This file was forked by the Kallithea project in July 2014.

Original author and date, and relevant copyright and licensing information is below:

:created_on: Apr 30, 2012

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

from sqlalchemy.orm import joinedload

log = logging.getLogger(__name__)

class ChangesetStatusModel(object):

    def _get_status_query(self, repo, revision, pull_request,

                          with_revisions=False):

        repo = Repository.guess_instance(repo)

        q = ChangesetStatus.query() \

        new_statuses = []

        for rev in revisions:

            new_status = ChangesetStatus()

            new_status.version = 0 # default

            new_status.author = User.guess_instance(user)

            new_status.repo = Repository.guess_instance(repo)

            new_status.status = status

            new_status.comment = comment

            new_status.revision = rev

            new_status.pull_request = pull_request

            new_statuses.append(new_status)

        return new_statuses

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import os

import random

import shutil

import time

import traceback

from kallithea.lib import ext_json

from kallithea.lib.utils2 import AttributeDict, ascii_bytes, safe_int, time_to_datetime

from kallithea.model.repo import RepoModel

from kallithea.model.scm import ScmModel

log = logging.getLogger(__name__)

GIST_STORE_LOC = '.rc_gist_store'

GIST_METADATA_FILE = '.rc_gist_metadata'

def make_gist_access_id():

    """Generate a random, URL safe, almost certainly unique gist identifier."""

        lifetime = safe_int(lifetime, -1)

        gist_expires = time.time() + (lifetime * 60) if lifetime != -1 else -1

        log.debug('set GIST expiration date to: %s',

                  time_to_datetime(gist_expires)

                   if gist_expires != -1 else 'forever')

        # create the Database version

        gist = Gist()

        gist.gist_description = description

        gist.gist_access_id = gist_access_id

        gist.owner_id = owner.user_id

        gist.gist_expires = gist_expires

        gist.gist_type = gist_type

        if gist_type == Gist.GIST_PUBLIC:

            # use DB ID for easy to use GIST ID

            gist.gist_access_id = str(gist.gist_id)

        log.debug('Creating new %s GIST repo %s', gist_type, gist.gist_access_id)

        repo = RepoModel()._create_filesystem_repo(

            repo_name=gist.gist_access_id, repo_type='hg', repo_group=GIST_STORE_LOC)

        processed_mapping = {}

        for filename in gist_mapping:

            if filename != os.path.basename(filename):

                raise Exception('Filename cannot be inside a directory')

            message=message,

            nodes=processed_mapping,

            trigger_push_hook=False

        )

        self._store_metadata(repo, gist.gist_id, gist.gist_access_id,

                             owner.user_id, gist.gist_type, gist.gist_expires)

        return gist

    def delete(self, gist, fs_remove=True):

        gist = Gist.guess_instance(gist)

        try:

            if fs_remove:

                self.__delete_gist(gist)

            else:

                log.debug('skipping removal from filesystem')

        except Exception:

            log.error(traceback.format_exc())

            raise

    def update(self, gist, description, owner, ip_addr, gist_mapping, gist_type,

               lifetime):

        gist = Gist.guess_instance(gist)

        gist_repo = gist.scm_instance

:author: marcink

:copyright: (c) 2013 RhodeCode GmbH, and others.

:license: GPLv3, see LICENSE.md for more details.

"""

import logging

import traceback

from sqlalchemy.exc import DatabaseError

from kallithea.lib.utils2 import asbool

log = logging.getLogger(__name__)

class PermissionModel(object):

    """

    Permissions model for Kallithea

    """

    def create_permissions(self):

        """

        Create permissions for whole system

        """

        for p in Permission.PERMS:

            if not Permission.get_by_key(p[0]):

                new_perm = Permission()

                new_perm.permission_name = p[0]

    def create_default_permissions(self, user, force=False):

        """

        Create missing default permissions for user. If force is set, the default

        permissions for the user are reset, otherwise only missing permissions are

        created.

        :param user:

        """

        user = User.guess_instance(user)

        def _make_perm(perm):

            new_perm.permission = Permission.get_by_key(perm)

            return new_perm

        def _get_group(perm_name):

            return '.'.join(perm_name.split('.')[:1])

        perms = UserToPerm.query().filter(UserToPerm.user == user).all()

        defined_perms_groups = set(_get_group(x.permission.permission_name) for x in perms)

        log.debug('GOT ALREADY DEFINED:%s', perms)

        if force:

            for perm in perms:

            defined_perms_groups = []

        # For every default permission that needs to be created, we check if

        # its group is already defined. If it's not, we create default permission.

        for perm_name in Permission.DEFAULT_USER_PERMISSIONS:

            gr = _get_group(perm_name)

            if gr not in defined_perms_groups:

                log.debug('GR:%s not found, creating permission %s',

                          gr, perm_name)

                new_perm = _make_perm(perm_name)

    def update(self, form_result):

        perm_user = User.get_by_username(username=form_result['perm_user_name'])

        try:

            # stage 1 set anonymous access

            if perm_user.is_default_user:

                perm_user.active = asbool(form_result['anonymous'])

            # stage 2 reset defaults and set them from form data

            def _make_new(usr, perm_name):

                log.debug('Creating new permission:%s', perm_name)

                new = UserToPerm()

                new.user = usr

                new.permission = Permission.get_by_key(perm_name)

                return new

            # clear current entries, to make this function idempotent

            # it will fix even if we define more permissions or permissions

            # are somehow missing

            u2p = UserToPerm.query() \

                .filter(UserToPerm.user == perm_user) \

                .all()

            for p in u2p:

            # create fresh set of permissions

            for def_perm_key in ['default_repo_perm',

                                 'default_group_perm',

                                 'default_user_group_perm',

                                 'default_repo_create',

                                 'default_user_group_create',

                                 'default_fork',

                                 'default_register',

                                 'default_extern_activate']:

                p = _make_new(perm_user, form_result[def_perm_key])

            # stage 3 update all default permissions for repos if checked

            if form_result['overwrite_default_repo']:

                _def_name = form_result['default_repo_perm'].split('repository.')[-1]

                _def = Permission.get_by_key('repository.' + _def_name)

                # repos

                for r2p in UserRepoToPerm.query() \

                               .filter(UserRepoToPerm.user == perm_user) \

                               .all():

                    # don't reset PRIVATE repositories

                    if not r2p.repository.private:

                               .all():

                    g2p.permission = _def

            if form_result['overwrite_default_user_group']:

                _def_name = form_result['default_user_group_perm'].split('usergroup.')[-1]

                # groups

                _def = Permission.get_by_key('usergroup.' + _def_name)

                for g2p in UserUserGroupToPerm.query() \

                               .filter(UserUserGroupToPerm.user == perm_user) \

                               .all():

                    g2p.permission = _def

        except (DatabaseError,):

            log.error(traceback.format_exc())

            raise

import shutil

import traceback

from datetime import datetime

import kallithea.lib.utils2

from kallithea.lib import helpers as h

from kallithea.lib.auth import HasRepoPermissionLevel, HasUserGroupPermissionLevel

from kallithea.lib.exceptions import AttachedForksError

from kallithea.lib.hooks import log_delete_repository

from kallithea.lib.utils import is_valid_repo_uri, make_ui

from kallithea.lib.utils2 import LazyProperty, get_current_authuser, obfuscate_url_pw, remove_prefix

from kallithea.lib.vcs.backends import get_backend

                                UserGroupRepoToPerm, UserRepoGroupToPerm, UserRepoToPerm)

log = logging.getLogger(__name__)

class RepoModel(object):

    def _create_default_perms(self, repository, private):

        # create default permission

        default = 'repository.read'

        def_user = User.get_default_user()

        for p in def_user.user_perms:

            if p.permission.permission_name.startswith('repository.'):

                default = p.permission.permission_name

                break

        default_perm = 'repository.none' if private else default

        repo_to_perm = UserRepoToPerm()

        repo_to_perm.permission = Permission.get_by_key(default_perm)

        repo_to_perm.repository = repository

        repo_to_perm.user_id = def_user.user_id

        return repo_to_perm

    @LazyProperty

    def repos_path(self):

        """

        Gets the repositories root path from database

        """

        q = Ui.query().filter(Ui.ui_key == '/').one()

        return q.ui_value

                # will raise exception on error

                is_valid_repo_uri(repo_type, clone_uri, make_ui())

            new_repo.clone_uri = clone_uri

            new_repo.landing_rev = landing_rev

            new_repo.enable_statistics = enable_statistics

            new_repo.enable_downloads = enable_downloads

            if fork_of:

                parent_repo = fork_of

                new_repo.fork = parent_repo

            if fork_of and copy_fork_permissions:

                repo = fork_of

                user_perms = UserRepoToPerm.query() \

                    .filter(UserRepoToPerm.repository == repo).all()

                group_perms = UserGroupRepoToPerm.query() \

                    .filter(UserGroupRepoToPerm.repository == repo).all()

                for perm in user_perms:

                    UserRepoToPerm.create(perm.user, new_repo, perm.permission)

                for perm in group_perms:

                for perm in group_perms:

                    perm_name = perm.permission.permission_name.replace('group.', 'repository.')

                    perm_obj = Permission.get_by_key(perm_name)

                    UserGroupRepoToPerm.create(perm.users_group, new_repo, perm_obj)

            else:

                self._create_default_perms(new_repo, private)

            # now automatically start following this repository as owner

            ScmModel().toggle_following_repo(new_repo.repo_id, owner.user_id)

            # we need to flush here, in order to check if database won't

            # throw any exceptions, create filesystem dirs at the very end

            return new_repo

        except Exception:

            log.error(traceback.format_exc())

            raise

    def create(self, form_data, cur_user):

        """

        Create repository using celery tasks

        :param form_data:

        :param cur_user:

        """

        if repo is not None:

            if forks == 'detach':

                for r in repo.forks:

                    r.fork = None

            elif forks == 'delete':

                for r in repo.forks:

                    self.delete(r, forks='delete')

            elif [f for f in repo.forks]:

                raise AttachedForksError()

            old_repo_dict = repo.get_dict()

            try:

                if fs_remove:

                    self._delete_filesystem_repo(repo)

                else:

                    log.debug('skipping removal from filesystem')

                log_delete_repository(old_repo_dict,

                                      deleted_by=cur_user)

            except Exception:

                log.error(traceback.format_exc())

                raise

    def grant_user_permission(self, repo, user, perm):

        """

        user = User.guess_instance(user)

        repo = Repository.guess_instance(repo)

        permission = Permission.guess_instance(perm)

        # check if we have that permission already

        obj = UserRepoToPerm.query() \

            .filter(UserRepoToPerm.user == user) \

            .filter(UserRepoToPerm.repository == repo) \

            .scalar()

        if obj is None:

            # create new !

            obj = UserRepoToPerm()

        obj.repository = repo

        obj.user = user

        obj.permission = permission

        log.debug('Granted perm %s to %s on %s', perm, user, repo)

        return obj

    def revoke_user_permission(self, repo, user):

        """

        Revoke permission for user on given repository

        :param repo: Instance of Repository, repository_id, or repository name

        :param user: Instance of User, user_id or username

        """

        user = User.guess_instance(user)

        repo = Repository.guess_instance(repo)

        obj = UserRepoToPerm.query() \

            .filter(UserRepoToPerm.repository == repo) \

            .filter(UserRepoToPerm.user == user) \

            .scalar()

        if obj is not None:

            log.debug('Revoked perm on %s on %s', repo, user)

    def grant_user_group_permission(self, repo, group_name, perm):

        """

        Grant permission for user group on given repository, or update

        existing one if found

        :param repo: Instance of Repository, repository_id, or repository name

        :param group_name: Instance of UserGroup, users_group_id,

            or user group name

        :param perm: Instance of Permission, or permission_name

        """

        group_name = UserGroup.guess_instance(group_name)

        permission = Permission.guess_instance(perm)

        # check if we have that permission already

        obj = UserGroupRepoToPerm.query() \

            .filter(UserGroupRepoToPerm.users_group == group_name) \

            .filter(UserGroupRepoToPerm.repository == repo) \

            .scalar()

        if obj is None:

            # create new

            obj = UserGroupRepoToPerm()

        obj.repository = repo

        obj.users_group = group_name

        obj.permission = permission

        log.debug('Granted perm %s to %s on %s', perm, group_name, repo)

        return obj

    def revoke_user_group_permission(self, repo, group_name):

        """

        Revoke permission for user group on given repository

        :param repo: Instance of Repository, repository_id, or repository name

        :param group_name: Instance of UserGroup, users_group_id,

            or user group name

        """

        repo = Repository.guess_instance(repo)

        group_name = UserGroup.guess_instance(group_name)

        obj = UserGroupRepoToPerm.query() \

            .filter(UserGroupRepoToPerm.repository == repo) \

            .filter(UserGroupRepoToPerm.users_group == group_name) \

            .scalar()

        if obj is not None:

            log.debug('Revoked perm to %s on %s', repo, group_name)

    def delete_stats(self, repo_name):

        """

        removes stats for given repo

        :param repo_name:

        """

        repo = Repository.guess_instance(repo_name)

        try:

            obj = Statistics.query() \

                .filter(Statistics.repository == repo).scalar()

            if obj is not None:

        except Exception:

            log.error(traceback.format_exc())

            raise

    def _create_filesystem_repo(self, repo_name, repo_type, repo_group,

                                clone_uri=None, repo_store_location=None):

        """

        Makes repository on filesystem. Operation is group aware, meaning that it will create

        a repository within a group, and alter the paths accordingly to the group location.

        Note: clone_uri is low level and not validated - it might be a file system path used for validated cloning

        """

:license: GPLv3, see LICENSE.md for more details.

"""

import datetime

import logging

import os

import shutil

import traceback

import kallithea.lib.utils2

from kallithea.lib.utils2 import LazyProperty

log = logging.getLogger(__name__)

class RepoGroupModel(object):

    @LazyProperty

    def repos_path(self):

        """

        Gets the repositories root path from database

        """

        default_perm = 'group.read'

        def_user = User.get_default_user()

        for p in def_user.user_perms:

            if p.permission.permission_name.startswith('group.'):

                default_perm = p.permission.permission_name

                break

        repo_group_to_perm = UserRepoGroupToPerm()

        repo_group_to_perm.permission = Permission.get_by_key(default_perm)

        repo_group_to_perm.group = new_group

        repo_group_to_perm.user_id = def_user.user_id

        return repo_group_to_perm

    def _create_group(self, group_name):

        """

        makes repository group on filesystem

        :param repo_name:

        :param parent_id:

        """

        create_path = os.path.join(self.repos_path, group_name)

        log.debug('creating new group in %s', create_path)

        try:

            if kallithea.lib.utils2.repo_name_slug(group_name) != group_name:

                raise Exception('invalid repo group name %s' % group_name)

            owner = User.guess_instance(owner)

            parent_group = RepoGroup.guess_instance(parent)

            new_repo_group = RepoGroup()

            new_repo_group.owner = owner

            new_repo_group.group_description = group_description or group_name

            new_repo_group.parent_group = parent_group

            new_repo_group.group_name = new_repo_group.get_new_name(group_name)

            # create an ADMIN permission for owner except if we're super admin,

            # later owner should go into the owner field of groups

            if not owner.is_admin:

                self.grant_user_permission(repo_group=new_repo_group,

                                           user=owner, perm='group.admin')

            if parent_group and copy_permissions:

                # copy permissions from parent

                user_perms = UserRepoGroupToPerm.query() \

                    .filter(UserRepoGroupToPerm.group == parent_group).all()

                    # permission set above

                    if perm.user != owner or owner.is_admin:

                        UserRepoGroupToPerm.create(perm.user, new_repo_group, perm.permission)

                for perm in group_perms:

                    UserGroupRepoGroupToPerm.create(perm.users_group, new_repo_group, perm.permission)

            else:

                self._create_default_perms(new_repo_group)

            if not just_db:

                # we need to flush here, in order to check if database won't

                # throw any exceptions, create filesystem dirs at the very end

                self._create_group(new_repo_group.group_name)

            return new_repo_group

        except Exception:

            log.error(traceback.format_exc())

            raise

    def _update_permissions(self, repo_group, perms_new=None,

                            perms_updates=None, recursive=None,

                            check_perms=True):

        from kallithea.lib.auth import HasUserGroupPermissionLevel

        from kallithea.model.repo import RepoModel

            if 'parent_group_id' in repo_group_args:

                repo_group.parent_group_id = repo_group_args['parent_group_id']

            if 'parent_group_id' in repo_group_args:

                assert repo_group_args['parent_group_id'] != '-1', repo_group_args  # RepoGroupForm should have converted to None

                repo_group.parent_group = RepoGroup.get(repo_group_args['parent_group_id'])

            if 'group_name' in repo_group_args:

                group_name = repo_group_args['group_name']

                if kallithea.lib.utils2.repo_name_slug(group_name) != group_name:

                    raise Exception('invalid repo group name %s' % group_name)

                repo_group.group_name = repo_group.get_new_name(group_name)

            new_path = repo_group.full_path

            # iterate over all members of this groups and do fixes

            # if obj is a repoGroup also fix the name of the group according

            # to the parent

            # if obj is a Repo fix it's name

            # this can be potentially heavy operation

            for obj in repo_group.recursive_groups_and_repos():

                # set the value from it's parent

                if isinstance(obj, RepoGroup):

                    new_name = obj.get_new_name(obj.name)

                    log.debug('Fixing group %s to new name %s'

                                % (obj.group_name, new_name))

                    obj.repo_name = new_name

            self._rename_group(old_path, new_path)

            return repo_group

        except Exception:

            log.error(traceback.format_exc())

            raise

    def delete(self, repo_group, force_delete=False):

        repo_group = RepoGroup.guess_instance(repo_group)

        try:

            self._delete_group(repo_group, force_delete)

        except Exception:

            log.error('Error removing repo_group %s', repo_group)

            raise

    def add_permission(self, repo_group, obj, obj_type, perm, recursive):

        from kallithea.model.repo import RepoModel

        repo_group = RepoGroup.guess_instance(repo_group)

        perm = Permission.guess_instance(perm)

        for el in repo_group.recursive_groups_and_repos():

            # iterated obj is an instance of a repos group or repository in

        repo_group = RepoGroup.guess_instance(repo_group)

        user = User.guess_instance(user)

        permission = Permission.guess_instance(perm)

        # check if we have that permission already

        obj = UserRepoGroupToPerm.query() \

            .filter(UserRepoGroupToPerm.user == user) \

            .filter(UserRepoGroupToPerm.group == repo_group) \

            .scalar()

        if obj is None:

            # create new !

            obj = UserRepoGroupToPerm()

        obj.group = repo_group

        obj.user = user

        obj.permission = permission

        log.debug('Granted perm %s to %s on %s', perm, user, repo_group)

        return obj

    def revoke_user_permission(self, repo_group, user):

        """

        Revoke permission for user on given repository group

        :param repo_group: Instance of RepoGroup, repositories_group_id,

            or repositories_group name

        :param user: Instance of User, user_id or username

        """

        repo_group = RepoGroup.guess_instance(repo_group)

        user = User.guess_instance(user)

        obj = UserRepoGroupToPerm.query() \

            .filter(UserRepoGroupToPerm.user == user) \

            .filter(UserRepoGroupToPerm.group == repo_group) \

            .scalar()

        if obj is not None:

            log.debug('Revoked perm on %s on %s', repo_group, user)

    def grant_user_group_permission(self, repo_group, group_name, perm):

        """

        Grant permission for user group on given repository group, or update

        existing one if found

        :param repo_group: Instance of RepoGroup, repositories_group_id,

            or repositories_group name

        :param group_name: Instance of UserGroup, users_group_id,

            or user group name

        :param perm: Instance of Permission, or permission_name

        group_name = UserGroup.guess_instance(group_name)

        permission = Permission.guess_instance(perm)

        # check if we have that permission already

        obj = UserGroupRepoGroupToPerm.query() \

            .filter(UserGroupRepoGroupToPerm.group == repo_group) \

            .filter(UserGroupRepoGroupToPerm.users_group == group_name) \

            .scalar()

        if obj is None:

            # create new

            obj = UserGroupRepoGroupToPerm()

        obj.group = repo_group

        obj.users_group = group_name

        obj.permission = permission

        log.debug('Granted perm %s to %s on %s', perm, group_name, repo_group)

        return obj

    def revoke_user_group_permission(self, repo_group, group_name):

        """

        Revoke permission for user group on given repository group

        :param repo_group: Instance of RepoGroup, repositories_group_id,

            or repositories_group name

        :param group_name: Instance of UserGroup, users_group_id,

            or user group name

        """

        repo_group = RepoGroup.guess_instance(repo_group)

        group_name = UserGroup.guess_instance(group_name)

        obj = UserGroupRepoGroupToPerm.query() \

            .filter(UserGroupRepoGroupToPerm.group == repo_group) \

            .filter(UserGroupRepoGroupToPerm.users_group == group_name) \

            .scalar()

        if obj is not None:

            log.debug('Revoked perm to %s on %s', repo_group, group_name)

import kallithea

from kallithea.lib.auth import HasPermissionAny, HasRepoGroupPermissionLevel, HasRepoPermissionLevel, HasUserGroupPermissionLevel

from kallithea.lib.exceptions import IMCCommitError, NonRelativePathError

from kallithea.lib.hooks import process_pushed_raw_ids

from kallithea.lib.utils import action_logger, get_filesystem_repos, make_ui

from kallithea.lib.utils2 import safe_bytes, set_hook_environment

from kallithea.lib.vcs import get_backend

from kallithea.lib.vcs.backends.base import EmptyChangeset

from kallithea.lib.vcs.exceptions import RepositoryError

from kallithea.lib.vcs.nodes import FileNode

from kallithea.lib.vcs.utils.lazy import LazyProperty

log = logging.getLogger(__name__)

class UserTemp(object):

    def __init__(self, user_id):

        self.user_id = user_id

    def __repr__(self):

        return "<%s('id:%s')>" % (self.__class__.__name__, self.user_id)

        if repo is not None:

            repo.set_invalidate()

            repo.update_changeset_cache()

    def toggle_following_repo(self, follow_repo_id, user_id):

        f = UserFollowing.query() \

            .filter(UserFollowing.follows_repository_id == follow_repo_id) \

            .filter(UserFollowing.user_id == user_id).scalar()

        if f is not None:

            try:

                action_logger(UserTemp(user_id),

                              'stopped_following_repo',

                              RepoTemp(follow_repo_id))

                return

            except Exception:

                log.error(traceback.format_exc())

                raise

        try:

            f = UserFollowing()

            f.user_id = user_id

            f.follows_repository_id = follow_repo_id

            action_logger(UserTemp(user_id),

                          'started_following_repo',

                          RepoTemp(follow_repo_id))

        except Exception:

            log.error(traceback.format_exc())

            raise

    def toggle_following_user(self, follow_user_id, user_id):

        f = UserFollowing.query() \

            .filter(UserFollowing.follows_user_id == follow_user_id) \

            .filter(UserFollowing.user_id == user_id).scalar()

        if f is not None:

            try:

                return

            except Exception:

                log.error(traceback.format_exc())

                raise