def index(self, format='html'):

        _list = RepoGroup.query(sorted=True).all()

        group_iter = RepoGroupList(_list, perm_level='admin')

        repo_groups_data = []

        _tmpl_lookup = app_globals.mako_lookup

        template = _tmpl_lookup.get_template('data_table/_dt_elements.html')

        def repo_group_name(repo_group_name, children_groups):

            return template.get_def("repo_group_name") \

                .render_unicode(repo_group_name, children_groups, _=_, h=h, c=c)

        def repo_group_actions(repo_group_id, repo_group_name, gr_count):

            return template.get_def("repo_group_actions") \

                .render_unicode(repo_group_id, repo_group_name, gr_count, _=_, h=h, c=c,

                        ungettext=ungettext)

        for repo_gr in group_iter:

            children_groups = [g.name for g in repo_gr.parents] + [repo_gr.name]

            repo_count = repo_gr.repositories.count()

            repo_groups_data.append({

                "group_name": repo_group_name(repo_gr.group_name, children_groups),

                "desc": h.escape(repo_gr.group_description),

                "repos": repo_count,

                "owner": h.person(repo_gr.owner),

                "action": repo_group_actions(repo_gr.group_id, repo_gr.group_name,

                                             repo_count)

            })

        c.data = {

            "sort": None,

            "dir": "asc",

            "records": repo_groups_data

        }

        return render('admin/repo_groups/repo_groups.html')

    def create(self):

        self.__load_defaults()

        # permissions for can create group based on parent_id are checked

        # here in the Form

        repo_group_form = RepoGroupForm(repo_groups=c.repo_groups)

        form_result = None

        try:

            form_result = repo_group_form.to_python(dict(request.POST))

            gr = RepoGroupModel().create(

                group_name=form_result['group_name'],

                group_description=form_result['group_description'],

                parent=form_result['parent_group_id'],

                owner=request.authuser.user_id, # TODO: make editable

                copy_permissions=form_result['group_copy_permissions']

            )

            Session().commit()

            # TODO: in future action_logger(, '', '', '')

        except formencode.Invalid as errors:

            return htmlfill.render(

                render('admin/repo_groups/repo_group_add.html'),

                defaults=errors.value,

                errors=errors.error_dict or {},

                prefix_error=False,

                encoding="UTF-8",

                force_defaults=False)

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('Error occurred during creation of repository group %s')

                    % request.POST.get('group_name'), category='error')

            if form_result is None:

                raise

            parent_group_id = form_result['parent_group_id']

            # TODO: maybe we should get back to the main view, not the admin one

            raise HTTPFound(location=url('repos_groups', parent_group=parent_group_id))

        h.flash(_('Created repository group %s') % gr.group_name,

                category='success')

        raise HTTPFound(location=url('repos_group_home', group_name=gr.group_name))

    def new(self):

        if HasPermissionAny('hg.admin')('group create'):

            # we're global admin, we're ok and we can create TOP level groups

            pass

        else:

            # we pass in parent group into creation form, thus we know

            # what would be the group, we can check perms here !

            group_id = safe_int(request.GET.get('parent_group'))

            group = RepoGroup.get(group_id) if group_id else None

            group_name = group.group_name if group else None

            if HasRepoGroupPermissionLevel('admin')(group_name, 'group create'):

                pass

            else:

                raise HTTPForbidden()

        self.__load_defaults()

        return render('admin/repo_groups/repo_group_add.html')

    @HasRepoGroupPermissionLevelDecorator('admin')

    def update(self, group_name):

        c.repo_group = RepoGroup.guess_instance(group_name)

        self.__load_defaults(extras=[c.repo_group.parent_group],

                             exclude=[c.repo_group])

        # TODO: kill allow_empty_group - it is only used for redundant form validation!

        if HasPermissionAny('hg.admin')('group edit'):

            # we're global admin, we're ok and we can create TOP level groups

            allow_empty_group = True

        elif not c.repo_group.parent_group:

            allow_empty_group = True

        else:

            allow_empty_group = False

        repo_group_form = RepoGroupForm(

            edit=True,

            old_data=c.repo_group.get_dict(),

            repo_groups=c.repo_groups,

            can_create_in_root=allow_empty_group,

        )()

        try:

            form_result = repo_group_form.to_python(dict(request.POST))

            new_gr = RepoGroupModel().update(group_name, form_result)

            Session().commit()

            h.flash(_('Updated repository group %s')

                    % form_result['group_name'], category='success')

            # we now have new name !

            group_name = new_gr.group_name

            # TODO: in future action_logger(, '', '', '')

        except formencode.Invalid as errors:

            c.active = 'settings'

            return htmlfill.render(

                render('admin/repo_groups/repo_group_edit.html'),

                defaults=errors.value,

                errors=errors.error_dict or {},

                prefix_error=False,

                encoding="UTF-8",

                force_defaults=False)

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('Error occurred during update of repository group %s')

                    % request.POST.get('group_name'), category='error')

        raise HTTPFound(location=url('edit_repo_group', group_name=group_name))

    @HasRepoGroupPermissionLevelDecorator('admin')

    def delete(self, group_name):

        gr = c.repo_group = RepoGroup.guess_instance(group_name)

        repos = gr.repositories.all()

        if repos:

            h.flash(_('This group contains %s repositories and cannot be '

                      'deleted') % len(repos), category='warning')

            raise HTTPFound(location=url('repos_groups'))

        children = gr.children.all()

        if children:

            h.flash(_('This group contains %s subgroups and cannot be deleted'

                      % (len(children))), category='warning')

            raise HTTPFound(location=url('repos_groups'))

        try:

            RepoGroupModel().delete(group_name)

            Session().commit()

            h.flash(_('Removed repository group %s') % group_name,

                    category='success')

            # TODO: in future action_logger(, '', '', '')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('Error occurred during deletion of repository group %s')

                    % group_name, category='error')

        if gr.parent_group:

            raise HTTPFound(location=url('repos_group_home', group_name=gr.parent_group.group_name))

        raise HTTPFound(location=url('repos_groups'))

    def show_by_name(self, group_name):

        """

        This is a proxy that does a lookup group_name -> id, and shows

        the group by id view instead

        """

        group_name = group_name.rstrip('/')

        id_ = RepoGroup.get_by_group_name(group_name)

        if id_:

            return self.show(group_name)

        raise HTTPNotFound

    @HasRepoGroupPermissionLevelDecorator('read')

    def show(self, group_name):

        c.active = 'settings'

        c.group = c.repo_group = RepoGroup.guess_instance(group_name)

        groups = RepoGroup.query(sorted=True).filter_by(parent_group=c.group).all()

        repo_groups_list = self.scm_model.get_repo_groups(groups)

        repos_list = Repository.query(sorted=True).filter_by(group=c.group).all()

        c.data = RepoModel().get_repos_as_dict(repos_list,

                                               repo_groups_list=repo_groups_list,

                                               short_name=True)

        return render('admin/repo_groups/repo_group_show.html')

    @HasRepoGroupPermissionLevelDecorator('admin')

    def edit(self, group_name):

        c.active = 'settings'

        c.repo_group = RepoGroup.guess_instance(group_name)

        self.__load_defaults(extras=[c.repo_group.parent_group],

                             exclude=[c.repo_group])

        defaults = self.__load_data(c.repo_group.group_id)

        return htmlfill.render(

            render('admin/repo_groups/repo_group_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False

        )

    @HasRepoGroupPermissionLevelDecorator('admin')

    def edit_repo_group_advanced(self, group_name):

        c.active = 'advanced'

        c.repo_group = RepoGroup.guess_instance(group_name)

        return render('admin/repo_groups/repo_group_edit.html')

    @HasRepoGroupPermissionLevelDecorator('admin')

    def edit_repo_group_perms(self, group_name):

        c.active = 'perms'

        c.repo_group = RepoGroup.guess_instance(group_name)

        self.__load_defaults()

        defaults = self.__load_data(c.repo_group.group_id)

        return htmlfill.render(

            render('admin/repo_groups/repo_group_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False

        )

    @HasRepoGroupPermissionLevelDecorator('admin')

    def update_perms(self, group_name):

        """

        Update permissions for given repository group

        :param group_name:

        """

        c.repo_group = RepoGroup.guess_instance(group_name)

        valid_recursive_choices = ['none', 'repos', 'groups', 'all']

        form_result = RepoGroupPermsForm(valid_recursive_choices)().to_python(request.POST)

        if not request.authuser.is_admin:

            if self._revoke_perms_on_yourself(form_result):

                msg = _('Cannot revoke permission for yourself as admin')

                h.flash(msg, category='warning')

                raise HTTPFound(location=url('edit_repo_group_perms', group_name=group_name))

        recursive = form_result['recursive']

        # iterate over all members(if in recursive mode) of this groups and

        # set the permissions !

        # this can be potentially heavy operation

        RepoGroupModel()._update_permissions(c.repo_group,

                                             form_result['perms_new'],

                                             form_result['perms_updates'],

                                             recursive)

        # TODO: implement this

        #action_logger(request.authuser, 'admin_changed_repo_permissions',

        #              repo_name, request.ip_addr)

        Session().commit()

        h.flash(_('Repository group permissions updated'), category='success')

        raise HTTPFound(location=url('edit_repo_group_perms', group_name=group_name))

    @HasRepoGroupPermissionLevelDecorator('admin')

    def delete_perms(self, group_name):

        try:

            obj_type = request.POST.get('obj_type')

            obj_id = None

            if obj_type == 'user':

                obj_id = safe_int(request.POST.get('user_id'))

            elif obj_type == 'user_group':

                obj_id = safe_int(request.POST.get('user_group_id'))

            if not request.authuser.is_admin:

                if obj_type == 'user' and request.authuser.user_id == obj_id:

                    msg = _('Cannot revoke permission for yourself as admin')

                    h.flash(msg, category='warning')

                    raise Exception('revoke admin permission on self')

            recursive = request.POST.get('recursive', 'none')

            if obj_type == 'user':

                RepoGroupModel().delete_permission(repo_group=group_name,

                                                   obj=obj_id, obj_type='user',

                                                   recursive=recursive)

            elif obj_type == 'user_group':

                RepoGroupModel().delete_permission(repo_group=group_name,

                                                   obj=obj_id,

                                                   obj_type='user_group',

                                                   recursive=recursive)

            Session().commit()

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during revoking of permission'),

                    category='error')

            raise HTTPInternalServerError()

# -*- coding: utf-8 -*-

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

"""

kallithea.model.repo

~~~~~~~~~~~~~~~~~~~~

Repository model for kallithea

This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Jun 5, 2010

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import os

import shutil

import traceback

from datetime import datetime

import kallithea.lib.utils2

from kallithea.lib import helpers as h

from kallithea.lib.auth import HasRepoPermissionLevel, HasUserGroupPermissionLevel

from kallithea.lib.exceptions import AttachedForksError

from kallithea.lib.hooks import log_delete_repository

from kallithea.lib.utils import is_valid_repo_uri, make_ui

from kallithea.lib.utils2 import LazyProperty, get_current_authuser, obfuscate_url_pw, remove_prefix

from kallithea.lib.vcs.backends import get_backend

from kallithea.model.db import (URL_SEP, Permission, RepoGroup, Repository, RepositoryField, Session, Statistics, Ui, User, UserGroup, UserGroupRepoGroupToPerm,

                                UserGroupRepoToPerm, UserRepoGroupToPerm, UserRepoToPerm)

log = logging.getLogger(__name__)

class RepoModel(object):

    URL_SEPARATOR = URL_SEP

    def _create_default_perms(self, repository, private):

        # create default permission

        default = 'repository.read'

        def_user = User.get_default_user()

        for p in def_user.user_perms:

            if p.permission.permission_name.startswith('repository.'):

                default = p.permission.permission_name

                break

        default_perm = 'repository.none' if private else default

        repo_to_perm = UserRepoToPerm()

        repo_to_perm.permission = Permission.get_by_key(default_perm)

        repo_to_perm.repository = repository

        repo_to_perm.user_id = def_user.user_id

        Session().add(repo_to_perm)

        return repo_to_perm

    @LazyProperty

    def repos_path(self):

        """

        Gets the repositories root path from database

        """

        q = Ui.query().filter(Ui.ui_key == '/').one()

        return q.ui_value

    def get(self, repo_id):

        repo = Repository.query() \

            .filter(Repository.repo_id == repo_id)

        return repo.scalar()

    def get_repo(self, repository):

        return Repository.guess_instance(repository)

    def get_by_repo_name(self, repo_name):

        repo = Repository.query() \

            .filter(Repository.repo_name == repo_name)

        return repo.scalar()

    def get_all_user_repos(self, user):

        """

        Gets all repositories that user have at least read access

        :param user:

        """

        from kallithea.lib.auth import AuthUser

        auth_user = AuthUser(dbuser=User.guess_instance(user))

        repos = [repo_name

            for repo_name, perm in auth_user.permissions['repositories'].items()

            if perm in ['repository.read', 'repository.write', 'repository.admin']

            ]

        return Repository.query().filter(Repository.repo_name.in_(repos))

    @classmethod

    def _render_datatable(cls, tmpl, *args, **kwargs):

        from tg import tmpl_context as c, request, app_globals

        from tg.i18n import ugettext as _

        _tmpl_lookup = app_globals.mako_lookup

        template = _tmpl_lookup.get_template('data_table/_dt_elements.html')

        tmpl = template.get_def(tmpl)

        kwargs.update(dict(_=_, h=h, c=c, request=request))

        return tmpl.render_unicode(*args, **kwargs)

    def get_repos_as_dict(self, repos_list, repo_groups_list=None,

                          admin=False,

                          short_name=False):

        """Return repository list for use by DataTable.

        repos_list: list of repositories - but will be filtered for read permission.

        repo_groups_list: added at top of list without permission check.

        admin: return data for action column.

        """

        _render = self._render_datatable

        from tg import tmpl_context as c, request

        from kallithea.model.scm import ScmModel

        def repo_lnk(name, rtype, rstate, private, fork_of):

            return _render('repo_name', name, rtype, rstate, private, fork_of,

                           short_name=short_name)

        def following(repo_id, is_following):

            return _render('following', repo_id, is_following)

        def last_change(last_change):

            return _render("last_change", last_change)

        def rss_lnk(repo_name):

            return _render("rss", repo_name)

        def atom_lnk(repo_name):

            return _render("atom", repo_name)

        def last_rev(repo_name, cs_cache):

            return _render('revision', repo_name, cs_cache.get('revision'),

                           cs_cache.get('raw_id'), cs_cache.get('author'),

                           cs_cache.get('message'))

        def desc(desc):

            return h.urlify_text(desc, truncate=80, stylize=c.visual.stylify_metalabels)

        def state(repo_state):

            return _render("repo_state", repo_state)

        def repo_actions(repo_name):

            return _render('repo_actions', repo_name)

        def owner_actions(owner_id, username):

            return _render('user_name', owner_id, username)

        repos_data = []

        for gr in repo_groups_list or []:

            repos_data.append(dict(

                name=_render('group_name_html', group_name=gr.group_name, name=gr.name),

                desc=desc(gr.group_description)))

        for repo in repos_list:

            if not HasRepoPermissionLevel('read')(repo.repo_name, 'get_repos_as_dict check'):

                continue

            cs_cache = repo.changeset_cache

            row = {

                "name": repo_lnk(repo.repo_name, repo.repo_type,

                                 repo.repo_state, repo.private, repo.fork),

                "following": following(

                    repo.repo_id,

                    ScmModel().is_following_repo(repo.repo_name, request.authuser.user_id),

                ),

                "last_change_iso": repo.last_db_change.isoformat(),

                "last_change": last_change(repo.last_db_change),

                "last_changeset": last_rev(repo.repo_name, cs_cache),

                "last_rev_raw": cs_cache.get('revision'),

                "desc": desc(repo.description),

                "owner": h.person(repo.owner),

                "state": state(repo.repo_state),

                "rss": rss_lnk(repo.repo_name),

                "atom": atom_lnk(repo.repo_name),

            }

            if admin:

                row.update({

                    "action": repo_actions(repo.repo_name),

                    "owner": owner_actions(repo.owner_id,

                                           h.person(repo.owner))

                })

            repos_data.append(row)

        return {

            "sort": "name",

            "dir": "asc",

            "records": repos_data

        }

    def _get_defaults(self, repo_name):

        """

        Gets information about repository, and returns a dict for

        usage in forms

        :param repo_name:

        """

        repo_info = Repository.get_by_repo_name(repo_name)

        if repo_info is None:

            return None

        defaults = repo_info.get_dict()

        defaults['repo_name'] = repo_info.just_name

        defaults['repo_group'] = repo_info.group_id

        for strip, k in [(0, 'repo_type'), (1, 'repo_enable_downloads'),

                         (1, 'repo_description'),

                         (1, 'repo_landing_rev'), (0, 'clone_uri'),

                         (1, 'repo_private'), (1, 'repo_enable_statistics')]:

            attr = k

            if strip:

                attr = remove_prefix(k, 'repo_')

            val = defaults[attr]

            if k == 'repo_landing_rev':

                val = ':'.join(defaults[attr])

            defaults[k] = val

            if k == 'clone_uri':

                defaults['clone_uri_hidden'] = repo_info.clone_uri_hidden

        # fill owner

        if repo_info.owner:

            defaults.update({'owner': repo_info.owner.username})

        else:

            replacement_user = User.query().filter(User.admin ==

                                                   True).first().username

            defaults.update({'owner': replacement_user})

        # fill repository users

        for p in repo_info.repo_to_perm:

            defaults.update({'u_perm_%s' % p.user.username:

                                 p.permission.permission_name})

        # fill repository groups

        for p in repo_info.users_group_to_perm:

            defaults.update({'g_perm_%s' % p.users_group.users_group_name:

                                 p.permission.permission_name})

        return defaults

    def update(self, repo, **kwargs):

        try:

            cur_repo = Repository.guess_instance(repo)

            org_repo_name = cur_repo.repo_name

            if 'owner' in kwargs:

                cur_repo.owner = User.get_by_username(kwargs['owner'])

            if 'repo_group' in kwargs:

                assert kwargs['repo_group'] != '-1', kwargs # RepoForm should have converted to None

                cur_repo.group = RepoGroup.get(kwargs['repo_group'])

                cur_repo.repo_name = cur_repo.get_new_name(cur_repo.just_name)

            log.debug('Updating repo %s with params:%s', cur_repo, kwargs)

            for k in ['repo_enable_downloads',

                      'repo_description',

                      'repo_landing_rev',

                      'repo_private',

                      'repo_enable_statistics',

                      ]:

                if k in kwargs:

                    setattr(cur_repo, remove_prefix(k, 'repo_'), kwargs[k])

            clone_uri = kwargs.get('clone_uri')

            if clone_uri is not None and clone_uri != cur_repo.clone_uri_hidden:

                # clone_uri is modified - if given a value, check it is valid

                if clone_uri != '':

                    # will raise exception on error

                    is_valid_repo_uri(cur_repo.repo_type, clone_uri, make_ui())

                cur_repo.clone_uri = clone_uri

            if 'repo_name' in kwargs:

                repo_name = kwargs['repo_name']

                if kallithea.lib.utils2.repo_name_slug(repo_name) != repo_name:

                    raise Exception('invalid repo name %s' % repo_name)

                cur_repo.repo_name = cur_repo.get_new_name(repo_name)

            # if private flag is set, reset default permission to NONE

            if kwargs.get('repo_private'):

                EMPTY_PERM = 'repository.none'

                RepoModel().grant_user_permission(

                    repo=cur_repo, user='default', perm=EMPTY_PERM

                )

                # handle extra fields

            for field in [k for k in kwargs if k.startswith(RepositoryField.PREFIX)]:

                k = RepositoryField.un_prefix_key(field)

                ex_field = RepositoryField.get_by_key_name(key=k, repo=cur_repo)

                if ex_field:

                    ex_field.field_value = kwargs[field]

            if org_repo_name != cur_repo.repo_name:

                # rename repository

                self._rename_filesystem_repo(old=org_repo_name, new=cur_repo.repo_name)

            return cur_repo

        except Exception:

            log.error(traceback.format_exc())

            raise

    def _create_repo(self, repo_name, repo_type, description, owner,

                     private=False, clone_uri=None, repo_group=None,

                     landing_rev='rev:tip', fork_of=None,

                     copy_fork_permissions=False, enable_statistics=False,

                     enable_downloads=False,

                     copy_group_permissions=False, state=Repository.STATE_PENDING):

        """

        Create repository inside database with PENDING state. This should only be

        executed by create() repo, with exception of importing existing repos.

        """

        from kallithea.model.scm import ScmModel

        owner = User.guess_instance(owner)

        fork_of = Repository.guess_instance(fork_of)

        repo_group = RepoGroup.guess_instance(repo_group)

        try:

            repo_name = repo_name

            description = description

            # repo name is just a name of repository

            # while repo_name_full is a full qualified name that is combined

            # with name and path of group

            repo_name_full = repo_name

            repo_name = repo_name.split(URL_SEP)[-1]

            if kallithea.lib.utils2.repo_name_slug(repo_name) != repo_name:

                raise Exception('invalid repo name %s' % repo_name)

            new_repo = Repository()

            new_repo.repo_state = state

            new_repo.enable_statistics = False

            new_repo.repo_name = repo_name_full

            new_repo.repo_type = repo_type

            new_repo.owner = owner

            new_repo.group = repo_group

            new_repo.description = description or repo_name

            new_repo.private = private

            if clone_uri:

                # will raise exception on error

                is_valid_repo_uri(repo_type, clone_uri, make_ui())

            new_repo.clone_uri = clone_uri

            new_repo.landing_rev = landing_rev

            new_repo.enable_statistics = enable_statistics

            new_repo.enable_downloads = enable_downloads

            if fork_of:

                parent_repo = fork_of

                new_repo.fork = parent_repo

            Session().add(new_repo)

            if fork_of and copy_fork_permissions:

                repo = fork_of

                user_perms = UserRepoToPerm.query() \

                    .filter(UserRepoToPerm.repository == repo).all()

                group_perms = UserGroupRepoToPerm.query() \

                    .filter(UserGroupRepoToPerm.repository == repo).all()

                for perm in user_perms:

                    UserRepoToPerm.create(perm.user, new_repo, perm.permission)

                for perm in group_perms:

                    UserGroupRepoToPerm.create(perm.users_group, new_repo,

                                               perm.permission)

            elif repo_group and copy_group_permissions:

                user_perms = UserRepoGroupToPerm.query() \

                    .filter(UserRepoGroupToPerm.group == repo_group).all()

                group_perms = UserGroupRepoGroupToPerm.query() \

                    .filter(UserGroupRepoGroupToPerm.group == repo_group).all()

                for perm in user_perms:

                    perm_name = perm.permission.permission_name.replace('group.', 'repository.')

                    perm_obj = Permission.get_by_key(perm_name)

                    UserRepoToPerm.create(perm.user, new_repo, perm_obj)

                for perm in group_perms:

                    perm_name = perm.permission.permission_name.replace('group.', 'repository.')

                    perm_obj = Permission.get_by_key(perm_name)

                    UserGroupRepoToPerm.create(perm.users_group, new_repo, perm_obj)

            else:

                self._create_default_perms(new_repo, private)

            # now automatically start following this repository as owner

            ScmModel().toggle_following_repo(new_repo.repo_id, owner.user_id)

            # we need to flush here, in order to check if database won't

            # throw any exceptions, create filesystem dirs at the very end

            Session().flush()

            return new_repo

        except Exception:

            log.error(traceback.format_exc())

            raise

    def create(self, form_data, cur_user):

        """

        Create repository using celery tasks

        :param form_data:

        :param cur_user:

        """

        from kallithea.lib.celerylib import tasks

        return tasks.create_repo(form_data, cur_user)

    def _update_permissions(self, repo, perms_new=None, perms_updates=None,

                            check_perms=True):

        if not perms_new:

            perms_new = []

        if not perms_updates:

            perms_updates = []

        # update permissions

        for member, perm, member_type in perms_updates:

            if member_type == 'user':

                # this updates existing one

                self.grant_user_permission(

                    repo=repo, user=member, perm=perm

                )

            else:

                # check if we have permissions to alter this usergroup's access

                if not check_perms or HasUserGroupPermissionLevel('read')(member):

                    self.grant_user_group_permission(

                        repo=repo, group_name=member, perm=perm

                    )

            # set new permissions

        for member, perm, member_type in perms_new:

            if member_type == 'user':

                self.grant_user_permission(

                    repo=repo, user=member, perm=perm

                )

            else:

                # check if we have permissions to alter this usergroup's access

                if not check_perms or HasUserGroupPermissionLevel('read')(member):

                    self.grant_user_group_permission(

                        repo=repo, group_name=member, perm=perm

                    )

    def create_fork(self, form_data, cur_user):

        """

        Simple wrapper into executing celery task for fork creation

        :param form_data:

        :param cur_user:

        """

        from kallithea.lib.celerylib import tasks

        return tasks.create_repo_fork(form_data, cur_user)

    def delete(self, repo, forks=None, fs_remove=True, cur_user=None):

        """